571 lines
No EOL
24 KiB
JSON
571 lines
No EOL
24 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--588dc8e3-8530-4b69-b71c-45ab02de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:16:29.000Z",
|
|
"modified": "2017-01-29T11:16:29.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--588dc8e3-8530-4b69-b71c-45ab02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:16:29.000Z",
|
|
"modified": "2017-01-29T11:16:29.000Z",
|
|
"name": "OSINT - Spotlight on Shamoon",
|
|
"published": "2017-01-29T11:17:08Z",
|
|
"object_refs": [
|
|
"observed-data--588dc908-c720-44cd-ac77-48ba02de0b81",
|
|
"url--588dc908-c720-44cd-ac77-48ba02de0b81",
|
|
"x-misp-attribute--588dc921-8708-4d83-bd8d-427c02de0b81",
|
|
"indicator--588dc968-bb78-4c41-96f1-408b02de0b81",
|
|
"indicator--588dc969-8bdc-486c-9926-418a02de0b81",
|
|
"x-misp-attribute--588dcc50-9730-4404-8bf4-433e02de0b81",
|
|
"indicator--588dcdf5-4d30-4209-a9dc-42da02de0b81",
|
|
"indicator--588dcdf6-29fc-40c5-8cb4-49f602de0b81",
|
|
"indicator--588dcdf7-80bc-40f7-9b7b-4cf802de0b81",
|
|
"indicator--588dcdf7-d8e4-4c84-a739-4a5702de0b81",
|
|
"indicator--588dce3e-8374-40a5-8022-4b9302de0b81",
|
|
"indicator--588dce3f-ac54-47f8-8b58-460b02de0b81",
|
|
"observed-data--588dce40-8284-43bc-9271-480b02de0b81",
|
|
"url--588dce40-8284-43bc-9271-480b02de0b81",
|
|
"indicator--588dce40-69b4-44af-a9c6-4cee02de0b81",
|
|
"indicator--588dce41-08fc-43e9-a174-4f7302de0b81",
|
|
"observed-data--588dce42-8154-46d5-8412-447f02de0b81",
|
|
"url--588dce42-8154-46d5-8412-447f02de0b81",
|
|
"indicator--588dce43-c0f0-4c74-b4ef-4a9702de0b81",
|
|
"indicator--588dce43-d4d8-4cc6-9df0-42af02de0b81",
|
|
"observed-data--588dce44-56e4-463c-af1d-422402de0b81",
|
|
"url--588dce44-56e4-463c-af1d-422402de0b81",
|
|
"x-misp-attribute--588dce8a-7690-4918-9ab5-4b9302de0b81",
|
|
"x-misp-attribute--588dce8b-51a0-4787-85a9-490802de0b81",
|
|
"x-misp-attribute--588dce8c-fc80-44b6-bd92-41b502de0b81",
|
|
"observed-data--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
|
|
"network-traffic--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
|
|
"ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"misp-galaxy:tool=\"Shamoon\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--588dc908-c720-44cd-ac77-48ba02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:16:06.000Z",
|
|
"modified": "2017-01-29T11:16:06.000Z",
|
|
"first_observed": "2017-01-29T11:16:06Z",
|
|
"last_observed": "2017-01-29T11:16:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--588dc908-c720-44cd-ac77-48ba02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"admiralty-scale:source-reliability=\"b\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--588dc908-c720-44cd-ac77-48ba02de0b81",
|
|
"value": "https://securingtomorrow.mcafee.com/mcafee-labs/spotlight-on-shamoon/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--588dc921-8708-4d83-bd8d-427c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T10:51:13.000Z",
|
|
"modified": "2017-01-29T10:51:13.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "All of the initial analysis pointed to Shamoon emerging in the Middle East. There were a number of similarities that we highlighted in our earlier blogs (on McAfee.com). This however was not the end of the story since the campaign continues to target organizations in the Middle East from a variety of verticals. Indeed reports suggested that a further 15 \u00e2\u20ac\u02dcShamoon incidents\u00e2\u20ac\u2122 had been reported from public to private sector."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dc968-bb78-4c41-96f1-408b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T10:52:24.000Z",
|
|
"modified": "2017-01-29T10:52:24.000Z",
|
|
"description": "hash 146a112cb01cd4b8e06d36304f6bdf7b and bf4b07c7b4a4504c4192bd68476d63b5 were connecting to this site",
|
|
"pattern": "[domain-name:value = 'winappupdater.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T10:52:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dc969-8bdc-486c-9926-418a02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T10:52:25.000Z",
