misp-circl-feed/feeds/circl/misp/54e1a3f3-be8c-4840-88ce-f2d9950d210b.json

1007 lines
No EOL
40 KiB
JSON

{
"type": "bundle",
"id": "bundle--54e1a3f3-be8c-4840-88ce-f2d9950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:17:55.000Z",
"modified": "2015-02-16T08:17:55.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--54e1a3f3-be8c-4840-88ce-f2d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:17:55.000Z",
"modified": "2015-02-16T08:17:55.000Z",
"name": "OSINT MSRT February update from Microsoft",
"published": "2015-02-16T09:26:16Z",
"object_refs": [
"observed-data--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
"url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
"indicator--54e1a42f-d028-4fda-ab40-4a72950d210b",
"indicator--54e1a42f-8168-4254-ac41-4968950d210b",
"indicator--54e1a42f-d668-4806-9d14-4f42950d210b",
"indicator--54e1a42f-fbe0-41f8-a0c8-439b950d210b",
"indicator--54e1a42f-88c8-490f-b24f-4cd5950d210b",
"indicator--54e1a42f-d918-4c44-b106-4a5c950d210b",
"indicator--54e1a430-5cf0-4c2f-959b-4d51950d210b",
"indicator--54e1a430-7e34-4f23-bda3-425c950d210b",
"x-misp-attribute--54e1a472-d4f8-43eb-89af-20b7950d210b",
"x-misp-attribute--54e1a472-ec94-484f-9bea-20b7950d210b",
"observed-data--54e1a49e-d43c-4564-9b46-f2d9950d210b",
"url--54e1a49e-d43c-4564-9b46-f2d9950d210b",
"observed-data--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
"url--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
"indicator--54e1a4d1-4284-43c9-a77a-fae5950d210b",
"indicator--54e1a4d1-48d4-49d8-864a-fae5950d210b",
"indicator--54e1a4d1-ad7c-4595-a65c-fae5950d210b",
"indicator--54e1a4d1-9748-4092-978b-fae5950d210b",
"indicator--54e1a4d1-21c0-404f-b2d2-fae5950d210b",
"indicator--54e1a4d2-9554-44d8-9496-fae5950d210b",
"indicator--54e1a4d2-d004-4aef-b376-fae5950d210b",
"indicator--54e1a4d2-42d0-4147-b45a-fae5950d210b",
"indicator--54e1a4d2-56bc-4405-9c3e-fae5950d210b",
"indicator--54e1a4d2-1998-4bee-abae-fae5950d210b",
"x-misp-attribute--54e1a5d3-e2b4-498d-ac48-40c3950d210b",
"x-misp-attribute--54e1a5df-cfdc-4928-af6f-fae5950d210b",
"indicator--54e1a66d-d5bc-4f3b-afad-dadf950d210b",
"indicator--54e1a66d-5a08-45f2-8d7e-dadf950d210b",
"indicator--54e1a66d-6da8-4100-956c-dadf950d210b",
"indicator--54e1a66d-a538-40a0-9882-dadf950d210b",
"x-misp-attribute--54e1a67b-cf10-473d-803a-4753950d210b",
"indicator--54e1a6aa-88b0-4aef-ad0b-430e950d210b",
"indicator--54e1a6aa-ea00-4864-9e3b-4b7a950d210b",
"indicator--54e1a6aa-06c8-4e4f-8d50-4e61950d210b",
"indicator--54e1a6ed-0db0-41ab-b75b-20b7950d210b",
"indicator--54e1a70f-2744-46bd-b771-426c950d210b",
"observed-data--54e1a73f-bafc-4cc7-8141-9107950d210b",
"url--54e1a73f-bafc-4cc7-8141-9107950d210b",
"observed-data--54e1a73f-1158-4659-901c-9107950d210b",
"url--54e1a73f-1158-4659-901c-9107950d210b",
"observed-data--54e1a73f-97fc-4ceb-8345-9107950d210b",
"url--54e1a73f-97fc-4ceb-8345-9107950d210b",
"indicator--54e1a7b3-bc64-4713-be9c-4c95950d210b",
"indicator--54e1a7b3-7460-4a04-afb5-45eb950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:04:19.000Z",
"modified": "2015-02-16T08:04:19.000Z",
"first_observed": "2015-02-16T08:04:19Z",
"last_observed": "2015-02-16T08:04:19Z",
"number_observed": 1,
"object_refs": [
"url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
"value": "http://blogs.technet.com/b/mmpc/archive/2015/02/10/msrt-february-escad-and-nukesped.aspx"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a42f-d028-4fda-ab40-4a72950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'ansi.nls']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a42f-8168-4254-ac41-4968950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'dayipmr.tbl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a42f-d668-4806-9d14-4f42950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'netmonsvc.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a42f-fbe0-41f8-a0c8-439b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'pmsconfig.msi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a42f-88c8-490f-b24f-4cd5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'pmslog.msi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a42f-d918-4c44-b106-4a5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'rdmgr.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a430-5cf0-4c2f-959b-4d51950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'remoteevtmanager.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a430-7e34-4f23-bda3-425c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:03:49.000Z",
"modified": "2015-02-16T08:03:49.000Z",
"description": "Escad",
