misp-circl-feed/feeds/circl/misp/54f9a0ef-0ebc-414d-88ab-f094950d210b.json

1238 lines
No EOL
50 KiB
JSON

{
"type": "bundle",
"id": "bundle--54f9a0ef-0ebc-414d-88ab-f094950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--54f9a0ef-0ebc-414d-88ab-f094950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"name": "OSINT Who's Really Spreading through the Bright Star? by Securelist / Kaspersky",
"published": "2016-02-22T15:15:00Z",
"object_refs": [
"observed-data--54f9a0fd-56c8-411a-8cc7-489b950d210b",
"url--54f9a0fd-56c8-411a-8cc7-489b950d210b",
"x-misp-attribute--54f9a10f-34e4-4fd7-a9d3-484e950d210b",
"indicator--54f9a13b-6bdc-40e8-a010-f094950d210b",
"indicator--54f9a13b-3c84-4c16-a132-f094950d210b",
"indicator--54f9a13c-7868-4fb4-be39-f094950d210b",
"indicator--54f9a172-5cac-4b31-ad16-453f950d210b",
"indicator--54f9a172-0e68-4f06-b8c1-4e32950d210b",
"indicator--54f9a17e-ad50-4166-a1a0-4860950d210b",
"indicator--54f9a17e-97e4-4943-81de-4463950d210b",
"x-misp-attribute--54f9a1ab-b520-4b9a-8339-4188950d210b",
"indicator--54f9a217-da1c-4f1b-b37d-4132950d210b",
"indicator--54f9a217-df00-4d26-9ac7-4f77950d210b",
"indicator--54f9a217-b858-49e2-bba3-4321950d210b",
"indicator--54f9a217-9d88-4a75-a466-4236950d210b",
"indicator--54f9a218-bfe4-4b5c-b5c8-461c950d210b",
"indicator--54f9a218-c784-446d-bf77-4ab7950d210b",
"indicator--54f9a218-e61c-492d-92cc-4777950d210b",
"indicator--54f9a218-f9e0-45b9-9f98-4797950d210b",
"indicator--54f9a218-79d8-4182-84db-4c98950d210b",
"x-misp-attribute--54f9a24b-fca4-4e03-b504-4098950d210b",
"x-misp-attribute--54f9a24b-9908-439e-8df7-44d7950d210b",
"x-misp-attribute--54f9a24b-b538-4cee-8162-4e69950d210b",
"x-misp-attribute--54f9a24b-ebfc-40f6-a24f-4500950d210b",
"indicator--54f9a282-ca7c-4ece-8598-40fc950d210b",
"indicator--54f9a282-108c-4f7a-8982-40c4950d210b",
"indicator--54f9a282-8d30-43e2-a150-4f43950d210b",
"indicator--54f9a282-87c0-4133-8257-4962950d210b",
"indicator--54f9a282-1724-483e-a397-4a70950d210b",
"indicator--54f9a282-ba10-46fc-91a5-4567950d210b",
"indicator--54f9a282-d54c-41ec-89b4-455d950d210b",
"indicator--54f9a282-f7f4-42c8-b545-4a79950d210b",
"indicator--54f9a282-3cc8-4d0c-ba11-4581950d210b",
"indicator--54f9a282-fe84-4b60-81b3-4cff950d210b",
"indicator--54f9a282-002c-440a-a52b-4f25950d210b",
"indicator--54f9a2c3-56b0-4339-9b32-46cd950d210b",
"indicator--54f9a2c3-8c04-4bba-89b1-40be950d210b",
"indicator--54f9a2c3-d0f0-43d8-b6a6-4ad1950d210b",
"indicator--54f9a2c3-7094-4fea-964c-432b950d210b",
"indicator--54f9a2c3-7c88-4ac1-a201-413f950d210b",
"indicator--54f9a2c3-0690-42fd-8aac-454b950d210b",
"indicator--54f9a2c3-43c4-4a83-b866-4122950d210b",
"indicator--56c6575e-3d24-4ed7-b7c5-599f950d210f",
"indicator--56c65760-d398-47c4-9b5a-59a3950d210f",
"indicator--56c65762-f0a8-4514-a3e7-40a3950d210f",
"indicator--56c65764-c1c0-4f62-87cd-599c950d210f",
"indicator--56c65766-7358-4804-84d2-c650950d210f",
"indicator--56c6575f-94f0-44dd-901d-599d950d210f",
"indicator--56c65761-4130-4d4a-9614-4766950d210f",
"indicator--56c65763-f668-4c0e-ace8-59a1950d210f",
"indicator--56c65764-a468-44de-8d2d-c651950d210f",
"indicator--56c65766-16b4-4f4f-ae47-599f950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54f9a0fd-56c8-411a-8cc7-489b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"first_observed": "2015-03-06T12:48:36Z",
"last_observed": "2015-03-06T12:48:36Z",
"number_observed": 1,
"object_refs": [
"url--54f9a0fd-56c8-411a-8cc7-489b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54f9a0fd-56c8-411a-8cc7-489b950d210b",
"value": "https://securelist.com/blog/68978/whos-really-spreading-through-the-bright-star/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54f9a10f-34e4-4fd7-a9d3-484e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Dark Hotel"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a13b-6bdc-40e8-a010-f094950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[domain-name:value = 'a.gwas.perl.sh']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a13b-3c84-4c16-a132-f094950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[domain-name:value = 'a-gwas-01.dyndns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a13c-7868-4fb4-be39-f094950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[domain-name:value = 'a-gwas-01.slyip.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a172-5cac-4b31-ad16-453f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = '78d3c8705f8baf7d34e6a6737d1cfa18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a172-0e68-4f06-b8c1-4e32950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = '978888892a1ed13e94d2fcb832a2a6b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a17e-ad50-4166-a1a0-4860950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\system32\\\\mscaps.