1237 lines
No EOL
51 KiB
JSON
1237 lines
No EOL
51 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--55c7524c-e510-453a-93dc-c2c9950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T19:59:05.000Z",
|
|
"modified": "2017-06-22T19:59:05.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--55c7524c-e510-453a-93dc-c2c9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T19:59:05.000Z",
|
|
"modified": "2017-06-22T19:59:05.000Z",
|
|
"name": "OSINT Operation Molerats: Middle East Cyber Attacks Using Poison Ivy by Fire Eye",
|
|
"published": "2017-06-22T19:59:26Z",
|
|
"object_refs": [
|
|
"observed-data--55c7525e-d474-4ed0-a478-c2c9950d210b",
|
|
"url--55c7525e-d474-4ed0-a478-c2c9950d210b",
|
|
"indicator--55d2ebcc-0278-4b56-8b29-7c5e950d210b",
|
|
"indicator--55d2ebd8-092c-48cc-a41d-966f950d210b",
|
|
"x-misp-attribute--55d2ebe7-30a8-486a-83f9-9675950d210b",
|
|
"indicator--55d2ec2a-a434-4f1d-b1e2-9804950d210b",
|
|
"indicator--55d2ec2b-4958-4ca6-9c55-9804950d210b",
|
|
"indicator--55d2ec2b-08cc-438a-973c-9804950d210b",
|
|
"indicator--55d2ec2b-b49c-4e7e-aaa9-9804950d210b",
|
|
"indicator--55d2ec3a-84b8-4b12-88ea-7c5e950d210b",
|
|
"indicator--55d2ec3a-b1e4-436b-a630-7c5e950d210b",
|
|
"indicator--55d2ec3a-d668-4526-be3a-7c5e950d210b",
|
|
"indicator--55d2ec3a-f498-428a-84c1-7c5e950d210b",
|
|
"indicator--55d2ec3a-f1b0-4307-930f-7c5e950d210b",
|
|
"indicator--55d2ec5c-4a24-422c-895c-9673950d210b",
|
|
"indicator--55d2ec5d-c21c-43ad-822a-9673950d210b",
|
|
"indicator--55d2ec5d-c4e4-43fb-9584-9673950d210b",
|
|
"indicator--55d2ec5d-c8e0-4024-96bd-9673950d210b",
|
|
"indicator--55d2ec5d-8ef8-420d-931a-9673950d210b",
|
|
"indicator--55d2ec5d-36c0-4e7f-86ca-9673950d210b",
|
|
"indicator--55d2ec7e-be34-4690-ba35-966f950d210b",
|
|
"indicator--55d2ecb3-aba8-4a4e-a1e9-876d950d210b",
|
|
"indicator--55d2ecb3-ede8-46c1-ada5-876d950d210b",
|
|
"indicator--55d2ecb3-d644-402a-98d5-876d950d210b",
|
|
"indicator--55d2ecb4-cbbc-4cba-9aeb-876d950d210b",
|
|
"indicator--55d2ecb4-443c-42fa-b9dc-876d950d210b",
|
|
"indicator--55d2ecb4-20d8-4a64-b332-876d950d210b",
|
|
"indicator--55d2ecb4-5fd4-4777-b900-876d950d210b",
|
|
"indicator--55d2ecb4-cee0-4dc1-b27e-876d950d210b",
|
|
"indicator--55d2ecb5-23b4-4842-be8d-876d950d210b",
|
|
"indicator--56c673ef-24a8-47b3-b427-4249950d210f",
|
|
"indicator--56c673f1-b2dc-42aa-b601-599c950d210f",
|
|
"indicator--56c673f2-ed28-4341-be11-5f51950d210f",
|
|
"indicator--56c673f4-a5c4-4f07-ab2f-c650950d210f",
|
|
"indicator--56c673f5-bf90-4d53-9f6d-5f51950d210f",
|
|
"indicator--56c673f7-1394-4e3b-a50c-59a1950d210f",
|
|
"indicator--56c673f8-76c8-4d94-b222-4bdb950d210f",
|
|
"indicator--56c673f9-79d4-4d33-93c3-c650950d210f",
|
|
"indicator--56c673fa-57f0-4ce3-980b-c652950d210f",
|
|
"indicator--56c673fc-f658-4f61-a69c-c653950d210f",
|
|
"indicator--56c673f0-e658-4060-a4b0-599f950d210f",
|
|
"indicator--56c673f2-de38-4262-92c5-c654950d210f",
|
|
"indicator--56c673f3-c984-4362-b914-5ca1950d210f",
|
|
"indicator--56c673f4-4f5c-4a34-904c-59a3950d210f",
|
|
"indicator--56c673f6-698c-4590-8c77-4556950d210f",
|
|
"indicator--56c673f7-164c-44e8-8ec5-5ca1950d210f",
|
|
"indicator--56c673f9-1d4c-4328-ade7-c653950d210f",
|
|
"indicator--56c673fa-2610-4a95-b832-599d950d210f",
|
|
"indicator--56c673fb-e8a8-4807-a7a3-4cd5950d210f",
|
|
"indicator--56c673fc-74b8-4e7a-8b7c-59a3950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55c7525e-d474-4ed0-a478-c2c9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-09T13:15:09.000Z",
|
|
"modified": "2015-08-09T13:15:09.000Z",
|
|
"first_observed": "2015-08-09T13:15:09Z",
|
|
"last_observed": "2015-08-09T13:15:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55c7525e-d474-4ed0-a478-c2c9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55c7525e-d474-4ed0-a478-c2c9950d210b",
|
|
"value": "https://www.fireeye.com/blog/threat-research/2013/08/operation-molerats-middle-east-cyber-attacks-using-poison-ivy.html"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ebcc-0278-4b56-8b29-7c5e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:55.000Z",
|
|
"modified": "2015-08-18T08:28:55.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7084f3a2d63a16a191b7fcb2b19f0e0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ebd8-092c-48cc-a41d-966f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:24:56.000Z",
|
|
"modified": "2015-08-18T08:24:56.000Z",
|
|
"pattern": "[mutex:name = 'gdfgdfgdg']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:24:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"mutex\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--55d2ebe7-30a8-486a-83f9-9675950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:25:11.000Z",
|
|
"modified": "2015-08-18T08:25:11.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_comment": "Password used",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "!@#GooD#@!"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec2a-a434-4f1d-b1e2-9804950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:18.000Z",
|
|
"modified": "2015-08-18T08:26:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = '16346b95e6deef9da7fe796c31b9dec4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec2b-4958-4ca6-9c55-9804950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:19.000Z",
|
|
"modified": "2015-08-18T08:26:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fc554a0ad7cf9d4f47ec4f297dbde375']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec2b-08cc-438a-973c-9804950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:19.000Z",
|
|
"modified": "2015-08-18T08:26:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a8714aac274a18f1724d9702d40030bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec2b-b49c-4e7e-aaa9-9804950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:19.000Z",
|
|
"modified": "2015-08-18T08:26:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd9a7c4a100cfefef995785f707be895c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec3a-84b8-4b12-88ea-7c5e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:34.000Z",
|
|
"modified": "2015-08-18T08:26:34.000Z",
|
|
"pattern": "[domain-name:value = 'toornt.servegame.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec3a-b1e4-436b-a630-7c5e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:34.000Z",
|
|
"modified": "2015-08-18T08:26:34.000Z",
|
|
"pattern": "[domain-name:value = 'updateo.servegame.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec3a-d668-4526-be3a-7c5e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:34.000Z",
|
|
"modified": "2015-08-18T08:26:34.000Z",
|
|
"pattern": "[domain-name:value = 'egypttv.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec3a-f498-428a-84c1-7c5e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:34.000Z",
|
|
"modified": "2015-08-18T08:26:34.000Z",
|
|
"pattern": "[domain-name:value = 'skype.servemp3.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec3a-f1b0-4307-930f-7c5e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:26:34.000Z",
|
|
"modified": "2015-08-18T08:26:34.000Z",
|
|
"pattern": "[domain-name:value = 'natco2.no-ip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:26:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec5c-4a24-422c-895c-9673950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:27:08.000Z",
|
|
"modified": "2015-08-18T08:27:08.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:27:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec5d-c21c-43ad-822a-9673950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:27:09.000Z",
|
|
"modified": "2015-08-18T08:27:09.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec5d-c4e4-43fb-9584-9673950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:27:09.000Z",
|
|
"modified": "2015-08-18T08:27:09.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.166']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec5d-c8e0-4024-96bd-9673950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:27:09.000Z",
|
|
"modified": "2015-08-18T08:27:09.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.103']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec5d-8ef8-420d-931a-9673950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:27:09.000Z",
|
|
"modified": "2015-08-18T08:27:09.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.220']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec5d-36c0-4e7f-86ca-9673950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:27:09.000Z",
|
|
"modified": "2015-08-18T08:27:09.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.179']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:27:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ec7e-be34-4690-ba35-966f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T19:59:05.000Z",
|
|
"modified": "2017-06-22T19:59:05.000Z",
|
|
"pattern": "[rule Molerats_certs\n{\nmeta:\n author = \"FireEye Labs\"\n description = \"this rule detections code signed with certificates used by the Molerats actor\"\n\nstrings:\n $cert1 = {06 50 11 A5 BC BF 83 C0 93 28 16 5E 7E 85 27 75}\n $cert2 = {03 e1 e1 aa a5 bc a1 9f ba 8c 42 05 8b 4a bf 28}\n $cert3 = {0c c0 35 9c 9c 3c da 00 d7 e9 da 2d c6 ba 7b 6d}\n\ncondition:\n 1 of ($cert*)\n}]",
|
|
"pattern_type": "yara",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-22T19:59:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb3-aba8-4a4e-a1e9-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:35.000Z",
|
|
"modified": "2015-08-18T08:28:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9dff139bbbe476770294fb86f4e156ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb3-ede8-46c1-ada5-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:35.000Z",
|
|
"modified": "2015-08-18T08:28:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6350d1039742b87b7917a5e26de2c25c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb3-d644-402a-98d5-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:35.000Z",
|
|
"modified": "2015-08-18T08:28:35.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b0a9abc76a2b4335074a13939c59bfc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb4-cbbc-4cba-9aeb-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:36.000Z",
|
|
"modified": "2015-08-18T08:28:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5b740b4623b2d1049c0036a6aae684b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb4-443c-42fa-b9dc-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:36.000Z",
|
|
"modified": "2015-08-18T08:28:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cf31aea415e7013e85d1687a1c0f5daa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb4-20d8-4a64-b332-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:36.000Z",
|
|
"modified": "2015-08-18T08:28:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = '973b5f2a5608d243e7305ee4f9249302']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb4-5fd4-4777-b900-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:36.000Z",
|
|
"modified": "2015-08-18T08:28:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e85fc76362c2e9dc7329fddda8acc89e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb4-cee0-4dc1-b27e-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:36.000Z",
|
|
"modified": "2015-08-18T08:28:36.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b05603938a888018d4dcdc551c4be8ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55d2ecb5-23b4-4842-be8d-876d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-08-18T08:28:37.000Z",
|
|
"modified": "2015-08-18T08:28:37.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9ef9a631160b96322010a5238defc673']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-08-18T08:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673ef-24a8-47b3-b427-4249950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:23.000Z",
|
|
"modified": "2016-02-19T01:46:23.000Z",
|
|
"description": "Automatically added (via 16346b95e6deef9da7fe796c31b9dec4)",
|
|
"pattern": "[file:hashes.SHA1 = '4662aa7b63d4377c38c38c6ed092b88e13883150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f1-b2dc-42aa-b601-599c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:25.000Z",
|
|
"modified": "2016-02-19T01:46:25.000Z",
|
|
"description": "Automatically added (via a8714aac274a18f1724d9702d40030bf)",
|
|
"pattern": "[file:hashes.SHA1 = 'd5da2c4e6024056ca07958d8b6336d17f7109cf8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f2-ed28-4341-be11-5f51950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:26.000Z",
|
|
"modified": "2016-02-19T01:46:26.000Z",
|
|
"description": "Automatically added (via d9a7c4a100cfefef995785f707be895c)",
|
|
"pattern": "[file:hashes.SHA1 = '2ae0ba3873b44d2bacf026ad547e65b69fbbb641']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f4-a5c4-4f07-ab2f-c650950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:28.000Z",
|
|
"modified": "2016-02-19T01:46:28.000Z",
|
|
"description": "Automatically added (via 9dff139bbbe476770294fb86f4e156ac)",
|
|
"pattern": "[file:hashes.SHA1 = 'cbd95c2d6209e7db9cb5af62b986d6fdf3b0b032']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f5-bf90-4d53-9f6d-5f51950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:29.000Z",
|
|
"modified": "2016-02-19T01:46:29.000Z",
|
|
"description": "Automatically added (via 6350d1039742b87b7917a5e26de2c25c)",
|
|
"pattern": "[file:hashes.SHA1 = '336151283faff1cd5bd9ced42b8cf9e15c3bffc7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f7-1394-4e3b-a50c-59a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:31.000Z",
|
|
"modified": "2016-02-19T01:46:31.000Z",
|
|
"description": "Automatically added (via 5b740b4623b2d1049c0036a6aae684b0)",
|
|
"pattern": "[file:hashes.SHA1 = 'a684da91db91fe1b8b4c1d842d739da85e065e45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f8-76c8-4d94-b222-4bdb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:32.000Z",
|
|
"modified": "2016-02-19T01:46:32.000Z",
|
|
"description": "Automatically added (via 973b5f2a5608d243e7305ee4f9249302)",
|
|
"pattern": "[file:hashes.SHA1 = 'e27729038d209e9b67577387f8164d5e7c5b921d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f9-79d4-4d33-93c3-c650950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:33.000Z",
|
|
"modified": "2016-02-19T01:46:33.000Z",
|
|
"description": "Automatically added (via e85fc76362c2e9dc7329fddda8acc89e)",
|
|
"pattern": "[file:hashes.SHA1 = 'eebf9abe5c8aea61bc083e44089accb5dca36041']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673fa-57f0-4ce3-980b-c652950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:34.000Z",
|
|
"modified": "2016-02-19T01:46:34.000Z",
|
|
"description": "Automatically added (via b05603938a888018d4dcdc551c4be8ac)",
|
|
"pattern": "[file:hashes.SHA1 = '52fae7e11829a4e3979ae719c92f44ffd102b4d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673fc-f658-4f61-a69c-c653950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:36.000Z",
|
|
"modified": "2016-02-19T01:46:36.000Z",
|
|
"description": "Automatically added (via 9ef9a631160b96322010a5238defc673)",
|
|
"pattern": "[file:hashes.SHA1 = 'a2c051fac0f5f5b42a5b7ec94411a70c16dc239c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f0-e658-4060-a4b0-599f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:24.000Z",
|
|
"modified": "2016-02-19T01:46:24.000Z",
|
|
"description": "Automatically added (via 16346b95e6deef9da7fe796c31b9dec4)",
|
|
"pattern": "[file:hashes.SHA256 = 'b745cf098e8643fb92723dedaef3343ec659baa288fffe847e961a8e62c2075f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f2-de38-4262-92c5-c654950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:26.000Z",
|
|
"modified": "2016-02-19T01:46:26.000Z",
|
|
"description": "Automatically added (via a8714aac274a18f1724d9702d40030bf)",
|
|
"pattern": "[file:hashes.SHA256 = '4f3bd6a74ddb04a5c4ae2f0b7290e1fe06123fbb681039962b3b291d143ebbc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f3-c984-4362-b914-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:27.000Z",
|
|
"modified": "2016-02-19T01:46:27.000Z",
|
|
"description": "Automatically added (via d9a7c4a100cfefef995785f707be895c)",
|
|
"pattern": "[file:hashes.SHA256 = 'bc2c1e2d23058a9277e8f3550fb7b0dfbb2c6e8a19e7981e24a72ea725682ecf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f4-4f5c-4a34-904c-59a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:28.000Z",
|
|
"modified": "2016-02-19T01:46:28.000Z",
|
|
"description": "Automatically added (via 9dff139bbbe476770294fb86f4e156ac)",
|
|
"pattern": "[file:hashes.SHA256 = 'faf73608255525a2a62825178f79d592a7a7a2597385d7887178d89cc67e7265']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f6-698c-4590-8c77-4556950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:30.000Z",
|
|
"modified": "2016-02-19T01:46:30.000Z",
|
|
"description": "Automatically added (via 6350d1039742b87b7917a5e26de2c25c)",
|
|
"pattern": "[file:hashes.SHA256 = '48d671f419d957e4a1cd1a0cc54a0cd72b259b9558c2e95cf6d06850bf12e0f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f7-164c-44e8-8ec5-5ca1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:31.000Z",
|
|
"modified": "2016-02-19T01:46:31.000Z",
|
|
"description": "Automatically added (via 5b740b4623b2d1049c0036a6aae684b0)",
|
|
"pattern": "[file:hashes.SHA256 = '34c13f37fa7f31b0143509b1545ab5b248def00827880708103ce427621fdfa6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673f9-1d4c-4328-ade7-c653950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:33.000Z",
|
|
"modified": "2016-02-19T01:46:33.000Z",
|
|
"description": "Automatically added (via 973b5f2a5608d243e7305ee4f9249302)",
|
|
"pattern": "[file:hashes.SHA256 = '4754fb852c5c82c8b94ae6a0cbb2edd1e82b369b0fdbc3bf8a04bed293b0f4fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673fa-2610-4a95-b832-599d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:34.000Z",
|
|
"modified": "2016-02-19T01:46:34.000Z",
|
|
"description": "Automatically added (via e85fc76362c2e9dc7329fddda8acc89e)",
|
|
"pattern": "[file:hashes.SHA256 = '23aa514a00838624795a13bcc0b7ff54d462a3cf12c53a00ee877424a180dd81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673fb-e8a8-4807-a7a3-4cd5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:35.000Z",
|
|
"modified": "2016-02-19T01:46:35.000Z",
|
|
"description": "Automatically added (via b05603938a888018d4dcdc551c4be8ac)",
|
|
"pattern": "[file:hashes.SHA256 = '9bdbfd5a70750f02b094786710fefb50ba839ed50ca3546dedd39cb92cc5156b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c673fc-74b8-4e7a-8b7c-59a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T01:46:36.000Z",
|
|
"modified": "2016-02-19T01:46:36.000Z",
|
|
"description": "Automatically added (via 9ef9a631160b96322010a5238defc673)",
|
|
"pattern": "[file:hashes.SHA256 = '6766177387cd1deda85fcda715fa6ffac3216c206e11857ac5d719ff408d930d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T01:46:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |