adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/557fddba-87c0-4ac1-a79a-a56f950d210b.json

1017 lines
No EOL
41 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--557fddba-87c0-4ac1-a79a-a56f950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-11T11:44:16.000Z",
"modified": "2015-09-11T11:44:16.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--557fddba-87c0-4ac1-a79a-a56f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-11T11:44:16.000Z",
"modified": "2015-09-11T11:44:16.000Z",
"name": "OSINT Targeted Attacks against Tibetan and Hong Kong Groups Exploiting CVE-2014-4114 by Citizen Lab",
"published": "2016-03-01T22:17:35Z",
"object_refs": [
"observed-data--557fddd3-8660-4fae-8afd-a54c950d210b",
"url--557fddd3-8660-4fae-8afd-a54c950d210b",
"vulnerability--557fdde7-a1b4-4353-8c55-9a18950d210b",
"indicator--557fde19-2370-42ff-b177-a578950d210b",
"indicator--557fde56-f758-440f-ba85-a557950d210b",
"indicator--557fde56-2028-4b0e-b56a-a557950d210b",
"indicator--557fde56-ee28-45c5-b529-a557950d210b",
"observed-data--557fde71-8300-4656-b6c1-a56f950d210b",
"url--557fde71-8300-4656-b6c1-a56f950d210b",
"observed-data--557fde71-0ee8-4703-89eb-a56f950d210b",
"url--557fde71-0ee8-4703-89eb-a56f950d210b",
"observed-data--557fde71-ef04-4184-8bac-a56f950d210b",
"url--557fde71-ef04-4184-8bac-a56f950d210b",
"indicator--557fdea0-24fc-4196-8d74-9a18950d210b",
"indicator--557fdf18-691c-46df-8ee6-a578950d210b",
"indicator--557fdf18-a958-4c1c-a813-a578950d210b",
"indicator--557fdf18-8f2c-4fce-87f3-a578950d210b",
"indicator--557fdf18-8dfc-4438-a5c7-a578950d210b",
"indicator--557fdf18-3280-4a48-94d3-a578950d210b",
"observed-data--557fe011-bc38-40b7-97e6-a557950d210b",
"file--557fe011-bc38-40b7-97e6-a557950d210b",
"observed-data--557fe012-b77c-4d62-8b0b-a557950d210b",
"file--557fe012-b77c-4d62-8b0b-a557950d210b",
"indicator--557fe012-ac0c-4808-89b7-a557950d210b",
"indicator--557fe012-3a7c-43b1-891d-a557950d210b",
"indicator--557fe012-83c8-45d9-98d0-a557950d210b",
"indicator--557fe012-3e5c-435e-843f-a557950d210b",
"indicator--557fe012-8ac8-4dd8-bd7a-a557950d210b",
"indicator--557fe012-c6e4-462a-913f-a557950d210b",
"indicator--557fe012-5d90-484d-a016-a557950d210b",
"indicator--557fe013-e694-4c28-b731-a557950d210b",
"indicator--557fe013-c4b4-4c17-bea2-a557950d210b",
"indicator--557fe013-4b10-4e5c-bace-a557950d210b",
"indicator--557fe013-3ed0-4a80-b8a2-a557950d210b",
"indicator--557fe013-fd28-4c49-b39c-a557950d210b",
"indicator--557fe013-1d70-43aa-aab5-a557950d210b",
"indicator--557fe013-9898-4d44-ab23-a557950d210b",
"indicator--557fe014-4658-4ea7-af4d-a557950d210b",
"indicator--557fe014-be88-4162-8de2-a557950d210b",
"indicator--56c65f19-a4a8-4aba-97c5-5f51950d210f",
"indicator--56c65f1b-65a4-469f-870a-4a61950d210f",
"indicator--56c65f1e-461c-4530-864e-458f950d210f",
"indicator--56c65f1a-dd00-494f-8ae5-c653950d210f",
"indicator--56c65f1c-0a5c-4bfa-8f6a-59a1950d210f",
"indicator--56c65f1e-afc8-469a-82e6-599c950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557fddd3-8660-4fae-8afd-a54c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:29:50.000Z",
"modified": "2015-06-16T08:29:50.000Z",
"first_observed": "2015-06-16T08:29:50Z",
"last_observed": "2015-06-16T08:29:50Z",
"number_observed": 1,
"object_refs": [
"url--557fddd3-8660-4fae-8afd-a54c950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557fddd3-8660-4fae-8afd-a54c950d210b",
"value": "https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-2014-4114/"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--557fdde7-a1b4-4353-8c55-9a18950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:27:19.000Z",
"modified": "2015-06-16T08:27:19.000Z",
"name": "CVE-2014-4114",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2014-4114"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fde19-2370-42ff-b177-a578950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:28:09.000Z",
"modified": "2015-06-16T08:28:09.000Z",
"pattern": "[email-message:from_ref.value = 'tibet_net@yahoo.com.hk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:28:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fde56-f758-440f-ba85-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:29:10.000Z",
"modified": "2015-06-16T08:29:10.000Z",
"pattern": "[file:hashes.MD5 = '18bb1ce405e4abac4b0fc63054beac6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fde56-2028-4b0e-b56a-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:29:10.000Z",
"modified": "2015-06-16T08:29:10.000Z",
"pattern": "[file:hashes.MD5 = '8a18a13910838d08e38db80a08e15bd5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fde56-ee28-45c5-b529-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:29:10.000Z",
"modified": "2015-06-16T08:29:10.000Z",
"pattern": "[file:hashes.MD5 = '2a544922d3ece4351c1af4ca63c24550']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:29:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557fde71-8300-4656-b6c1-a56f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:29:37.000Z",
"modified": "2015-06-16T08:29:37.000Z",
"first_observed": "2015-06-16T08:29:37Z",
"last_observed": "2015-06-16T08:29:37Z",
"number_observed": 1,
"object_refs": [
"url--557fde71-8300-4656-b6c1-a56f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557fde71-8300-4656-b6c1-a56f950d210b",
"value": "https://www.virustotal.com/en-gb/file/c895d68a40b9a61dce6758f537a08a289dd4a392202e2d4e7635efb063d58d16/analysis/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557fde71-0ee8-4703-89eb-a56f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:29:37.000Z",
"modified": "2015-06-16T08:29:37.000Z",
"first_observed": "2015-06-16T08:29:37Z",
"last_observed": "2015-06-16T08:29:37Z",
"number_observed": 1,
"object_refs": [
"url--557fde71-0ee8-4703-89eb-a56f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557fde71-0ee8-4703-89eb-a56f950d210b",
"value": "https://www.virustotal.com/en-gb/file/45a4a937dd727dad29d46bceeb460bf24fd9f6df44f10692508fbd6ed2b7dfbd/analysis/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557fde71-ef04-4184-8bac-a56f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:29:37.000Z",
"modified": "2015-06-16T08:29:37.000Z",
"first_observed": "2015-06-16T08:29:37Z",
"last_observed": "2015-06-16T08:29:37Z",
"number_observed": 1,
"object_refs": [
"url--557fde71-ef04-4184-8bac-a56f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--557fde71-ef04-4184-8bac-a56f950d210b",
"value": "https://www.virustotal.com/en-gb/file/ab118ff89762b8bd32f8bcb754bec06004604380b20349255bc637a197fa5f2d/analysis/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fdea0-24fc-4196-8d74-9a18950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:30:24.000Z",
"modified": "2015-06-16T08:30:24.000Z",
"pattern": "[domain-name:value = 'free1999.jkub.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:30:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fdf18-691c-46df-8ee6-a578950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:32:24.000Z",
"modified": "2015-06-16T08:32:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'eset-windows.findhere.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fdf18-a958-4c1c-a813-a578950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:32:24.000Z",
"modified": "2015-06-16T08:32:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '705147c509206151c22515ef568bac51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fdf18-8f2c-4fce-87f3-a578950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:32:24.000Z",
"modified": "2015-06-16T08:32:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'dnsupdate.dynamic-dns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fdf18-8dfc-4438-a5c7-a578950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:32:24.000Z",
"modified": "2015-06-16T08:32:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[domain-name:value = 'good.wha.la']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fdf18-3280-4a48-94d3-a578950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:32:24.000Z",
"modified": "2015-06-16T08:32:24.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = 'd7832e76ee2c5c48ae428e57599b589e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557fe011-bc38-40b7-97e6-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:33.000Z",
"modified": "2015-06-16T08:36:33.000Z",
"first_observed": "2015-06-16T08:36:33Z",
"last_observed": "2015-06-16T08:36:33Z",
"number_observed": 1,
"object_refs": [
"file--557fe011-bc38-40b7-97e6-a557950d210b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--557fe011-bc38-40b7-97e6-a557950d210b",
"name": "Challenge.pps"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--557fe012-b77c-4d62-8b0b-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-11T11:44:16.000Z",
"modified": "2015-09-11T11:44:16.000Z",
"first_observed": "2015-09-11T11:44:16Z",
"last_observed": "2015-09-11T11:44:16Z",
"number_observed": 1,
"object_refs": [
"file--557fe012-b77c-4d62-8b0b-a557950d210b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--557fe012-b77c-4d62-8b0b-a557950d210b",
"name": "fsavstrt.exe"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe012-ac0c-4808-89b7-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:34.000Z",
"modified": "2015-06-16T08:36:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '9459478ab9a9b996de683789f77b185c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe012-3a7c-43b1-891d-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:34.000Z",
"modified": "2015-06-16T08:36:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'FSMA32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe012-83c8-45d9-98d0-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:34.000Z",
"modified": "2015-06-16T08:36:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '8432c77b12343d59d991b0d0e0c12f7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe012-3e5c-435e-843f-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:34.000Z",
"modified": "2015-06-16T08:36:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'FSMA32.dllfox']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe012-8ac8-4dd8-bd7a-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:34.000Z",
"modified": "2015-06-16T08:36:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = 'db5a9c790e909629aaf7079b6996861f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe012-c6e4-462a-913f-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:34.000Z",
"modified": "2015-06-16T08:36:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'putty.gif.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe012-5d90-484d-a016-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:34.000Z",
"modified": "2015-06-16T08:36:34.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = 'a990071b60046863c98bcf462fede77a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe013-e694-4c28-b731-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:35.000Z",
"modified": "2015-06-16T08:36:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'H.H.']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe013-c4b4-4c17-bea2-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:35.000Z",
"modified": "2015-06-16T08:36:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'LAMA.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe013-4b10-4e5c-bace-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:35.000Z",
"modified": "2015-06-16T08:36:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'SX.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe013-3ed0-4a80-b8a2-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:35.000Z",
"modified": "2015-06-16T08:36:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '5730866b34ef589bd398c9a9b6d7e307']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe013-fd28-4c49-b39c-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:35.000Z",
"modified": "2015-06-16T08:36:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'SXLOC.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe013-1d70-43aa-aab5-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:35.000Z",
"modified": "2015-06-16T08:36:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = 'd839691657ca814be13d5c9c6511d6b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe013-9898-4d44-ab23-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:35.000Z",
"modified": "2015-06-16T08:36:35.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = 'SXLOC.zap']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe014-4658-4ea7-af4d-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:36.000Z",
"modified": "2015-06-16T08:36:36.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '03c900a1b115e759b32e4172dec52aa2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--557fe014-be88-4162-8de2-a557950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-06-16T08:36:36.000Z",
"modified": "2015-06-16T08:36:36.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:name = '\u00e3\u20ac\u0152\u00e4\u00bd\u201d\u00e9\u00a0\u02dc\u00e4\u00b8\u00ad\u00e7\u2019\u00b0\u00e3\u20ac\u008d\u00e5\u00bc\u2022\u00e7\u2122\u00bc\u00e7\u02c6\u00ad\u00e8\u00ad\u00b0\u00e7\u0161\u201e\u00e8\u0192\u0152\u00e5\u00be\u0152.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-06-16T08:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65f19-a4a8-4aba-97c5-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:17:29.000Z",
"modified": "2016-02-19T00:17:29.000Z",
"description": "Automatically added (via 9459478ab9a9b996de683789f77b185c)",
"pattern": "[file:hashes.SHA1 = 'c6d8eabea5bac84b90851c1a6e17c0c30bcf5c27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65f1b-65a4-469f-870a-4a61950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:17:31.000Z",
"modified": "2016-02-19T00:17:31.000Z",
"description": "Automatically added (via 8432c77b12343d59d991b0d0e0c12f7d)",
"pattern": "[file:hashes.SHA1 = '62dbbcd115497a7bbbd4d1351d50a328914a8b26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:17:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65f1e-461c-4530-864e-458f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:17:34.000Z",
"modified": "2016-02-19T00:17:34.000Z",
"description": "Automatically added (via d839691657ca814be13d5c9c6511d6b2)",
"pattern": "[file:hashes.SHA1 = 'cd425ce7f3e4a823d9027780e1b439759c4dc665']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:17:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65f1a-dd00-494f-8ae5-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:17:30.000Z",
"modified": "2016-02-19T00:17:30.000Z",
"description": "Automatically added (via 9459478ab9a9b996de683789f77b185c)",
"pattern": "[file:hashes.SHA256 = '583c8920445feaf0a963fbd3ad8ad24fd9143941e4046cf376cfe08cb9137613']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65f1c-0a5c-4bfa-8f6a-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:17:32.000Z",
"modified": "2016-02-19T00:17:32.000Z",
"description": "Automatically added (via 8432c77b12343d59d991b0d0e0c12f7d)",
"pattern": "[file:hashes.SHA256 = 'cbb1d6b3c76c77ce1c3397cd607a7642fcb703201b82e07704e7074061d86ea3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:17:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65f1e-afc8-469a-82e6-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:17:34.000Z",
"modified": "2016-02-19T00:17:34.000Z",
"description": "Automatically added (via d839691657ca814be13d5c9c6511d6b2)",
"pattern": "[file:hashes.SHA256 = '5ff2bc7267759bde3c02e4c19b8c3144c43c4f7fc2c21f2d4f881ca0b821e00b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:17:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink