adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/548e96bd-d008-44bb-aa77-b792950d210b.json

1896 lines
No EOL
77 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--548e96bd-d008-44bb-aa77-b792950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-16T08:28:40.000Z",
"modified": "2014-12-16T08:28:40.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--548e96bd-d008-44bb-aa77-b792950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-16T08:28:40.000Z",
"modified": "2014-12-16T08:28:40.000Z",
"name": "OSINT Fidelis Threat Advisory #1014 \"Bots, Machines, and the Matrix\"",
"published": "2014-12-16T08:29:58Z",
"object_refs": [
"x-misp-attribute--548e96cd-4e3c-41ec-bf12-4e47950d210b",
"observed-data--548e96e9-dd7c-4bed-8c54-4cfe950d210b",
"url--548e96e9-dd7c-4bed-8c54-4cfe950d210b",
"observed-data--548e96e9-eba0-49de-b1d7-4687950d210b",
"url--548e96e9-eba0-49de-b1d7-4687950d210b",
"observed-data--548e96e9-6934-4fe9-8225-4049950d210b",
"url--548e96e9-6934-4fe9-8225-4049950d210b",
"x-misp-attribute--548e971c-9ff4-4c3b-ae28-b74f950d210b",
"x-misp-attribute--548e971c-ddf0-4a78-9ac6-b74f950d210b",
"x-misp-attribute--548e971c-8c80-4990-b6f8-b74f950d210b",
"x-misp-attribute--548e971d-73f8-4658-a273-b74f950d210b",
"x-misp-attribute--548e971d-2d4c-4f6d-b039-b74f950d210b",
"x-misp-attribute--548e971d-ece0-40ad-b780-b74f950d210b",
"x-misp-attribute--548e97c2-e054-445c-9ea6-455f950d210b",
"x-misp-attribute--548e97c2-6444-44e6-806a-4bdf950d210b",
"indicator--548e9871-6938-4830-826d-4f5d950d210b",
"indicator--548e9871-dde8-46f2-b055-424b950d210b",
"indicator--548e9871-a3dc-4f39-9f79-46d1950d210b",
"indicator--548e9871-a1bc-44f5-8dff-4e96950d210b",
"indicator--548e9871-86b4-4f3a-a3e5-466e950d210b",
"observed-data--548e9889-8da8-4eb8-91c9-b79b950d210b",
"network-traffic--548e9889-8da8-4eb8-91c9-b79b950d210b",
"ipv4-addr--548e9889-8da8-4eb8-91c9-b79b950d210b",
"indicator--548e9902-2f30-415e-a8a1-4387950d210b",
"indicator--548e9902-94a4-4a32-b21f-495b950d210b",
"observed-data--548e9915-a158-481a-84d5-4668950d210b",
"network-traffic--548e9915-a158-481a-84d5-4668950d210b",
"ipv4-addr--548e9915-a158-481a-84d5-4668950d210b",
"observed-data--548e9915-df34-45ed-8d97-475e950d210b",
"network-traffic--548e9915-df34-45ed-8d97-475e950d210b",
"ipv4-addr--548e9915-df34-45ed-8d97-475e950d210b",
"observed-data--548e9915-a154-4f14-bbb9-4647950d210b",
"network-traffic--548e9915-a154-4f14-bbb9-4647950d210b",
"ipv4-addr--548e9915-a154-4f14-bbb9-4647950d210b",
"x-misp-attribute--548e99a5-d254-42c6-b3d6-4760950d210b",
"x-misp-attribute--548e99a5-f22c-45de-83b5-4d9b950d210b",
"x-misp-attribute--548e99a5-abf4-42e2-8742-453c950d210b",
"x-misp-attribute--548e99a5-66e8-4b67-807d-4ab4950d210b",
"x-misp-attribute--548e99a5-4f2c-485c-ab23-4c30950d210b",
"x-misp-attribute--548e99a5-cd54-4707-9972-418c950d210b",
"x-misp-attribute--548e99a5-45a0-4dba-97da-4335950d210b",
"x-misp-attribute--548e99a5-d8e0-4540-acb0-4687950d210b",
"x-misp-attribute--548e99a5-3d40-4f2d-b2df-45fb950d210b",
"x-misp-attribute--548e99a5-7838-4947-9769-4c93950d210b",
"x-misp-attribute--548e99a5-32ac-44d0-ae60-458a950d210b",
"x-misp-attribute--548e99a6-11fc-4568-b5dc-45c7950d210b",
"x-misp-attribute--548e99a6-73a0-46da-af4a-4c5e950d210b",
"x-misp-attribute--548e99a6-9e30-4b75-81b3-459b950d210b",
"x-misp-attribute--548e99a6-d66c-4785-b6c9-4b59950d210b",
"x-misp-attribute--548e99a6-8cd4-4239-80ea-4148950d210b",
"x-misp-attribute--548e99a6-3dc4-4f3e-872d-4a49950d210b",
"x-misp-attribute--548e99a6-34a0-443e-9dac-4831950d210b",
"x-misp-attribute--548e9a3b-8d8c-497f-9082-4e99950d210b",
"observed-data--548e9aa1-5a7c-4843-ae18-4332950d210b",
"url--548e9aa1-5a7c-4843-ae18-4332950d210b",
"observed-data--548e9aa1-191c-463e-bd42-4574950d210b",
"url--548e9aa1-191c-463e-bd42-4574950d210b",
"observed-data--548e9aa1-c74c-40cc-a303-42a8950d210b",
"url--548e9aa1-c74c-40cc-a303-42a8950d210b",
"observed-data--548e9aa1-0e94-424b-b6c2-4dd1950d210b",
"url--548e9aa1-0e94-424b-b6c2-4dd1950d210b",
"observed-data--548e9aa1-bf18-42ab-9144-41e9950d210b",
"url--548e9aa1-bf18-42ab-9144-41e9950d210b",
"observed-data--548e9aa1-250c-4087-a453-405f950d210b",
"url--548e9aa1-250c-4087-a453-405f950d210b",
"observed-data--548e9aa1-4310-4eb5-b137-4cc0950d210b",
"url--548e9aa1-4310-4eb5-b137-4cc0950d210b",
"observed-data--548e9aa1-9588-4ecc-af78-4364950d210b",
"url--548e9aa1-9588-4ecc-af78-4364950d210b",
"observed-data--548e9aa1-0fb8-4806-b890-48ae950d210b",
"url--548e9aa1-0fb8-4806-b890-48ae950d210b",
"observed-data--548e9aa1-6500-47f9-9b6a-42e3950d210b",
"url--548e9aa1-6500-47f9-9b6a-42e3950d210b",
"observed-data--548e9aa1-10fc-4c0c-8cfc-4fd8950d210b",
"url--548e9aa1-10fc-4c0c-8cfc-4fd8950d210b",
"observed-data--548e9aa1-a8e8-4455-b071-47ca950d210b",
"url--548e9aa1-a8e8-4455-b071-47ca950d210b",
"observed-data--548e9aa2-f530-403c-963d-4c38950d210b",
"url--548e9aa2-f530-403c-963d-4c38950d210b",
"observed-data--548e9aa2-3ca4-4948-923f-4b59950d210b",
"url--548e9aa2-3ca4-4948-923f-4b59950d210b",
"observed-data--548e9aa2-e488-48f4-b9a9-4de8950d210b",
"url--548e9aa2-e488-48f4-b9a9-4de8950d210b",
"observed-data--548e9aa2-46e0-4fb2-a5ee-46ce950d210b",
"url--548e9aa2-46e0-4fb2-a5ee-46ce950d210b",
"observed-data--548e9aa2-7764-4e05-80c2-417d950d210b",
"url--548e9aa2-7764-4e05-80c2-417d950d210b",
"observed-data--548e9aa2-d488-47d2-a406-464b950d210b",
"url--548e9aa2-d488-47d2-a406-464b950d210b",
"observed-data--548e9aa2-78ac-4cd3-8d2b-48de950d210b",
"url--548e9aa2-78ac-4cd3-8d2b-48de950d210b",
"observed-data--548e9aa2-bb60-4c5d-9680-4d4e950d210b",
"url--548e9aa2-bb60-4c5d-9680-4d4e950d210b",
"observed-data--548e9aa2-5a78-4a29-8171-4c68950d210b",
"url--548e9aa2-5a78-4a29-8171-4c68950d210b",
"indicator--548e9abb-a4c0-4a7d-9d22-4aa1950d210b",
"indicator--548e9ac9-df30-496d-88f8-4b9b950d210b",
"indicator--548e9afb-e1ac-4300-ab18-4069950d210b",
"indicator--548e9b11-c25c-4fba-a184-47fc950d210b",
"indicator--548e9b26-3474-485f-bb91-4760950d210b",
"indicator--548e9b43-d4b4-4fd7-8d39-4950950d210b",
"indicator--548e9b5c-8784-4477-b878-4db1950d210b",
"indicator--548e9b6e-c3d0-4c58-a494-4138950d210b",
"indicator--548e9b89-ab00-455a-8636-b2a7950d210b",
"indicator--548e9bbc-3494-4dd1-8505-45f1950d210b",
"indicator--548e9bd1-0db8-4d9d-b931-447c950d210b",
"indicator--548e9be5-17dc-4d23-956e-4c44950d210b",
"indicator--548e9c19-98f8-493b-9430-4930950d210b",
"indicator--548e9c8a-d458-4fa2-ab62-486f950d210b",
"indicator--548e9c8a-3858-48cb-9ad6-41b0950d210b",
"indicator--548e9c8a-9c68-44dc-b73e-4222950d210b",
"indicator--548e9c8a-1cc4-42c5-b71b-494b950d210b",
"indicator--548e9caf-3a30-4a92-9be5-4467950d210b",
"indicator--548e9cc5-1954-49c6-8dab-4fbb950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e96cd-4e3c-41ec-bf12-4e47950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:07:41.000Z",
"modified": "2014-12-15T08:07:41.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e96e9-dd7c-4bed-8c54-4cfe950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:08:09.000Z",
"modified": "2014-12-15T08:08:09.000Z",
"first_observed": "2014-12-15T08:08:09Z",
"last_observed": "2014-12-15T08:08:09Z",
"number_observed": 1,
"object_refs": [
"url--548e96e9-dd7c-4bed-8c54-4cfe950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e96e9-dd7c-4bed-8c54-4cfe950d210b",
"value": "http://www.threatgeek.com/2014/12/threat-advisory-1014-bots-machines-and-the-matrix.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e96e9-eba0-49de-b1d7-4687950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:08:09.000Z",
"modified": "2014-12-15T08:08:09.000Z",
"first_observed": "2014-12-15T08:08:09Z",
"last_observed": "2014-12-15T08:08:09Z",
"number_observed": 1,
"object_refs": [
"url--548e96e9-eba0-49de-b1d7-4687950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e96e9-eba0-49de-b1d7-4687950d210b",
"value": "http://www.fidelissecurity.com/resources/threat-advisory"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e96e9-6934-4fe9-8225-4049950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:08:09.000Z",
"modified": "2014-12-15T08:08:09.000Z",
"first_observed": "2014-12-15T08:08:09Z",
"last_observed": "2014-12-15T08:08:09Z",
"number_observed": 1,
"object_refs": [
"url--548e96e9-6934-4fe9-8225-4049950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e96e9-6934-4fe9-8225-4049950d210b",
"value": "http://www.fidelissecurity.com/sites/default/files/FTA_1014_Bots_Machines_and_the_Matrix.pdf"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e971c-9ff4-4c3b-ae28-b74f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:09:00.000Z",
"modified": "2014-12-15T08:09:00.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Andromeda"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e971c-ddf0-4a78-9ac6-b74f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:09:00.000Z",
