misp-circl-feed/feeds/circl/stix-2.1/590b172d-c8f4-4cdd-88cf-4443950d210f.json

649 lines
No EOL
28 KiB
JSON

{
"type": "bundle",
"id": "bundle--590b172d-c8f4-4cdd-88cf-4443950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:23:07.000Z",
"modified": "2017-05-04T12:23:07.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--590b172d-c8f4-4cdd-88cf-4443950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:23:07.000Z",
"modified": "2017-05-04T12:23:07.000Z",
"name": "OSINT - A Mole exposing itself to sunlight Snake: Coming soon in Mac OS X flavour",
"published": "2017-05-04T12:27:36Z",
"object_refs": [
"x-misp-attribute--590b1743-24d0-48ab-92ea-e282950d210f",
"indicator--590b18c3-9540-41ff-942d-418e950d210f",
"indicator--590b18e3-d598-4f8b-b9a9-6ef6950d210f",
"observed-data--590b18f9-5084-42d9-9442-47b2950d210f",
"url--590b18f9-5084-42d9-9442-47b2950d210f",
"indicator--590b1c30-9a6c-4bca-a653-4b78950d210f",
"indicator--590b1c31-c584-46e0-89f5-410d950d210f",
"indicator--590b1c31-1628-4a48-b9ec-41d4950d210f",
"indicator--590b1c31-b458-4d31-aeef-4c87950d210f",
"indicator--590b1c32-8a78-4f06-8b2b-4182950d210f",
"indicator--590b1c32-e7ec-4f52-b5aa-4fcd950d210f",
"indicator--590b1c33-5974-4719-bfc3-488c950d210f",
"indicator--590b1c33-4714-4c82-a97a-4e3c950d210f",
"indicator--590b1c4e-c6a8-4aeb-a6d5-e28202de0b81",
"indicator--590b1c4e-83b4-4d78-a4b9-e28202de0b81",
"observed-data--590b1c4e-8478-434c-bac9-e28202de0b81",
"url--590b1c4e-8478-434c-bac9-e28202de0b81",
"indicator--590b1c4f-d128-4fb9-8eff-e28202de0b81",
"indicator--590b1c4f-07b0-49f5-9bdd-e28202de0b81",
"observed-data--590b1c50-89b8-41ae-b787-e28202de0b81",
"url--590b1c50-89b8-41ae-b787-e28202de0b81",
"indicator--590b1c50-2940-474f-b5b6-e28202de0b81",
"indicator--590b1c51-7b20-480a-acb0-e28202de0b81",
"observed-data--590b1c51-7cf0-4bf1-9050-e28202de0b81",
"url--590b1c51-7cf0-4bf1-9050-e28202de0b81",
"indicator--590b1c51-1d1c-4e16-bd8d-e28202de0b81",
"indicator--590b1c52-1b0c-4fdb-8799-e28202de0b81",
"observed-data--590b1c52-ef70-4760-86a2-e28202de0b81",
"url--590b1c52-ef70-4760-86a2-e28202de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\"",
"misp-galaxy:tool=\"Turla\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"misp-galaxy:threat-actor=\"APT 29\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--590b1743-24d0-48ab-92ea-e282950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Snake, also known as Turla, Uroburos and Agent.BTZ, is a relatively complex malware framework used for targeted attacks1.\r\n\r\nOver the past year Fox-IT has been involved in multiple incident response cases where the Snake framework was used to steal sensitive information. Targets include government institutions, military and large corporates.\r\n\r\nResearchers who have previously analyzed compromises where Snake was used have attributed the attacks to Russia2. Compared to other prolific attackers with alleged ties to Russia, such as APT28 (Fancy Bear) and APT29 (Cozy Bear), Snake\u00e2\u20ac\u2122s code is significantly more sophisticated, it\u00e2\u20ac\u2122s infrastructure more complex and targets more carefully selected.\r\n\r\nThe framework has traditionally focused on the Windows operating system, but in 2014 the first Linux variant was observed3.\r\n\r\nNow, Fox-IT has identified a version of Snake targeting Mac OS X.\r\nAs this version contains debug functionalities and was signed on February 21st, 2017 it is likely that the OS X version of Snake is not yet operational.\r\nFox-IT expects that the attackers using Snake will soon use the Mac OS X variant on targets."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b18c3-9540-41ff-942d-418e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "Snake's queue file for HTTP network transport",
"pattern": "[domain-name:value = 'car-service.effers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b18e3-d598-4f8b-b9a9-6ef6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "Snake's queue file for HTTP network transport - IP is a VSAT terminal",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.229.87.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--590b18f9-5084-42d9-9442-47b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"first_observed": "2017-05-04T12:19:20Z",
"last_observed": "2017-05-04T12:19:20Z",
"number_observed": 1,
"object_refs": [
"url--590b18f9-5084-42d9-9442-47b2950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--590b18f9-5084-42d9-9442-47b2950d210f",
"value": "https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c30-9a6c-4bca-a653-4b78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "Install Adobe Flash Player.app.z",
"pattern": "[file:hashes.SHA256 = 'b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c31-c584-46e0-89f5-410d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "Install",
"pattern": "[file:hashes.SHA256 = '5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c31-1628-4a48-b9ec-41d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "install.sh",
"pattern": "[file:hashes.SHA256 = '0a77f1b59c829a83d91a12c871fbd30c5c9d04b455f497e0c231cd21104bfea9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c31-b458-4d31-aeef-4c87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "Install Adobe Flash Player",
"pattern": "[file:hashes.SHA256 = '7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c32-8a78-4f06-8b2b-4182950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "Installdp",
"pattern": "[file:hashes.SHA256 = 'd5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c32-e7ec-4f52-b5aa-4fcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "com.adobe.update",
"pattern": "[file:hashes.SHA256 = 'b6df610aa5c1254c3af5b2ff806562c4937704e4ac248577cdcd3e7e7b3578a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c33-5974-4719-bfc3-488c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "installd.sh",