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a17e-97e4-4943-81de-4463950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\system32\\\\wtime32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54f9a1ab-b520-4b9a-8339-4188950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Bright Star"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a217-da1c-4f1b-b37d-4132950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = '2d9df706d1857434fcaa014df70d1c66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a217-df00-4d26-9ac7-4f77950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = 'fffa05401511ad2a89283c52d0c86472']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a217-b858-49e2-bba3-4321950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = '1fcc5b3ed6bc76d70cfa49d051e0dff6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a217-9d88-4a75-a466-4236950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = 'd0c9ada173da923efabb53d5a9b28d54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a218-bfe4-4b5c-b5c8-461c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = 'daac1781c9d22f5743ade0cb41feaebf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a218-c784-446d-bf77-4ab7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = '6a9461f260ebb2556b8ae1d0ba93858a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a218-e61c-492d-92cc-4777950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = 'f1c9f4a1f92588aeb82be5d2d4c2c730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a218-f9e0-45b9-9f98-4797950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = '59ee2ff6dbac2b6cd3e98cb0ff581bdb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a218-79d8-4182-84db-4c98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:48:36.000Z",
"modified": "2015-03-06T12:48:36.000Z",
"pattern": "[file:hashes.MD5 = 'f415ea8f2435d6c9656cc6525c65bd3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54f9a24b-fca4-4e03-b504-4098950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:49:15.000Z",
"modified": "2015-03-06T12:49:15.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Kaspersky",
"x_misp_type": "text",
"x_misp_value": "Trojan.Win32.Agent.hwgw"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54f9a24b-9908-439e-8df7-44d7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:49:15.000Z",
"modified": "2015-03-06T12:49:15.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Kaspersky",
"x_misp_type": "text",
"x_misp_value": "UDS:DangerousObject.Multi.Generic"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54f9a24b-b538-4cee-8162-4e69950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:49:15.000Z",
"modified": "2015-03-06T12:49:15.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Kaspersky",
"x_misp_type": "text",
"x_misp_value": "HEUR:Trojan.Win32.Generic"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54f9a24b-ebfc-40f6-a24f-4500950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:49:15.000Z",
"modified": "2015-03-06T12:49:15.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_comment": "Kaspersky",
"x_misp_type": "text",
"x_misp_value": "Trojan-Dropper.Win32.Daws.awfy"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-ca7c-4ece-8598-40fc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '78d3c8705f8baf7d34e6a6737d1cfa18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-108c-4f7a-8982-40c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '2d9df706d1857434fcaa014df70d1c66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-8d30-43e2-a150-4f43950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '1e7c6907b63c4a485e7616aa04351da7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-87c0-4133-8257-4962950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '1fcc5b3ed6bc76d70cfa49d051e0dff6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-1724-483e-a397-4a70950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '523b4b169dde3bcab81311cfdee68e92']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-ba10-46fc-91a5-4567950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '541989816355fd606838260f5b49d931']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-d54c-41ec-89b4-455d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '5e34f85278bf3504fc1b9a59d2e7479b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-f7f4-42c8-b545-4a79950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '6a9461f260ebb2556b8ae1d0ba93858a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-3cc8-4d0c-ba11-4581950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '78ba5b642df336009812a0b52827e1de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-fe84-4b60-81b3-4cff950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '7f15d9149736966f1df03fc60e87b8ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a282-002c-440a-a52b-4f25950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:50:10.000Z",
"modified": "2015-03-06T12:50:10.000Z",
"pattern": "[file:hashes.MD5 = '7f3a38093bd60da04d0fa5f50867d24f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:50:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a2c3-56b0-4339-9b32-46cd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"pattern": "[file:name = 'mscaps.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a2c3-8c04-4bba-89b1-40be950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"pattern": "[file:name = 'arc.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a2c3-d0f0-43d8-b6a6-4ad1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"pattern": "[file:name = '@aedf66.tmp.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a2c3-7094-4fea-964c-432b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"pattern": "[file:name = 'dis.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a2c3-7c88-4ac1-a201-413f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"pattern": "[file:name = 'wdext.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a2c3-0690-42fd-8aac-454b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"pattern": "[file:name = 'sha.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54f9a2c3-43c4-4a83-b866-4122950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-06T12:51:15.000Z",
"modified": "2015-03-06T12:51:15.000Z",
"pattern": "[file:name = 'wdexe.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-06T12:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6575e-3d24-4ed7-b7c5-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:30.000Z",
"modified": "2016-02-18T23:44:30.000Z",
"description": "Automatically added (via 6a9461f260ebb2556b8ae1d0ba93858a)",
"pattern": "[file:hashes.SHA1 = '01e14b87b69dce8272d84669f44f81d685dcf7c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65760-d398-47c4-9b5a-59a3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:32.000Z",
"modified": "2016-02-18T23:44:32.000Z",
"description": "Automatically added (via 978888892a1ed13e94d2fcb832a2a6b5)",
"pattern": "[file:hashes.SHA1 = '4528a769de6407f01d01d03095d5d8fa38c4b4ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65762-f0a8-4514-a3e7-40a3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:34.000Z",
"modified": "2016-02-18T23:44:34.000Z",
"description": "Automatically added (via fffa05401511ad2a89283c52d0c86472)",
"pattern": "[file:hashes.SHA1 = '99a9fbcac39b9522d1d628620b69c4cd7cc110f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65764-c1c0-4f62-87cd-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:36.000Z",
"modified": "2016-02-18T23:44:36.000Z",
"description": "Automatically added (via d0c9ada173da923efabb53d5a9b28d54)",
"pattern": "[file:hashes.SHA1 = '0cefe568d2a06bd44fe9dfab65b1e27bd34def11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65766-7358-4804-84d2-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:38.000Z",
"modified": "2016-02-18T23:44:38.000Z",
"description": "Automatically added (via f1c9f4a1f92588aeb82be5d2d4c2c730)",
"pattern": "[file:hashes.SHA1 = '3dc5a017b15ba74fae2342937380905bf7e8fbd5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6575f-94f0-44dd-901d-599d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:31.000Z",
"modified": "2016-02-18T23:44:31.000Z",
"description": "Automatically added (via 6a9461f260ebb2556b8ae1d0ba93858a)",
"pattern": "[file:hashes.SHA256 = '0b059565160c180df60470349770a6dd225981a8051639385bb49d33d2a73632']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65761-4130-4d4a-9614-4766950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:33.000Z",
"modified": "2016-02-18T23:44:33.000Z",
"description": "Automatically added (via 978888892a1ed13e94d2fcb832a2a6b5)",
"pattern": "[file:hashes.SHA256 = 'c7dc3ac34cfcadba2aedf1727ce95c7e54a8e4b3ada1373916adb25dcf05e369']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65763-f668-4c0e-ace8-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:35.000Z",
"modified": "2016-02-18T23:44:35.000Z",
"description": "Automatically added (via fffa05401511ad2a89283c52d0c86472)",
"pattern": "[file:hashes.SHA256 = '41a712fd2111c5ddec6fe58a29c80f19923cc72e88b4508d5a3daeb236ddf1b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65764-a468-44de-8d2d-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:36.000Z",
"modified": "2016-02-18T23:44:36.000Z",
"description": "Automatically added (via d0c9ada173da923efabb53d5a9b28d54)",
"pattern": "[file:hashes.SHA256 = 'ad01ab517cf1c9f5d30b3ea749c91c5c8fc613e771d25287483023d2066e1523']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65766-16b4-4f4f-ae47-599f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-18T23:44:38.000Z",
"modified": "2016-02-18T23:44:38.000Z",
"description": "Automatically added (via f1c9f4a1f92588aeb82be5d2d4c2c730)",
"pattern": "[file:hashes.SHA256 = 'd3a46f71aa7467920b16b64c9d17eaf6c4e147f41cd1390dccff01e4a81f8dfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-18T23:44:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}