"pattern": "[file:name = 'tmscompg.msi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e1a472-d4f8-43eb-89af-20b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:04:02.000Z",
"modified": "2015-02-16T08:04:02.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Escad"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e1a472-ec94-484f-9bea-20b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:04:02.000Z",
"modified": "2015-02-16T08:04:02.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Nukesped"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54e1a49e-d43c-4564-9b46-f2d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:04:46.000Z",
"modified": "2015-02-16T08:04:46.000Z",
"first_observed": "2015-02-16T08:04:46Z",
"last_observed": "2015-02-16T08:04:46Z",
"number_observed": 1,
"object_refs": [
"url--54e1a49e-d43c-4564-9b46-f2d9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54e1a49e-d43c-4564-9b46-f2d9950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Jinupd"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:04:46.000Z",
"modified": "2015-02-16T08:04:46.000Z",
"first_observed": "2015-02-16T08:04:46Z",
"last_observed": "2015-02-16T08:04:46Z",
"number_observed": 1,
"object_refs": [
"url--54e1a49e-04d8-4a50-b68a-f2d9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/NukeSped"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d1-4284-43c9-a77a-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:37.000Z",
"modified": "2015-02-16T08:05:37.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'comon32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d1-48d4-49d8-864a-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:37.000Z",
"modified": "2015-02-16T08:05:37.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'diskpartmg16.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d1-ad7c-4595-a65c-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:37.000Z",
"modified": "2015-02-16T08:05:37.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'dpnsvr16.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d1-9748-4092-978b-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:37.000Z",
"modified": "2015-02-16T08:05:37.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'expandmn32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d1-21c0-404f-b2d2-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:37.000Z",
"modified": "2015-02-16T08:05:37.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'hwrcompsvc64.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d2-9554-44d8-9496-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:38.000Z",
"modified": "2015-02-16T08:05:38.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'mobsynclm64.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d2-d004-4aef-b376-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:38.000Z",
"modified": "2015-02-16T08:05:38.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'rdpshellex32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d2-42d0-4147-b45a-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:38.000Z",
"modified": "2015-02-16T08:05:38.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'recdiscm32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d2-56bc-4405-9c3e-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:38.000Z",
"modified": "2015-02-16T08:05:38.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'taskchg16.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a4d2-1998-4bee-abae-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:05:38.000Z",
"modified": "2015-02-16T08:05:38.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'taskhosts64.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:05:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e1a5d3-e2b4-498d-ac48-40c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:09:55.000Z",
"modified": "2015-02-16T08:09:55.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Seems to be related to Sony hack based on the screenshots on the february update page"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e1a5df-cfdc-4928-af6f-fae5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:10:07.000Z",
"modified": "2015-02-16T08:10:07.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a66d-d5bc-4f3b-afad-dadf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:12:29.000Z",
"modified": "2015-02-16T08:12:29.000Z",
"description": "Jinupd",
"pattern": "[domain-name:value = 'dailygiftclub.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a66d-5a08-45f2-8d7e-dadf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:12:29.000Z",
"modified": "2015-02-16T08:12:29.000Z",
"description": "Jinupd",