|
|
"modified": "2017-01-29T10:52:25.000Z",
|
|
"description": "hash 146a112cb01cd4b8e06d36304f6bdf7b and bf4b07c7b4a4504c4192bd68476d63b5 were connecting to this site",
|
|
"pattern": "[domain-name:value = 'update.winupdater.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T10:52:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--588dcc50-9730-4404-8bf4-433e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:04:48.000Z",
|
|
"modified": "2017-01-29T11:04:48.000Z",
|
|
"labels": [
|
|
"misp:type=\"whois-registrant-email\"",
|
|
"misp:category=\"Attribution\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_comment": "winappupdater.com domain registered on 2016-11-25 by benyamin987@mail.com",
|
|
"x_misp_type": "whois-registrant-email",
|
|
"x_misp_value": "benyamin987@mail.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dcdf5-4d30-4209-a9dc-42da02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:11:49.000Z",
|
|
"modified": "2017-01-29T11:11:49.000Z",
|
|
"pattern": "[file:hashes.MD5 = '146a112cb01cd4b8e06d36304f6bdf7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:11:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dcdf6-29fc-40c5-8cb4-49f602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:11:50.000Z",
|
|
"modified": "2017-01-29T11:11:50.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bf4b07c7b4a4504c4192bd68476d63b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:11:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dcdf7-80bc-40f7-9b7b-4cf802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:11:51.000Z",
|
|
"modified": "2017-01-29T11:11:51.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a96d211795852b6b14e61327bbcc3473']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:11:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dcdf7-d8e4-4c84-a739-4a5702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:11:51.000Z",
|
|
"modified": "2017-01-29T11:11:51.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '1507a4fdf65952dfa439e32480f42ccf1460b96f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:11:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dce3e-8374-40a5-8022-4b9302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:02.000Z",
|
|
"modified": "2017-01-29T11:13:02.000Z",
|
|
"description": "- Xchecked via VT: a96d211795852b6b14e61327bbcc3473",
|
|
"pattern": "[file:hashes.SHA256 = '6b28a43eda5b6f828a65574e3f08a6d00e0acf84cbb94aac5cec5cd448a4649d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:13:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dce3f-ac54-47f8-8b58-460b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:03.000Z",
|
|
"modified": "2017-01-29T11:13:03.000Z",
|
|
"description": "- Xchecked via VT: a96d211795852b6b14e61327bbcc3473",
|
|
"pattern": "[file:hashes.SHA1 = '4c85c5062ece9aec26b6bf6a785ec7e60c824b0b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:13:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--588dce40-8284-43bc-9271-480b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:04.000Z",
|
|
"modified": "2017-01-29T11:13:04.000Z",
|
|
"first_observed": "2017-01-29T11:13:04Z",
|
|
"last_observed": "2017-01-29T11:13:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--588dce40-8284-43bc-9271-480b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--588dce40-8284-43bc-9271-480b02de0b81",
|
|
"value": "https://www.virustotal.com/file/6b28a43eda5b6f828a65574e3f08a6d00e0acf84cbb94aac5cec5cd448a4649d/analysis/1485493393/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dce40-69b4-44af-a9c6-4cee02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:04.000Z",
|
|
"modified": "2017-01-29T11:13:04.000Z",
|
|
"description": "- Xchecked via VT: bf4b07c7b4a4504c4192bd68476d63b5",
|
|
"pattern": "[file:hashes.SHA256 = '7f16824e7ad9ee1ad2debca2a22413cde08f02ee9f0d08d64eb4cb318538be9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:13:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dce41-08fc-43e9-a174-4f7302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:05.000Z",
|
|
"modified": "2017-01-29T11:13:05.000Z",
|
|
"description": "- Xchecked via VT: bf4b07c7b4a4504c4192bd68476d63b5",
|
|
"pattern": "[file:hashes.SHA1 = 'd843a65ad0e3c2f2fd87c30c6cb0f6b66d6355d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:13:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--588dce42-8154-46d5-8412-447f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:06.000Z",
|
|
"modified": "2017-01-29T11:13:06.000Z",
|
|
"first_observed": "2017-01-29T11:13:06Z",
|
|
"last_observed": "2017-01-29T11:13:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--588dce42-8154-46d5-8412-447f02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--588dce42-8154-46d5-8412-447f02de0b81",
|
|
"value": "https://www.virustotal.com/file/7f16824e7ad9ee1ad2debca2a22413cde08f02ee9f0d08d64eb4cb318538be9c/analysis/1485493795/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dce43-c0f0-4c74-b4ef-4a9702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:06.000Z",
|
|
"modified": "2017-01-29T11:13:06.000Z",
|
|
"description": "- Xchecked via VT: 146a112cb01cd4b8e06d36304f6bdf7b",
|
|
"pattern": "[file:hashes.SHA256 = '319a001d09ee9d754e8789116bbb21a3c624c999dae9cf83fde90a3fbe67ee6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:13:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--588dce43-d4d8-4cc6-9df0-42af02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:07.000Z",
|
|
"modified": "2017-01-29T11:13:07.000Z",
|
|
"description": "- Xchecked via VT: 146a112cb01cd4b8e06d36304f6bdf7b",
|
|
"pattern": "[file:hashes.SHA1 = '0e47a027651133ab980dd040d3347d2028ffd32d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-01-29T11:13:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--588dce44-56e4-463c-af1d-422402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:13:08.000Z",
|
|
"modified": "2017-01-29T11:13:08.000Z",
|
|
"first_observed": "2017-01-29T11:13:08Z",
|
|
"last_observed": "2017-01-29T11:13:08Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--588dce44-56e4-463c-af1d-422402de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--588dce44-56e4-463c-af1d-422402de0b81",
|
|
"value": "https://www.virustotal.com/file/319a001d09ee9d754e8789116bbb21a3c624c999dae9cf83fde90a3fbe67ee6c/analysis/1485491896/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--588dce8a-7690-4918-9ab5-4b9302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:14:18.000Z",
|
|
"modified": "2017-01-29T11:14:18.000Z",
|
|
"labels": [
|
|
"misp:type=\"pdb\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Artifacts dropped",
|
|
"x_misp_type": "pdb",
|
|
"x_misp_value": "F:\\Projects\\Bot Fresh\\Release\\Bot Fresh.pdb"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--588dce8b-51a0-4787-85a9-490802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:14:19.000Z",
|
|
"modified": "2017-01-29T11:14:19.000Z",
|
|
"labels": [
|
|
"misp:type=\"pdb\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Artifacts dropped",
|
|
"x_misp_type": "pdb",
|
|
"x_misp_value": "F:\\Projects\\Bot\\Bot\\Release\\Ism.pdb"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--588dce8c-fc80-44b6-bd92-41b502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:14:20.000Z",
|
|
"modified": "2017-01-29T11:14:20.000Z",
|
|
"labels": [
|
|
"misp:type=\"pdb\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
],
|
|
"x_misp_category": "Artifacts dropped",
|
|
"x_misp_type": "pdb",
|
|
"x_misp_value": "G:\\Projects\\Bot\\Bots\\Bot5\\Release\\Ism.pdb"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-01-29T11:16:29.000Z",
|
|
"modified": "2017-01-29T11:16:29.000Z",
|
|
"first_observed": "2017-01-29T11:16:29Z",
|
|
"last_observed": "2017-01-29T11:16:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
|
|
"ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
|
|
"src_ref": "ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--588dcf0d-7bac-4f3c-aae3-40a602de0b81",
|
|
"value": "58.158.177.102"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |