misp-circl-feed/feeds/circl/stix-2.1/59eb345d-34f0-4fc6-b785-2ace02de0b81.json

1830 lines
No EOL
81 KiB
JSON

{
"type": "bundle",
"id": "bundle--59eb345d-34f0-4fc6-b785-2ace02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:06:50.000Z",
"modified": "2017-10-21T12:06:50.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59eb345d-34f0-4fc6-b785-2ace02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:06:50.000Z",
"modified": "2017-10-21T12:06:50.000Z",
"name": "OSINT - JadeRAT mobile surveillanceware spikes in espionage activity",
"published": "2017-10-21T12:07:01Z",
"object_refs": [
"x-misp-attribute--59eb3697-dfbc-4550-8737-2fca02de0b81",
"observed-data--59eb36a5-4ca4-4f6e-aad0-4a0c02de0b81",
"url--59eb36a5-4ca4-4f6e-aad0-4a0c02de0b81",
"indicator--59eb378f-93f4-4cf5-a831-41d302de0b81",
"indicator--59eb378f-5b20-4c70-99f5-449602de0b81",
"indicator--59eb378f-5b38-4db7-a773-404602de0b81",
"indicator--59eb378f-75c4-448b-8bfb-4e2702de0b81",
"indicator--59eb378f-aff4-462d-a457-41a402de0b81",
"indicator--59eb378f-7b90-4bb4-bbb5-4aa902de0b81",
"indicator--59eb378f-cc7c-4248-a617-482102de0b81",
"indicator--59eb378f-b5ac-471a-bfd9-473002de0b81",
"indicator--59eb378f-0c24-424d-83d2-427602de0b81",
"indicator--59eb378f-3370-4d78-98f9-48f002de0b81",
"indicator--59eb378f-97e4-4c1d-a328-433b02de0b81",
"indicator--59eb378f-5180-4649-9ba4-491202de0b81",
"indicator--59eb378f-f474-4ccb-8faf-44f202de0b81",
"indicator--59eb378f-53d4-4cf6-9501-486202de0b81",
"indicator--59eb378f-36fc-4a11-b267-475102de0b81",
"indicator--59eb378f-7dc0-47d9-84aa-409b02de0b81",
"indicator--59eb378f-e918-4894-a7bf-4f7002de0b81",
"indicator--59eb37b7-202c-48b1-9ae2-45b102de0b81",
"indicator--59eb37b7-d5f4-41e5-9903-430e02de0b81",
"indicator--59eb37b7-b3f4-46ac-8cd4-49f302de0b81",
"indicator--59eb37b7-d1e0-4d28-8d2f-42bd02de0b81",
"indicator--59eb37b7-1210-4dec-abdf-477e02de0b81",
"indicator--59eb37b7-022c-4426-9348-4e1302de0b81",
"indicator--59eb37b7-e050-4378-83f3-4c6802de0b81",
"indicator--59eb37b7-d968-4fc8-a788-4ba002de0b81",
"indicator--59eb37b7-a468-4d3c-9bfa-4a7b02de0b81",
"indicator--59eb37b7-b76c-42cc-9b29-482502de0b81",
"indicator--59eb37b7-2448-4aea-92cf-4e7702de0b81",
"indicator--59eb37b7-d744-4da6-bcc0-4fe302de0b81",
"indicator--59eb37b7-e720-40ae-b0ea-472402de0b81",
"indicator--59eb37c9-79fc-4548-b8a8-474e02de0b81",
"indicator--59eb37c9-5bbc-41b0-8fc9-44d202de0b81",
"observed-data--59eb37c9-b1f0-40b9-967f-4ed702de0b81",
"url--59eb37c9-b1f0-40b9-967f-4ed702de0b81",
"indicator--59eb37c9-6f1c-4db5-9268-46f902de0b81",
"indicator--59eb37c9-ae5c-443a-9416-459602de0b81",
"observed-data--59eb37c9-13a8-467a-b0f4-4bd402de0b81",
"url--59eb37c9-13a8-467a-b0f4-4bd402de0b81",
"indicator--59eb37c9-a4b8-450d-a7fa-449802de0b81",
"indicator--59eb37c9-e164-49c1-8677-4d9d02de0b81",
"observed-data--59eb37c9-d950-4384-8e7a-405c02de0b81",
"url--59eb37c9-d950-4384-8e7a-405c02de0b81",
"indicator--59eb37c9-e654-485c-972b-467a02de0b81",
"indicator--59eb37c9-4178-49e7-a9c2-43c702de0b81",
"observed-data--59eb37c9-66b4-4f03-b2da-400002de0b81",
"url--59eb37c9-66b4-4f03-b2da-400002de0b81",
"indicator--59eb37c9-6288-4953-90bc-463e02de0b81",
"indicator--59eb37c9-f8e8-4479-92d2-4f0402de0b81",
"observed-data--59eb37c9-7914-4952-8f14-427802de0b81",
"url--59eb37c9-7914-4952-8f14-427802de0b81",
"indicator--59eb37c9-5200-45a3-b2cc-495102de0b81",
"indicator--59eb37c9-6b84-4e40-ad30-45e302de0b81",
"observed-data--59eb37c9-2acc-430a-b859-417102de0b81",
"url--59eb37c9-2acc-430a-b859-417102de0b81",
"indicator--59eb37c9-58a0-4d16-9f89-456c02de0b81",
"indicator--59eb37c9-7030-4779-9b5a-47b202de0b81",
"observed-data--59eb37c9-4b4c-4102-ac39-4c8102de0b81",
"url--59eb37c9-4b4c-4102-ac39-4c8102de0b81",
"indicator--59eb37c9-3d60-4960-a32d-4f7602de0b81",
"indicator--59eb37c9-7a70-4b28-a712-4ff702de0b81",
"observed-data--59eb37c9-281c-4784-8b93-4f3c02de0b81",
"url--59eb37c9-281c-4784-8b93-4f3c02de0b81",
"indicator--59eb37c9-b930-44b5-8ed8-4afe02de0b81",
"indicator--59eb37c9-99f8-4c53-83cb-41cc02de0b81",
"observed-data--59eb37c9-a0bc-4dfe-a69a-4cd402de0b81",
"url--59eb37c9-a0bc-4dfe-a69a-4cd402de0b81",
"indicator--59eb37c9-a278-42cb-922f-484e02de0b81",
"indicator--59eb37c9-d2a0-4704-99b2-438202de0b81",
"observed-data--59eb37c9-1fc8-4e25-83d1-4e3202de0b81",
"url--59eb37c9-1fc8-4e25-83d1-4e3202de0b81",
"indicator--59eb37c9-479c-4091-96a2-447c02de0b81",
"indicator--59eb37c9-a3ec-49c6-8207-497502de0b81",
"observed-data--59eb37c9-cbe4-4837-95bd-407202de0b81",
"url--59eb37c9-cbe4-4837-95bd-407202de0b81",
"indicator--59eb37c9-dd34-41ce-beaa-44f602de0b81",
"indicator--59eb37c9-c460-45c3-b3fc-4e5c02de0b81",
"observed-data--59eb37c9-7d04-4567-9660-4d5a02de0b81",
"url--59eb37c9-7d04-4567-9660-4d5a02de0b81",
"indicator--59eb37c9-d058-4a55-9acc-49a702de0b81",
"indicator--59eb37c9-11b4-4096-b690-428002de0b81",
"observed-data--59eb37c9-16e8-475b-9228-409502de0b81",
"url--59eb37c9-16e8-475b-9228-409502de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:rat=\"JadeRAT\"",
"ms-caro-malware:malware-type=\"RemoteAccess\"",
"enisa:nefarious-activity-abuse=\"remote-access-tool\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59eb3697-dfbc-4550-8737-2fca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Lookout researchers are monitoring the evolution of an Android surveillanceware family known as JadeRAT, we believe may be connected to a government sponsored APT group.\r\n\r\nEmerging in 2015 and becoming increasingly active, JadeRAT provides its operators with a significant degree of control over a compromised device and supports over 60 commands that are focused on retrieving sensitive information and profiling victims.\r\nAll Lookout customers are protected from this threat.\r\n\r\nJadeRAT is just one example of numerous mobile surveillanceware families we've seen in recent months, indicating that actors are continuing to incorporate mobile tools in their attack chains. Some of these active families have included FrozenCell, an attack against government officials in Palestine; xRAT, associated with a family targeting Hong Kong protestors; and ViperRAT, an attack targeting members of the Israeli Defense Force. Research into those families suggests they are highly targeted however we've also seen more wide-reaching spyware such as SonicSpy that was discovered in thousands of malicious apps, some of which made their way into the Google Play Store."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb36a5-4ca4-4f6e-aad0-4a0c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"first_observed": "2017-10-21T12:04:24Z",
"last_observed": "2017-10-21T12:04:24Z",
"number_observed": 1,
"object_refs": [
"url--59eb36a5-4ca4-4f6e-aad0-4a0c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb36a5-4ca4-4f6e-aad0-4a0c02de0b81",
"value": "https://blog.lookout.com/mobile-threat-jaderat"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-93f4-4cf5-a831-41d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[domain-name:value = 'googleservhlp.oicp.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-5b20-4c70-99f5-449602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[domain-name:value = 'iponetest.eicp.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-5b38-4db7-a773-404602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[domain-name:value = 'myofficedesktop.rkfree.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-75c4-448b-8bfb-4e2702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[domain-name:value = 'asd887655.6655.la']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-aff4-462d-a457-41a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.226.127.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-7b90-4bb4-bbb5-4aa902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.41.93.32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-cc7c-4248-a617-482102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.106.48.194']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-b5ac-471a-bfd9-473002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.149.231.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-0c24-424d-83d2-427602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.192.178.51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-3370-4d78-98f9-48f002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.36.72.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-97e4-4c1d-a328-433b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.192.250.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-5180-4649-9ba4-491202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.15.58.119']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-f474-4ccb-8faf-44f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.158.131.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-53d4-4cf6-9501-486202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.192.241.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-36fc-4a11-b267-475102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[domain-name:value = 'test.ymyoo.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-7dc0-47d9-84aa-409b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.200.31.23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb378f-e918-4894-a7bf-4f7002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "Though these phone numbers are only associated with a limited number of samples, all samples come configured with specific infrastructure to which they communicate. Observed domains and external IP addresses.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.144.202.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-202c-48b1-9ae2-45b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = 'fea0bc1df035ea8eb683bc91cef4d925d8a260f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-d5f4-41e5-9903-430e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = 'b86d8dc815f50377e444a297f5f33bba1b16cc8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-b3f4-46ac-8cd4-49f302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '674224a4fe7ec9badd5eefce303ec0867a4afcdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-d1e0-4d28-8d2f-42bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '3e883ac8e5fac3940e774ebca8d626eac5b8d02c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-1210-4dec-abdf-477e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '6aaf0f67dddab4fbc9239e29a668195c109d8c23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-022c-4426-9348-4e1302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '62cc592cac04d698313ed500bbc897df8172b029']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-e050-4378-83f3-4c6802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:24.000Z",
"modified": "2017-10-21T12:04:24.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = 'fd5a2ec25d996fe88845bb0705296bf9a621cbe7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-d968-4fc8-a788-4ba002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '00683fa02a0a70e6951daeb34c48cbcceffb60d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-a468-4d3c-9bfa-4a7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '64dddf18cd767b8d273aac1f178db791c758d819']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-b76c-42cc-9b29-482502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '5cb05fb8e3e98781c94f69890a9b69eec8def46a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-2448-4aea-92cf-4e7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '97de3e5a20014f125a8685c6e48c8e6bc4e2c51d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-d744-4da6-bcc0-4fe302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = '1e9ec2cdeca8c6954b13551051eec8107b0cef75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37b7-e720-40ae-b0ea-472402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples",
"pattern": "[file:hashes.SHA1 = 'b0f844b4ffc4824dad757be4b231905e099a97d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-79fc-4548-b8a8-474e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: b0f844b4ffc4824dad757be4b231905e099a97d7",
"pattern": "[file:hashes.SHA256 = '83d6eed16dce6c97f0e2115c897d18db7b46466bc7b75a5efd6642a5fd1b7b9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-5bbc-41b0-8fc9-44d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: b0f844b4ffc4824dad757be4b231905e099a97d7",
"pattern": "[file:hashes.MD5 = 'a4bf2e600b3b1ee3bafbedaadb823706']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-b1f0-40b9-967f-4ed702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-b1f0-40b9-967f-4ed702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-b1f0-40b9-967f-4ed702de0b81",
"value": "https://www.virustotal.com/file/83d6eed16dce6c97f0e2115c897d18db7b46466bc7b75a5efd6642a5fd1b7b9b/analysis/1441017348/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-6f1c-4db5-9268-46f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 1e9ec2cdeca8c6954b13551051eec8107b0cef75",
"pattern": "[file:hashes.SHA256 = 'fa185c5f57163b016d64bb0ed295661713671b092066dc40fea8d3723f032707']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-ae5c-443a-9416-459602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 1e9ec2cdeca8c6954b13551051eec8107b0cef75",
"pattern": "[file:hashes.MD5 = 'be3f4213941f02884918c175503aaf6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-13a8-467a-b0f4-4bd402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-13a8-467a-b0f4-4bd402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-13a8-467a-b0f4-4bd402de0b81",
"value": "https://www.virustotal.com/file/fa185c5f57163b016d64bb0ed295661713671b092066dc40fea8d3723f032707/analysis/1450982618/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-a4b8-450d-a7fa-449802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 97de3e5a20014f125a8685c6e48c8e6bc4e2c51d",
"pattern": "[file:hashes.SHA256 = 'd347221a45fbc9cf3479ceee2b3e02e946a5eaecb0fd746448537e6cf899de8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-e164-49c1-8677-4d9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 97de3e5a20014f125a8685c6e48c8e6bc4e2c51d",
"pattern": "[file:hashes.MD5 = '9544b4dcb7c26f40b9d01263e71e48bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-d950-4384-8e7a-405c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-d950-4384-8e7a-405c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-d950-4384-8e7a-405c02de0b81",
"value": "https://www.virustotal.com/file/d347221a45fbc9cf3479ceee2b3e02e946a5eaecb0fd746448537e6cf899de8b/analysis/1460366743/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-e654-485c-972b-467a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 5cb05fb8e3e98781c94f69890a9b69eec8def46a",
"pattern": "[file:hashes.SHA256 = '1ee815452328ae439998af43ed828901cbae38a0d02c34bcacda1d88ef574e00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-4178-49e7-a9c2-43c702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 5cb05fb8e3e98781c94f69890a9b69eec8def46a",
"pattern": "[file:hashes.MD5 = 'fc794ed057dc81d3dc62e881abd6971c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-66b4-4f03-b2da-400002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-66b4-4f03-b2da-400002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-66b4-4f03-b2da-400002de0b81",
"value": "https://www.virustotal.com/file/1ee815452328ae439998af43ed828901cbae38a0d02c34bcacda1d88ef574e00/analysis/1460133268/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-6288-4953-90bc-463e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 64dddf18cd767b8d273aac1f178db791c758d819",
"pattern": "[file:hashes.SHA256 = 'd5f55036d114c4518b990d85b20e99baf27589b8bb6bd3f82ab49885e8a4f191']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-f8e8-4479-92d2-4f0402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 64dddf18cd767b8d273aac1f178db791c758d819",
"pattern": "[file:hashes.MD5 = '2e79f8ecdf2bb53d11456f503e75a7f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-7914-4952-8f14-427802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-7914-4952-8f14-427802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-7914-4952-8f14-427802de0b81",
"value": "https://www.virustotal.com/file/d5f55036d114c4518b990d85b20e99baf27589b8bb6bd3f82ab49885e8a4f191/analysis/1460365945/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-5200-45a3-b2cc-495102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 00683fa02a0a70e6951daeb34c48cbcceffb60d9",
"pattern": "[file:hashes.SHA256 = 'b6e38d41b1a685215a78387ddcaebf472a5b41949628f71eeb6784d8d8780e3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-6b84-4e40-ad30-45e302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 00683fa02a0a70e6951daeb34c48cbcceffb60d9",
"pattern": "[file:hashes.MD5 = 'a428e442d8b93523168be74961d42d16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-2acc-430a-b859-417102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-2acc-430a-b859-417102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-2acc-430a-b859-417102de0b81",
"value": "https://www.virustotal.com/file/b6e38d41b1a685215a78387ddcaebf472a5b41949628f71eeb6784d8d8780e3b/analysis/1460376239/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-58a0-4d16-9f89-456c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: fd5a2ec25d996fe88845bb0705296bf9a621cbe7",
"pattern": "[file:hashes.SHA256 = '54e3174a42e2f1fcf5fa2c14910187723c1070a23cea31e2c0a7cbf48c653e16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-7030-4779-9b5a-47b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: fd5a2ec25d996fe88845bb0705296bf9a621cbe7",
"pattern": "[file:hashes.MD5 = '390585527287c6d99019c06e68766aeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-4b4c-4102-ac39-4c8102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-4b4c-4102-ac39-4c8102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-4b4c-4102-ac39-4c8102de0b81",
"value": "https://www.virustotal.com/file/54e3174a42e2f1fcf5fa2c14910187723c1070a23cea31e2c0a7cbf48c653e16/analysis/1458661599/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-3d60-4960-a32d-4f7602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 62cc592cac04d698313ed500bbc897df8172b029",
"pattern": "[file:hashes.SHA256 = '0e9fc5f5f3e7183c33fbeaaf51fa99813acf07d7efa21e1f8e59af808207881a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-7a70-4b28-a712-4ff702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 62cc592cac04d698313ed500bbc897df8172b029",
"pattern": "[file:hashes.MD5 = '6918eb8dd1ff0ac8013722fdc809a603']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-281c-4784-8b93-4f3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-281c-4784-8b93-4f3c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-281c-4784-8b93-4f3c02de0b81",
"value": "https://www.virustotal.com/file/0e9fc5f5f3e7183c33fbeaaf51fa99813acf07d7efa21e1f8e59af808207881a/analysis/1460129710/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-b930-44b5-8ed8-4afe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 6aaf0f67dddab4fbc9239e29a668195c109d8c23",
"pattern": "[file:hashes.SHA256 = '4f709f6de93709d93adadf1dbc10931cee5ae4b4bf554f6990e6be15db26aa30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-99f8-4c53-83cb-41cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 6aaf0f67dddab4fbc9239e29a668195c109d8c23",
"pattern": "[file:hashes.MD5 = '7fe5e61cf2a44b5dc9f73aa9512ca22f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-a0bc-4dfe-a69a-4cd402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-a0bc-4dfe-a69a-4cd402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-a0bc-4dfe-a69a-4cd402de0b81",
"value": "https://www.virustotal.com/file/4f709f6de93709d93adadf1dbc10931cee5ae4b4bf554f6990e6be15db26aa30/analysis/1463300427/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-a278-42cb-922f-484e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 3e883ac8e5fac3940e774ebca8d626eac5b8d02c",
"pattern": "[file:hashes.SHA256 = '9ab0abf833f847b1c7bc4625b88ca1766d091f9b06c5e8cd79a7567f600f7d83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-d2a0-4704-99b2-438202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 3e883ac8e5fac3940e774ebca8d626eac5b8d02c",
"pattern": "[file:hashes.MD5 = '3640a74afba9442fa7d50f9a2565d933']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-1fc8-4e25-83d1-4e3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-1fc8-4e25-83d1-4e3202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-1fc8-4e25-83d1-4e3202de0b81",
"value": "https://www.virustotal.com/file/9ab0abf833f847b1c7bc4625b88ca1766d091f9b06c5e8cd79a7567f600f7d83/analysis/1465960575/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-479c-4091-96a2-447c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 674224a4fe7ec9badd5eefce303ec0867a4afcdf",
"pattern": "[file:hashes.SHA256 = 'c9c25f3973318417d2943d11672db88c9272f9fd34d11a1670492ba9892bf3ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-a3ec-49c6-8207-497502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: 674224a4fe7ec9badd5eefce303ec0867a4afcdf",
"pattern": "[file:hashes.MD5 = '4f1c2d7583a3831e578431c35f3d494c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-cbe4-4837-95bd-407202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-cbe4-4837-95bd-407202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-cbe4-4837-95bd-407202de0b81",
"value": "https://www.virustotal.com/file/c9c25f3973318417d2943d11672db88c9272f9fd34d11a1670492ba9892bf3ea/analysis/1473947478/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-dd34-41ce-beaa-44f602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: b86d8dc815f50377e444a297f5f33bba1b16cc8e",
"pattern": "[file:hashes.SHA256 = '92511088347013365cb21b085bc4445a22b30b163467b14b6c49128ce95c34b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-c460-45c3-b3fc-4e5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: b86d8dc815f50377e444a297f5f33bba1b16cc8e",
"pattern": "[file:hashes.MD5 = '9027f111377598362972745478e40311']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-7d04-4567-9660-4d5a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-7d04-4567-9660-4d5a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-7d04-4567-9660-4d5a02de0b81",
"value": "https://www.virustotal.com/file/92511088347013365cb21b085bc4445a22b30b163467b14b6c49128ce95c34b3/analysis/1479329410/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-d058-4a55-9acc-49a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: fea0bc1df035ea8eb683bc91cef4d925d8a260f3",
"pattern": "[file:hashes.SHA256 = '9b51f912df5925a97f9d9954aad8a56095516e9d2fb7cccdf6e0a8dd53e69d88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59eb37c9-11b4-4096-b690-428002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"description": "JadeRAT samples - Xchecked via VT: fea0bc1df035ea8eb683bc91cef4d925d8a260f3",
"pattern": "[file:hashes.MD5 = '28ad0d78ffa42b6184d48a8eecc5882b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-21T12:04:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59eb37c9-16e8-475b-9228-409502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-21T12:04:25.000Z",
"modified": "2017-10-21T12:04:25.000Z",
"first_observed": "2017-10-21T12:04:25Z",
"last_observed": "2017-10-21T12:04:25Z",
"number_observed": 1,
"object_refs": [
"url--59eb37c9-16e8-475b-9228-409502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59eb37c9-16e8-475b-9228-409502de0b81",
"value": "https://www.virustotal.com/file/9b51f912df5925a97f9d9954aad8a56095516e9d2fb7cccdf6e0a8dd53e69d88/analysis/1479329865/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}