"pattern": "[file:hashes.SHA256 = '6e207a375782e3c9d86a3e426cfa38eddcf4898b3556abc75889f7e01cc49506']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c33-4714-4c82-a97a-4e3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:20.000Z",
"modified": "2017-05-04T12:19:20.000Z",
"description": "queue",
"pattern": "[file:hashes.SHA256 = '92721d719b8085748fb66366d202457f6d38bfa108a2ecda71eee7e68f43a387']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c4e-c6a8-4aeb-a6d5-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:26.000Z",
"modified": "2017-05-04T12:19:26.000Z",
"description": "Installdp - Xchecked via VT: d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2",
"pattern": "[file:hashes.SHA1 = '0a0ae94f92a50937d920bf02dd26b477c840a915']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c4e-83b4-4d78-a4b9-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:26.000Z",
"modified": "2017-05-04T12:19:26.000Z",
"description": "Installdp - Xchecked via VT: d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2",
"pattern": "[file:hashes.MD5 = '000e4225f382f9eee675dcaf3cbf9c7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--590b1c4e-8478-434c-bac9-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:26.000Z",
"modified": "2017-05-04T12:19:26.000Z",
"first_observed": "2017-05-04T12:19:26Z",
"last_observed": "2017-05-04T12:19:26Z",
"number_observed": 1,
"object_refs": [
"url--590b1c4e-8478-434c-bac9-e28202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--590b1c4e-8478-434c-bac9-e28202de0b81",
"value": "https://www.virustotal.com/file/d5ea79632a1a67abbf9fb1c2813b899c90a5fb9442966ed4f530e92715087ee2/analysis/1493893902/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c4f-d128-4fb9-8eff-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:27.000Z",
"modified": "2017-05-04T12:19:27.000Z",
"description": "Install Adobe Flash Player - Xchecked via VT: 7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30",
"pattern": "[file:hashes.SHA1 = 'd972e12685591b71432faaf70c71ced4b6e522a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c4f-07b0-49f5-9bdd-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:27.000Z",
"modified": "2017-05-04T12:19:27.000Z",
"description": "Install Adobe Flash Player - Xchecked via VT: 7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30",
"pattern": "[file:hashes.MD5 = '3a5fc199189cf39ec58ec6fb2c3c7d93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--590b1c50-89b8-41ae-b787-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:28.000Z",
"modified": "2017-05-04T12:19:28.000Z",
"first_observed": "2017-05-04T12:19:28Z",
"last_observed": "2017-05-04T12:19:28Z",
"number_observed": 1,
"object_refs": [
"url--590b1c50-89b8-41ae-b787-e28202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--590b1c50-89b8-41ae-b787-e28202de0b81",
"value": "https://www.virustotal.com/file/7848f7808af02ba0466f3a0687cf949c4d29a2d94b035481a3299ec519aaaa30/analysis/1493898305/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c50-2940-474f-b5b6-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:28.000Z",
"modified": "2017-05-04T12:19:28.000Z",
"description": "Install - Xchecked via VT: 5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060",
"pattern": "[file:hashes.SHA1 = 'a201f1760ca4f99dff682a4e5c656f149f5d8e7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c51-7b20-480a-acb0-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:29.000Z",
"modified": "2017-05-04T12:19:29.000Z",
"description": "Install - Xchecked via VT: 5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060",
"pattern": "[file:hashes.MD5 = '6c74ff2cc39b5362ee5dec576ece211b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--590b1c51-7cf0-4bf1-9050-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:29.000Z",
"modified": "2017-05-04T12:19:29.000Z",
"first_observed": "2017-05-04T12:19:29Z",
"last_observed": "2017-05-04T12:19:29Z",
"number_observed": 1,
"object_refs": [
"url--590b1c51-7cf0-4bf1-9050-e28202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--590b1c51-7cf0-4bf1-9050-e28202de0b81",
"value": "https://www.virustotal.com/file/5b7792a16c6b7978fca389882c6aeeb2c792352076bf6a064e7b8b90eace8060/analysis/1493887382/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c51-1d1c-4e16-bd8d-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:29.000Z",
"modified": "2017-05-04T12:19:29.000Z",
"description": "Install Adobe Flash Player.app.z - Xchecked via VT: b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea",
"pattern": "[file:hashes.SHA1 = 'd20482372f9e63a54854d639cc79d0b65bc8382b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--590b1c52-1b0c-4fdb-8799-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:30.000Z",
"modified": "2017-05-04T12:19:30.000Z",
"description": "Install Adobe Flash Player.app.z - Xchecked via VT: b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea",
"pattern": "[file:hashes.MD5 = '77b4ffe73491d534946d010bfca138f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-05-04T12:19:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--590b1c52-ef70-4760-86a2-e28202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-05-04T12:19:30.000Z",
"modified": "2017-05-04T12:19:30.000Z",
"first_observed": "2017-05-04T12:19:30Z",
"last_observed": "2017-05-04T12:19:30Z",
"number_observed": 1,
"object_refs": [
"url--590b1c52-ef70-4760-86a2-e28202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--590b1c52-ef70-4760-86a2-e28202de0b81",
"value": "https://www.virustotal.com/file/b8ee4556dc09b28826359b98343a4e00680971a6f8c6602747bd5d723d26eaea/analysis/1493880806/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}