"modified": "2014-12-15T08:09:00.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "BetaBot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e971c-8c80-4990-b6f8-b74f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:09:00.000Z",
"modified": "2014-12-15T08:09:00.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Beta Bot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e971d-73f8-4658-a273-b74f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:09:01.000Z",
"modified": "2014-12-15T08:09:01.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Neutrino Bot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e971d-2d4c-4f6d-b039-b74f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:09:01.000Z",
"modified": "2014-12-15T08:09:01.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "NgrBot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e971d-ece0-40ad-b780-b74f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:09:01.000Z",
"modified": "2014-12-15T08:09:01.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "DorkBot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e97c2-e054-445c-9ea6-455f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:11:46.000Z",
"modified": "2014-12-15T08:11:46.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Contact information for Neutrino",
"x_misp_type": "text",
"x_misp_value": "3utrino@kaddafi.me"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e97c2-6444-44e6-806a-4bdf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:11:46.000Z",
"modified": "2014-12-15T08:11:46.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Contact information for Neutrino",
"x_misp_type": "text",
"x_misp_value": "n3utrino@xmpp.jp"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9871-6938-4830-826d-4f5d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:14:41.000Z",
"modified": "2014-12-15T08:14:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '117.21.191.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:14:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9871-dde8-46f2-b055-424b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:14:41.000Z",
"modified": "2014-12-15T08:14:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.11.83.7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:14:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9871-a3dc-4f39-9f79-46d1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:14:41.000Z",
"modified": "2014-12-15T08:14:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.14.212.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:14:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9871-a1bc-44f5-8dff-4e96950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:14:41.000Z",
"modified": "2014-12-15T08:14:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.133.18.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:14:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9871-86b4-4f3a-a3e5-466e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:14:41.000Z",
"modified": "2014-12-15T08:14:41.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '155.133.18.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:14:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9889-8da8-4eb8-91c9-b79b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-16T08:28:09.000Z",
"modified": "2014-12-16T08:28:09.000Z",
"first_observed": "2014-12-16T08:28:09Z",
"last_observed": "2014-12-16T08:28:09Z",
"number_observed": 1,
"object_refs": [
"network-traffic--548e9889-8da8-4eb8-91c9-b79b950d210b",
"ipv4-addr--548e9889-8da8-4eb8-91c9-b79b950d210b"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--548e9889-8da8-4eb8-91c9-b79b950d210b",
"dst_ref": "ipv4-addr--548e9889-8da8-4eb8-91c9-b79b950d210b",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--548e9889-8da8-4eb8-91c9-b79b950d210b",
"value": "54.69.90.62"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9902-2f30-415e-a8a1-4387950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:17:06.000Z",
"modified": "2014-12-15T08:17:06.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.1.109.44']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:17:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9902-94a4-4a32-b21f-495b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:17:06.000Z",
"modified": "2014-12-15T08:17:06.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.255.1.241']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:17:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9915-a158-481a-84d5-4668950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-16T08:28:19.000Z",
"modified": "2014-12-16T08:28:19.000Z",
"first_observed": "2014-12-16T08:28:19Z",
"last_observed": "2014-12-16T08:28:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--548e9915-a158-481a-84d5-4668950d210b",
"ipv4-addr--548e9915-a158-481a-84d5-4668950d210b"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--548e9915-a158-481a-84d5-4668950d210b",
"dst_ref": "ipv4-addr--548e9915-a158-481a-84d5-4668950d210b",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--548e9915-a158-481a-84d5-4668950d210b",
"value": "54.191.142.124"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9915-df34-45ed-8d97-475e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-16T08:28:29.000Z",
"modified": "2014-12-16T08:28:29.000Z",
"first_observed": "2014-12-16T08:28:29Z",
"last_observed": "2014-12-16T08:28:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--548e9915-df34-45ed-8d97-475e950d210b",
"ipv4-addr--548e9915-df34-45ed-8d97-475e950d210b"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--548e9915-df34-45ed-8d97-475e950d210b",
"dst_ref": "ipv4-addr--548e9915-df34-45ed-8d97-475e950d210b",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--548e9915-df34-45ed-8d97-475e950d210b",
"value": "54.68.121.73"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9915-a154-4f14-bbb9-4647950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-16T08:28:40.000Z",
"modified": "2014-12-16T08:28:40.000Z",
"first_observed": "2014-12-16T08:28:40Z",
"last_observed": "2014-12-16T08:28:40Z",
"number_observed": 1,
"object_refs": [
"network-traffic--548e9915-a154-4f14-bbb9-4647950d210b",
"ipv4-addr--548e9915-a154-4f14-bbb9-4647950d210b"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--548e9915-a154-4f14-bbb9-4647950d210b",
"dst_ref": "ipv4-addr--548e9915-a154-4f14-bbb9-4647950d210b",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--548e9915-a154-4f14-bbb9-4647950d210b",
"value": "54.68.194.154"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-d254-42c6-b3d6-4760950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Sysn"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-f22c-45de-83b5-4d9b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor.Win32.Androm"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-abf4-42e2-8742-453c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor.Win32.Azbreg"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-66e8-4b67-807d-4ab4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Backdoor.Win32.Ruskill"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-4f2c-485c-ab23-4c30950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Downloader.Win32.Agent"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-cd54-4707-9972-418c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Dropper.Win32.Injector"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-45a0-4dba-97da-4335950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Proxy.Win32.Lethic"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-d8e0-4540-acb0-4687950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Spy.Win32.SpyEyes"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-3d40-4f2d-b2df-45fb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Spy.Win32.Zbot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-7838-4947-9769-4c93950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Badur"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a5-32ac-44d0-ae60-458a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Inject"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a6-11fc-4568-b5dc-45c7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Lethic"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a6-73a0-46da-af4a-4c5e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Munchies"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a6-9e30-4b75-81b3-459b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Neurevt"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a6-d66c-4785-b6c9-4b59950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Sharik"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a6-8cd4-4239-80ea-4148950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Yakes"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a6-3dc4-4f3e-872d-4a49950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Worm.Win32.Dorkbot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e99a6-34a0-443e-9dac-4831950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:20:31.000Z",
"modified": "2014-12-15T08:20:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Worm.Win32.Ngrbot"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--548e9a3b-8d8c-497f-9082-4e99950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:22:19.000Z",
"modified": "2014-12-15T08:22:19.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Worm.Win32.Hamweq"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-5a7c-4843-ae18-4332950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-5a7c-4843-ae18-4332950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-5a7c-4843-ae18-4332950d210b",
"value": "http://121.11.83.7/and40a70.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-191c-463e-bd42-4574950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-191c-463e-bd42-4574950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-191c-463e-bd42-4574950d210b",
"value": "http://121.11.83.7/bet40a71.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-c74c-40cc-a303-42a8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-c74c-40cc-a303-42a8950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-c74c-40cc-a303-42a8950d210b",
"value": "http://121.11.83.7/ng40a71.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-0e94-424b-b6c2-4dd1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-0e94-424b-b6c2-4dd1950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-0e94-424b-b6c2-4dd1950d210b",
"value": "http://155.133.18.45/37a1.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-bf18-42ab-9144-41e9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-bf18-42ab-9144-41e9950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-bf18-42ab-9144-41e9950d210b",
"value": "http://54.69.90.62/330740a71.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-250c-4087-a453-405f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-250c-4087-a453-405f950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-250c-4087-a453-405f950d210b",
"value": "http://54.69.90.62/bnew40a71.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-4310-4eb5-b137-4cc0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-4310-4eb5-b137-4cc0950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-4310-4eb5-b137-4cc0950d210b",
"value": "http://155.133.18.45/109a7.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-9588-4ecc-af78-4364950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-9588-4ecc-af78-4364950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-9588-4ecc-af78-4364950d210b",
"value": "http://155.133.18.45/51a5.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-0fb8-4806-b890-48ae950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-0fb8-4806-b890-48ae950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-0fb8-4806-b890-48ae950d210b",
"value": "http://155.133.18.45/62.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-6500-47f9-9b6a-42e3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-6500-47f9-9b6a-42e3950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-6500-47f9-9b6a-42e3950d210b",
"value": "http://121.14.212.184/ng33.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-10fc-4c0c-8cfc-4fd8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-10fc-4c0c-8cfc-4fd8950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-10fc-4c0c-8cfc-4fd8950d210b",
"value": "http://121.14.212.184/zpm39a.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa1-a8e8-4455-b071-47ca950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:01.000Z",
"modified": "2014-12-15T08:24:01.000Z",
"first_observed": "2014-12-15T08:24:01Z",
"last_observed": "2014-12-15T08:24:01Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa1-a8e8-4455-b071-47ca950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa1-a8e8-4455-b071-47ca950d210b",
"value": "http://155.133.18.45/141a1.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-f530-403c-963d-4c38950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-f530-403c-963d-4c38950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-f530-403c-963d-4c38950d210b",
"value": "http://217.23.6.112/98.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-3ca4-4948-923f-4b59950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-3ca4-4948-923f-4b59950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-3ca4-4948-923f-4b59950d210b",
"value": "http://54.191.142.124/zpm37.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-e488-48f4-b9a9-4de8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-e488-48f4-b9a9-4de8950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-e488-48f4-b9a9-4de8950d210b",
"value": "http://54.69.90.62/bnew40a85.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-46e0-4fb2-a5ee-46ce950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-46e0-4fb2-a5ee-46ce950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-46e0-4fb2-a5ee-46ce950d210b",
"value": "http://121.11.83.7/nut40a71.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-7764-4e05-80c2-417d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-7764-4e05-80c2-417d950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-7764-4e05-80c2-417d950d210b",
"value": "http://54.69.90.62/dqnew40a81.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-d488-47d2-a406-464b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-d488-47d2-a406-464b950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-d488-47d2-a406-464b950d210b",
"value": "http://119.1.109.44/and33.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-78ac-4cd3-8d2b-48de950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-78ac-4cd3-8d2b-48de950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-78ac-4cd3-8d2b-48de950d210b",
"value": "http://217.23.6.112/330740x.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-bb60-4c5d-9680-4d4e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-bb60-4c5d-9680-4d4e950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-bb60-4c5d-9680-4d4e950d210b",
"value": "http://77.87.79.128/37extra.exe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--548e9aa2-5a78-4a29-8171-4c68950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:02.000Z",
"modified": "2014-12-15T08:24:02.000Z",
"first_observed": "2014-12-15T08:24:02Z",
"last_observed": "2014-12-15T08:24:02Z",
"number_observed": 1,
"object_refs": [
"url--548e9aa2-5a78-4a29-8171-4c68950d210b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--548e9aa2-5a78-4a29-8171-4c68950d210b",
"value": "http://158.255.1.241/ng38a.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9abb-a4c0-4a7d-9d22-4aa1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:27.000Z",
"modified": "2014-12-15T08:24:27.000Z",
"pattern": "[file:hashes.MD5 = '036eb11a5751c77bc65006769921c8e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:24:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9ac9-df30-496d-88f8-4b9b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:24:41.000Z",
"modified": "2014-12-15T08:24:41.000Z",
"pattern": "[file:hashes.SHA1 = 'c6966d9557a9d5ffbbcd7866d45eddff30a9fd99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:24:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9afb-e1ac-4300-ab18-4069950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:25:31.000Z",
"modified": "2014-12-15T08:25:31.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.14.212.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9b11-c25c-4fba-a184-47fc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:25:53.000Z",
"modified": "2014-12-15T08:25:53.000Z",
"pattern": "[domain-name:value = 'a2kiaymoster14902.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:25:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9b26-3474-485f-bb91-4760950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:26:14.000Z",
"modified": "2014-12-15T08:26:14.000Z",
"pattern": "[file:hashes.MD5 = 'b62391f3f7cbdea02763614f60f3930f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:26:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9b43-d4b4-4fd7-8d39-4950950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:26:43.000Z",
"modified": "2014-12-15T08:26:43.000Z",
"pattern": "[file:name = '\\\\%ALLUSERSPROFILE\\\\%\\\\msitygyd.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:26:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9b5c-8784-4477-b878-4db1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:27:08.000Z",
"modified": "2014-12-15T08:27:08.000Z",
"description": "Beta Bot",
"pattern": "[file:hashes.MD5 = '9e8b203f487dfa85dd47e32b3d24e24e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:27:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9b6e-c3d0-4c58-a494-4138950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:27:26.000Z",
"modified": "2014-12-15T08:27:26.000Z",
"description": "Beta Bot",
"pattern": "[file:hashes.SHA1 = 'de6a4d53b5265f8cddf08271d17d845f58107e82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:27:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9b89-ab00-455a-8636-b2a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:27:53.000Z",
"modified": "2014-12-15T08:27:53.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.255.202.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:27:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9bbc-3494-4dd1-8505-45f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:28:44.000Z",
"modified": "2014-12-15T08:28:44.000Z",
"description": "Neutrino Bot",
"pattern": "[file:hashes.MD5 = '463f7191363d0391add327c1270d7fe6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:28:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9bd1-0db8-4d9d-b931-447c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:29:05.000Z",
"modified": "2014-12-15T08:29:05.000Z",
"description": "Neutrino Bot",
"pattern": "[file:hashes.SHA1 = 'a87c5b6a588ef4b351ce1a3a0fe2b035e685e96c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:29:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9be5-17dc-4d23-956e-4c44950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:29:25.000Z",
"modified": "2014-12-15T08:29:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '121.61.118.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:29:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9c19-98f8-493b-9430-4930950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:30:17.000Z",
"modified": "2014-12-15T08:30:17.000Z",
"pattern": "[file:hashes.MD5 = 'b21e4c8f73151d7b0294a3974fe44421']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:30:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9c8a-d458-4fa2-ab62-486f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:32:10.000Z",
"modified": "2014-12-15T08:32:10.000Z",
"pattern": "[file:hashes.MD5 = '463f7191363d0391add327c1270d7fe6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:32:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9c8a-3858-48cb-9ad6-41b0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:32:10.000Z",
"modified": "2014-12-15T08:32:10.000Z",
"pattern": "[file:hashes.MD5 = '9cf7d079713fdf715131e16b144d3f52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:32:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9c8a-9c68-44dc-b73e-4222950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:32:10.000Z",
"modified": "2014-12-15T08:32:10.000Z",
"pattern": "[file:hashes.MD5 = '2983d957d4cdd9293682cfaf21147d07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:32:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9c8a-1cc4-42c5-b71b-494b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:32:10.000Z",
"modified": "2014-12-15T08:32:10.000Z",
"pattern": "[file:hashes.MD5 = '72380a9fcf7486bb731606d4f4c13f27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:32:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9caf-3a30-4a92-9be5-4467950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:32:47.000Z",
"modified": "2014-12-15T08:32:47.000Z",
"pattern": "[file:hashes.MD5 = '13475d0fdba8dc7a648b57b10e8296d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:32:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--548e9cc5-1954-49c6-8dab-4fbb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2014-12-15T08:33:09.000Z",
"modified": "2014-12-15T08:33:09.000Z",
"pattern": "[file:hashes.SHA1 = 'feed5337c0a3b1fd55c78a976fbd5388512a22e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2014-12-15T08:33:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue View git blame Copy permalink