"pattern": "[domain-name:value = 'dailygiftclub1.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a66d-6da8-4100-956c-dadf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:12:29.000Z",
"modified": "2015-02-16T08:12:29.000Z",
"description": "Jinupd",
"pattern": "[domain-name:value = 'priv8darkshop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a66d-a538-40a0-9882-dadf950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:12:29.000Z",
"modified": "2015-02-16T08:12:29.000Z",
"description": "Jinupd",
"pattern": "[domain-name:value = 'sopvps.hk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:12:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54e1a67b-cf10-473d-803a-4753950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:12:43.000Z",
"modified": "2015-02-16T08:12:43.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Jinupd"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a6aa-88b0-4aef-ad0b-430e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:13:51.000Z",
"modified": "2015-02-16T08:13:51.000Z",
"description": "Jinupd",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\java se platform updater\\\\jusched.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:13:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a6aa-ea00-4864-9e3b-4b7a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:13:51.000Z",
"modified": "2015-02-16T08:13:51.000Z",
"description": "Jinupd",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\java platform updater\\\\jusched.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:13:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a6aa-06c8-4e4f-8d50-4e61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:13:51.000Z",
"modified": "2015-02-16T08:13:51.000Z",
"description": "Jinupd",
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\svchost.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:13:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a6ed-0db0-41ab-b75b-20b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:14:37.000Z",
"modified": "2015-02-16T08:14:37.000Z",
"description": "NukeSped",
"pattern": "[file:name = '\\\\%TEMP\\\\% \\\\usbdrv3.sys']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:14:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a70f-2744-46bd-b771-426c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:15:11.000Z",
"modified": "2015-02-16T08:15:11.000Z",
"description": "NukeSped",
"pattern": "[file:name = '\\\\%windir\\\\% \\\\iissvr.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54e1a73f-bafc-4cc7-8141-9107950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:15:59.000Z",
"modified": "2015-02-16T08:15:59.000Z",
"first_observed": "2015-02-16T08:15:59Z",
"last_observed": "2015-02-16T08:15:59Z",
"number_observed": 1,
"object_refs": [
"url--54e1a73f-bafc-4cc7-8141-9107950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54e1a73f-bafc-4cc7-8141-9107950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.C!dha"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54e1a73f-1158-4659-901c-9107950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:15:59.000Z",
"modified": "2015-02-16T08:15:59.000Z",
"first_observed": "2015-02-16T08:15:59Z",
"last_observed": "2015-02-16T08:15:59Z",
"number_observed": 1,
"object_refs": [
"url--54e1a73f-1158-4659-901c-9107950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54e1a73f-1158-4659-901c-9107950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.B!dha"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54e1a73f-97fc-4ceb-8345-9107950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:15:59.000Z",
"modified": "2015-02-16T08:15:59.000Z",
"first_observed": "2015-02-16T08:15:59Z",
"last_observed": "2015-02-16T08:15:59Z",
"number_observed": 1,
"object_refs": [
"url--54e1a73f-97fc-4ceb-8345-9107950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54e1a73f-97fc-4ceb-8345-9107950d210b",
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.A!dha"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a7b3-bc64-4713-be9c-4c95950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:17:55.000Z",
"modified": "2015-02-16T08:17:55.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'usbdrv3_32bit.sys']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:17:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54e1a7b3-7460-4a04-afb5-45eb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-02-16T08:17:55.000Z",
"modified": "2015-02-16T08:17:55.000Z",
"description": "NukeSped",
"pattern": "[file:name = 'usbdrv3_64bit.sys']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-02-16T08:17:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}