misp-circl-feed/feeds/circl/misp/55ed7c41-5a68-4307-8184-43bc950d210b.json

1230 lines
No EOL
50 KiB
JSON

{
"type": "bundle",
"id": "bundle--55ed7c41-5a68-4307-8184-43bc950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:59.000Z",
"modified": "2015-09-07T12:02:59.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55ed7c41-5a68-4307-8184-43bc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:59.000Z",
"modified": "2015-09-07T12:02:59.000Z",
"name": "OSINT Threat Research Team Goes \u00e2\u20ac\u0153Beyond the Exploit\u00e2\u20ac\u009d in Search of Payloads from MS15-093 by bit9",
"published": "2016-03-01T22:17:56Z",
"object_refs": [
"observed-data--55ed7c6c-7e0c-4f13-8d69-4188950d210b",
"url--55ed7c6c-7e0c-4f13-8d69-4188950d210b",
"observed-data--55ed7c6c-af98-4484-98df-4698950d210b",
"url--55ed7c6c-af98-4484-98df-4698950d210b",
"indicator--55ed7ce7-92f0-4be2-a287-42b7950d210b",
"indicator--55ed7ce8-8f68-4f22-b46a-41a6950d210b",
"indicator--55ed7ce8-a9e0-4343-8874-4361950d210b",
"indicator--55ed7ce8-e5b0-4c0d-ac93-4522950d210b",
"indicator--55ed7ce9-e734-45c4-9ae6-4b82950d210b",
"indicator--55ed7ce9-21b8-4bbe-979f-4af4950d210b",
"indicator--55ed7ce9-166c-45a2-a5a5-418b950d210b",
"indicator--55ed7cea-b354-40c5-890d-41a6950d210b",
"indicator--55ed7cea-cbb8-4527-86fe-492b950d210b",
"indicator--55ed7cea-1bec-4d76-9c28-4544950d210b",
"indicator--55ed7cea-e670-4f7a-85fc-4ddc950d210b",
"indicator--55ed7ceb-6d60-4ec7-8c94-4423950d210b",
"indicator--55ed7ceb-730c-4811-a3d6-4b53950d210b",
"indicator--55ed7ceb-5dec-4699-acaa-41b9950d210b",
"indicator--55ed7cec-4988-4aff-ae7e-4f8f950d210b",
"indicator--55ed7cec-faa4-4306-951d-48a4950d210b",
"indicator--55ed7cec-621c-48d9-b6fa-4370950d210b",
"indicator--55ed7ced-b4ac-4f91-a757-450f950d210b",
"indicator--55ed7ced-ea38-4ffb-bd3a-497c950d210b",
"indicator--55ed7ced-9aac-4b4c-90bb-4acb950d210b",
"indicator--55ed7ced-39e4-4be3-a008-4a34950d210b",
"indicator--55ed7cee-2484-49c9-a033-44af950d210b",
"indicator--55ed7cee-2394-43a2-a7e1-4fb6950d210b",
"indicator--55ed7cee-901c-43e0-9ec6-4999950d210b",
"indicator--55ed7cef-36b0-4d88-b4fb-4115950d210b",
"indicator--55ed7cef-4e60-4b5b-9b31-4432950d210b",
"indicator--55ed7cef-6a5c-44ba-b9d6-4151950d210b",
"indicator--55ed7cf0-0260-4a66-801e-44d0950d210b",
"indicator--55ed7cf0-7e94-4065-95c1-487f950d210b",
"indicator--55ed7cf0-3ba8-4b04-b6e0-4a3e950d210b",
"vulnerability--55ed7cf0-fa88-4bdd-8349-4745950d210b",
"indicator--55ed7cf1-041c-4017-a40f-4184950d210b",
"indicator--55ed7cf1-8428-448d-924e-4f4f950d210b",
"indicator--55ed7cf1-039c-4753-a97a-4040950d210b",
"indicator--55ed7cf1-3b7c-4e35-a7bf-48e6950d210b",
"indicator--55ed7cf2-6714-4087-be3d-492d950d210b",
"indicator--55ed7cf2-08e4-460d-b0df-4c9a950d210b",
"indicator--55ed7cf2-4630-4695-8cc1-47e1950d210b",
"indicator--55ed7cf3-5154-42af-a802-413c950d210b",
"indicator--56c6a9fd-22b0-44ed-af02-c654950d210f",
"indicator--56c6a9ff-b050-4cb5-8a2b-59a0950d210f",
"indicator--56c6aa01-fee0-436d-992b-5f51950d210f",
"indicator--56c6aa03-8e24-4f43-aa2a-5f51950d210f",
"indicator--56c6a9fe-fc5c-4ec6-a32b-5f51950d210f",
"indicator--56c6aa00-9f50-4683-969c-4715950d210f",
"indicator--56c6aa02-dd88-450b-83cf-c653950d210f",
"indicator--56c6aa04-f4c8-4910-afdd-599e950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ed7c6c-7e0c-4f13-8d69-4188950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:00:44.000Z",
"modified": "2015-09-07T12:00:44.000Z",
"first_observed": "2015-09-07T12:00:44Z",
"last_observed": "2015-09-07T12:00:44Z",
"number_observed": 1,
"object_refs": [
"url--55ed7c6c-7e0c-4f13-8d69-4188950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ed7c6c-7e0c-4f13-8d69-4188950d210b",
"value": "https://blog.bit9.com/2015/09/04/threat-research-team-goes-beyond-the-exploit-in-search-of-payloads-from-ms15-093/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55ed7c6c-af98-4484-98df-4698950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:00:44.000Z",
"modified": "2015-09-07T12:00:44.000Z",
"first_observed": "2015-09-07T12:00:44Z",
"last_observed": "2015-09-07T12:00:44Z",
"number_observed": 1,
"object_refs": [
"url--55ed7c6c-af98-4484-98df-4698950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55ed7c6c-af98-4484-98df-4698950d210b",
"value": "https://otx.alienvault.com/pulse/55ed61d667db8c6fb3515d9a/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ce7-92f0-4be2-a287-42b7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:47.000Z",
"modified": "2015-09-07T12:02:47.000Z",
"pattern": "[file:hashes.MD5 = '076ae76dcd0946ff913a9ce033e0ca55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ce8-8f68-4f22-b46a-41a6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:48.000Z",
"modified": "2015-09-07T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.224.81.131']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ce8-a9e0-4343-8874-4361950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:48.000Z",
"modified": "2015-09-07T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.249.28.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ce8-e5b0-4c0d-ac93-4522950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:48.000Z",
"modified": "2015-09-07T12:02:48.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.249.28.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ce9-e734-45c4-9ae6-4b82950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:49.000Z",
"modified": "2015-09-07T12:02:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.151.10.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ce9-21b8-4bbe-979f-4af4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:49.000Z",
"modified": "2015-09-07T12:02:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.185.34.29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ce9-166c-45a2-a5a5-418b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:49.000Z",
"modified": "2015-09-07T12:02:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.183.149.75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cea-b354-40c5-890d-41a6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:50.000Z",
"modified": "2015-09-07T12:02:50.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.71.100.211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cea-cbb8-4527-86fe-492b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:50.000Z",
"modified": "2015-09-07T12:02:50.000Z",
"pattern": "[file:hashes.MD5 = '17a5621c765d9f2e3c117517b5ea0fd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cea-1bec-4d76-9c28-4544950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:50.000Z",
"modified": "2015-09-07T12:02:50.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.210.207.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cea-e670-4f7a-85fc-4ddc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:50.000Z",
"modified": "2015-09-07T12:02:50.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.164.70.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ceb-6d60-4ec7-8c94-4423950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:51.000Z",
"modified": "2015-09-07T12:02:51.000Z",
"pattern": "[file:hashes.MD5 = '200cc5c2482fc7968964dfc7a71f8fbd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ceb-730c-4811-a3d6-4b53950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:51.000Z",
"modified": "2015-09-07T12:02:51.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.139.227.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ceb-5dec-4699-acaa-41b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:51.000Z",
"modified": "2015-09-07T12:02:51.000Z",
"pattern": "[file:hashes.MD5 = '22eea74f771ff142163aa5ac02025f3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cec-4988-4aff-ae7e-4f8f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:52.000Z",
"modified": "2015-09-07T12:02:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.228.204.6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cec-faa4-4306-951d-48a4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:52.000Z",
"modified": "2015-09-07T12:02:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.27.192.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cec-621c-48d9-b6fa-4370950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:52.000Z",
"modified": "2015-09-07T12:02:52.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.94.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ced-b4ac-4f91-a757-450f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:53.000Z",
"modified": "2015-09-07T12:02:53.000Z",
"pattern": "[file:hashes.MD5 = '3475d208c6a67e7ddb3c266b79789773']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ced-ea38-4ffb-bd3a-497c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:53.000Z",
"modified": "2015-09-07T12:02:53.000Z",
"pattern": "[file:hashes.MD5 = '43cda62a1b68d8978ca1357f4800cdf9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ced-9aac-4b4c-90bb-4acb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:53.000Z",
"modified": "2015-09-07T12:02:53.000Z",
"pattern": "[file:hashes.MD5 = '66a2f4470913020780853bb06ef44b2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7ced-39e4-4be3-a008-4a34950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:53.000Z",
"modified": "2015-09-07T12:02:53.000Z",
"pattern": "[file:hashes.MD5 = '6c260baa4367578778b1ecdaaab37ef9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cee-2484-49c9-a033-44af950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:54.000Z",
"modified": "2015-09-07T12:02:54.000Z",
"pattern": "[file:hashes.MD5 = '7cba74017b8baf7df9f6f7a42914d217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cee-2394-43a2-a7e1-4fb6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:54.000Z",
"modified": "2015-09-07T12:02:54.000Z",
"pattern": "[file:hashes.MD5 = '7d3e927bf918ac40b9d4bee748a34fc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cee-901c-43e0-9ec6-4999950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:54.000Z",
"modified": "2015-09-07T12:02:54.000Z",
"pattern": "[file:hashes.MD5 = '828d0cafe4a88c2238cd3d29d8c29c1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cef-36b0-4d88-b4fb-4115950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:55.000Z",
"modified": "2015-09-07T12:02:55.000Z",
"pattern": "[file:hashes.MD5 = '84bb1c8c5957125029e4fbfa9ec63045']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cef-4e60-4b5b-9b31-4432950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:55.000Z",
"modified": "2015-09-07T12:02:55.000Z",
"pattern": "[file:hashes.MD5 = '9e5f8d0d54c22bf09913d2f5399db352']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cef-6a5c-44ba-b9d6-4151950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:55.000Z",
"modified": "2015-09-07T12:02:55.000Z",
"pattern": "[domain-name:value = 'app.theworldfun.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf0-0260-4a66-801e-44d0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:56.000Z",
"modified": "2015-09-07T12:02:56.000Z",
"pattern": "[domain-name:value = 'baba.koumm.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf0-7e94-4065-95c1-487f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:56.000Z",
"modified": "2015-09-07T12:02:56.000Z",
"pattern": "[file:hashes.MD5 = 'bb5a0af2a95557cbb488e8ad33760b7f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf0-3ba8-4b04-b6e0-4a3e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:56.000Z",
"modified": "2015-09-07T12:02:56.000Z",
"pattern": "[domain-name:value = 'cmc.apecscmc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--55ed7cf0-fa88-4bdd-8349-4745950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:56.000Z",
"modified": "2015-09-07T12:02:56.000Z",
"name": "CVE-2015-2502",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"External analysis\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2015-2502"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf1-041c-4017-a40f-4184950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:57.000Z",
"modified": "2015-09-07T12:02:57.000Z",
"pattern": "[file:hashes.MD5 = 'ff39a8946b7e9342f57167e5eee95912']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf1-8428-448d-924e-4f4f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:57.000Z",
"modified": "2015-09-07T12:02:57.000Z",
"pattern": "[domain-name:value = 'gotoiknowledge.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf1-039c-4753-a97a-4040950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:57.000Z",
"modified": "2015-09-07T12:02:57.000Z",
"pattern": "[domain-name:value = 'mail.theworldfun.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf1-3b7c-4e35-a7bf-48e6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:57.000Z",
"modified": "2015-09-07T12:02:57.000Z",
"pattern": "[domain-name:value = 'ov.theworldfun.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf2-6714-4087-be3d-492d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:58.000Z",
"modified": "2015-09-07T12:02:58.000Z",
"pattern": "[domain-name:value = 'update.avupdate.tk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf2-08e4-460d-b0df-4c9a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:58.000Z",
"modified": "2015-09-07T12:02:58.000Z",
"pattern": "[domain-name:value = 'www.konsocn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf2-4630-4695-8cc1-47e1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:58.000Z",
"modified": "2015-09-07T12:02:58.000Z",
"pattern": "[domain-name:value = 'www.koumm.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55ed7cf3-5154-42af-a802-413c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-07T12:02:59.000Z",
"modified": "2015-09-07T12:02:59.000Z",
"pattern": "[domain-name:value = 'www.theworldfun.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-07T12:02:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6a9fd-22b0-44ed-af02-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:01.000Z",
"modified": "2016-02-19T05:37:01.000Z",
"description": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)",
"pattern": "[file:hashes.SHA1 = 'dd4a55571b94d24703ad06476cbce9413e2f9ecf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6a9ff-b050-4cb5-8a2b-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:03.000Z",
"modified": "2016-02-19T05:37:03.000Z",
"description": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)",
"pattern": "[file:hashes.SHA1 = 'c7b1a2bc996f4e3cc0b7211db82f12997cdacf6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6aa01-fee0-436d-992b-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:05.000Z",
"modified": "2016-02-19T05:37:05.000Z",
"description": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)",
"pattern": "[file:hashes.SHA1 = '67ede66874fe152d107f858acf906d7a70f1f709']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6aa03-8e24-4f43-aa2a-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:07.000Z",
"modified": "2016-02-19T05:37:07.000Z",
"description": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)",
"pattern": "[file:hashes.SHA1 = '2d99e88c30cd805f5e346388d312f7a3e3386798']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6a9fe-fc5c-4ec6-a32b-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:02.000Z",
"modified": "2016-02-19T05:37:02.000Z",
"description": "Automatically added (via 076ae76dcd0946ff913a9ce033e0ca55)",
"pattern": "[file:hashes.SHA256 = 'c437465db42268332543fbf6fd6a560ca010f19e0fd56562fb83fb704824b371']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6aa00-9f50-4683-969c-4715950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:04.000Z",
"modified": "2016-02-19T05:37:04.000Z",
"description": "Automatically added (via 3475d208c6a67e7ddb3c266b79789773)",
"pattern": "[file:hashes.SHA256 = '61900fb9841a4d6d14e990163ea575694e684beaf912f50989b0013a9634196f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6aa02-dd88-450b-83cf-c653950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:06.000Z",
"modified": "2016-02-19T05:37:06.000Z",
"description": "Automatically added (via 6c260baa4367578778b1ecdaaab37ef9)",
"pattern": "[file:hashes.SHA256 = '71b201a5a7dfdbe91c0a7783f845b71d066c62014b944f488de5aec6272f907c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c6aa04-f4c8-4910-afdd-599e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T05:37:08.000Z",
"modified": "2016-02-19T05:37:08.000Z",
"description": "Automatically added (via 84bb1c8c5957125029e4fbfa9ec63045)",
"pattern": "[file:hashes.SHA256 = '56ec1ccab98c1ed67a0095b7ec8e6b17b12da3e00d357274fa37ec63ec724c07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T05:37:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}