misp-circl-feed/feeds/circl/misp/560a3ca1-e110-476e-b730-4765950d210b.json

786 lines
No EOL
32 KiB
JSON

{
"type": "bundle",
"id": "bundle--560a3ca1-e110-476e-b730-4765950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:56.000Z",
"modified": "2015-09-29T07:30:56.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--560a3ca1-e110-476e-b730-4765950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:56.000Z",
"modified": "2015-09-29T07:30:56.000Z",
"name": "OSINT Infected Korean Website Installs Banking Malware by Cyphort",
"published": "2015-09-29T07:30:59Z",
"object_refs": [
"observed-data--560a3cba-80f8-4552-b0f5-472e950d210b",
"url--560a3cba-80f8-4552-b0f5-472e950d210b",
"observed-data--560a3d16-8174-4ec6-abb5-4817950d210b",
"domain-name--560a3d16-8174-4ec6-abb5-4817950d210b",
"observed-data--560a3d16-f058-4646-a321-4dc8950d210b",
"domain-name--560a3d16-f058-4646-a321-4dc8950d210b",
"observed-data--560a3d17-2eb0-4f10-bc30-41d9950d210b",
"domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b",
"observed-data--560a3d17-1c24-4311-a351-408c950d210b",
"domain-name--560a3d17-1c24-4311-a351-408c950d210b",
"observed-data--560a3d17-6eec-43e5-bd7a-412f950d210b",
"domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b",
"observed-data--560a3d18-1a88-4db3-81c8-450f950d210b",
"domain-name--560a3d18-1a88-4db3-81c8-450f950d210b",
"observed-data--560a3d18-980c-4c66-ac01-4881950d210b",
"domain-name--560a3d18-980c-4c66-ac01-4881950d210b",
"observed-data--560a3d18-6774-46fe-acf1-4c60950d210b",
"domain-name--560a3d18-6774-46fe-acf1-4c60950d210b",
"observed-data--560a3d19-787c-4cd7-89da-4390950d210b",
"domain-name--560a3d19-787c-4cd7-89da-4390950d210b",
"observed-data--560a3d19-ed44-4225-96ce-48b6950d210b",
"domain-name--560a3d19-ed44-4225-96ce-48b6950d210b",
"observed-data--560a3d19-4b38-45d6-95c6-438b950d210b",
"domain-name--560a3d19-4b38-45d6-95c6-438b950d210b",
"vulnerability--560a3d2f-80d4-4082-b16c-4c4c950d210b",
"vulnerability--560a3d2f-7b1c-40e9-9a93-4d5f950d210b",
"vulnerability--560a3d2f-f99c-4d63-a726-4e2d950d210b",
"indicator--560a3d99-cd74-481b-9861-e475950d210b",
"indicator--560a3d99-c840-4f69-ae51-e475950d210b",
"indicator--560a3d9a-8d6c-4f79-b327-e475950d210b",
"indicator--560a3d9a-b6a0-4cbc-924b-e475950d210b",
"indicator--560a3da7-2510-4ae0-a6bb-417f950d210b",
"indicator--560a3da7-f748-49bc-982b-47b9950d210b",
"indicator--560a3dcb-a60c-46f7-a05d-470d950d210b",
"indicator--560a3dcb-7e10-4595-a21f-4913950d210b",
"indicator--560a3dcb-7e90-4d72-883c-4add950d210b",
"indicator--560a3e21-0638-4bcd-8d62-4319950d210b",
"indicator--560a3e21-4654-4a55-b8c2-428d950d210b",
"observed-data--560a3e22-2db0-4a39-b37f-4ef5950d210b",
"url--560a3e22-2db0-4a39-b37f-4ef5950d210b",
"indicator--560a3e22-027c-4e2d-b613-40cb950d210b",
"indicator--560a3e22-73bc-488e-81ec-42d5950d210b",
"observed-data--560a3e23-008c-4560-9c3a-40a7950d210b",
"url--560a3e23-008c-4560-9c3a-40a7950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3cba-80f8-4552-b0f5-472e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:24:42.000Z",
"modified": "2015-09-29T07:24:42.000Z",
"first_observed": "2015-09-29T07:24:42Z",
"last_observed": "2015-09-29T07:24:42Z",
"number_observed": 1,
"object_refs": [
"url--560a3cba-80f8-4552-b0f5-472e950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--560a3cba-80f8-4552-b0f5-472e950d210b",
"value": "http://www.cyphort.com/koreatimes-installs-venik/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d16-8174-4ec6-abb5-4817950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:14.000Z",
"modified": "2015-09-29T07:26:14.000Z",
"first_observed": "2015-09-29T07:26:14Z",
"last_observed": "2015-09-29T07:26:14Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d16-8174-4ec6-abb5-4817950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d16-8174-4ec6-abb5-4817950d210b",
"value": "koreatimes.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d16-f058-4646-a321-4dc8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:14.000Z",
"modified": "2015-09-29T07:26:14.000Z",
"first_observed": "2015-09-29T07:26:14Z",
"last_observed": "2015-09-29T07:26:14Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d16-f058-4646-a321-4dc8950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d16-f058-4646-a321-4dc8950d210b",
"value": "filehon.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d17-2eb0-4f10-bc30-41d9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:15.000Z",
"modified": "2015-09-29T07:26:15.000Z",
"first_observed": "2015-09-29T07:26:15Z",
"last_observed": "2015-09-29T07:26:15Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b",
"value": "joara.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d17-1c24-4311-a351-408c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:15.000Z",
"modified": "2015-09-29T07:26:15.000Z",
"first_observed": "2015-09-29T07:26:15Z",
"last_observed": "2015-09-29T07:26:15Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d17-1c24-4311-a351-408c950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d17-1c24-4311-a351-408c950d210b",
"value": "hometax.go.kr"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d17-6eec-43e5-bd7a-412f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:15.000Z",
"modified": "2015-09-29T07:26:15.000Z",
"first_observed": "2015-09-29T07:26:15Z",
"last_observed": "2015-09-29T07:26:15Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b",
"value": "soriaudio.co.kr"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d18-1a88-4db3-81c8-450f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:16.000Z",
"modified": "2015-09-29T07:26:16.000Z",
"first_observed": "2015-09-29T07:26:16Z",
"last_observed": "2015-09-29T07:26:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d18-1a88-4db3-81c8-450f950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d18-1a88-4db3-81c8-450f950d210b",
"value": "gomsee.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d18-980c-4c66-ac01-4881950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:16.000Z",
"modified": "2015-09-29T07:26:16.000Z",
"first_observed": "2015-09-29T07:26:16Z",
"last_observed": "2015-09-29T07:26:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d18-980c-4c66-ac01-4881950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d18-980c-4c66-ac01-4881950d210b",
"value": "lottoplay.co.kr"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d18-6774-46fe-acf1-4c60950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:16.000Z",
"modified": "2015-09-29T07:26:16.000Z",
"first_observed": "2015-09-29T07:26:16Z",
"last_observed": "2015-09-29T07:26:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d18-6774-46fe-acf1-4c60950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d18-6774-46fe-acf1-4c60950d210b",
"value": "insight.co.kr"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d19-787c-4cd7-89da-4390950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:17.000Z",
"modified": "2015-09-29T07:26:17.000Z",
"first_observed": "2015-09-29T07:26:17Z",
"last_observed": "2015-09-29T07:26:17Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d19-787c-4cd7-89da-4390950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d19-787c-4cd7-89da-4390950d210b",
"value": "filecity.co.kr"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d19-ed44-4225-96ce-48b6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:17.000Z",
"modified": "2015-09-29T07:26:17.000Z",
"first_observed": "2015-09-29T07:26:17Z",
"last_observed": "2015-09-29T07:26:17Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d19-ed44-4225-96ce-48b6950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d19-ed44-4225-96ce-48b6950d210b",
"value": "nggol.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3d19-4b38-45d6-95c6-438b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:17.000Z",
"modified": "2015-09-29T07:26:17.000Z",
"first_observed": "2015-09-29T07:26:17Z",
"last_observed": "2015-09-29T07:26:17Z",
"number_observed": 1,
"object_refs": [
"domain-name--560a3d19-4b38-45d6-95c6-438b950d210b"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--560a3d19-4b38-45d6-95c6-438b950d210b",
"value": "koreamanse.com"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--560a3d2f-80d4-4082-b16c-4c4c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:39.000Z",
"modified": "2015-09-29T07:26:39.000Z",
"name": "CVE-2014-6332",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2014-6332"
}
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--560a3d2f-7b1c-40e9-9a93-4d5f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:39.000Z",
"modified": "2015-09-29T07:26:39.000Z",
"name": "CVE-2011-3544",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2011-3544"
}
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--560a3d2f-f99c-4d63-a726-4e2d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:26:39.000Z",
"modified": "2015-09-29T07:26:39.000Z",
"name": "CVE-2015-0336",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2015-0336"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3d99-cd74-481b-9861-e475950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:28:25.000Z",
"modified": "2015-09-29T07:28:25.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '99.188.106.161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:28:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3d99-c840-4f69-ae51-e475950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:28:25.000Z",
"modified": "2015-09-29T07:28:25.000Z",
"pattern": "[url:value = 'http://142.0.137.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:28:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3d9a-8d6c-4f79-b327-e475950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:28:26.000Z",
"modified": "2015-09-29T07:28:26.000Z",
"pattern": "[url:value = 'http://142.0.137.67:805/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:28:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3d9a-b6a0-4cbc-924b-e475950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:28:26.000Z",
"modified": "2015-09-29T07:28:26.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.199']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:28:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3da7-2510-4ae0-a6bb-417f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:28:39.000Z",
"modified": "2015-09-29T07:28:39.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3da7-f748-49bc-982b-47b9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:28:39.000Z",
"modified": "2015-09-29T07:28:39.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:28:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3dcb-a60c-46f7-a05d-470d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:29:15.000Z",
"modified": "2015-09-29T07:29:15.000Z",
"pattern": "[file:hashes.MD5 = 'c242d641d9432f611360db36f2075f67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:29:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3dcb-7e10-4595-a21f-4913950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:29:15.000Z",
"modified": "2015-09-29T07:29:15.000Z",
"pattern": "[file:hashes.MD5 = 'a6ec0fbe1ad821a3fb527f39e180e378']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:29:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3dcb-7e90-4d72-883c-4add950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:29:15.000Z",
"modified": "2015-09-29T07:29:15.000Z",
"pattern": "[file:hashes.MD5 = 'b9a5a00e134fe0df217c01145319b1cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:29:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3e21-0638-4bcd-8d62-4319950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:41.000Z",
"modified": "2015-09-29T07:30:41.000Z",
"description": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378",
"pattern": "[file:hashes.SHA256 = '04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:30:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3e21-4654-4a55-b8c2-428d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:41.000Z",
"modified": "2015-09-29T07:30:41.000Z",
"description": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378",
"pattern": "[file:hashes.SHA1 = '0cb0f491de8ba2761de899d8cbc136e2747145ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:30:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3e22-2db0-4a39-b37f-4ef5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:42.000Z",
"modified": "2015-09-29T07:30:42.000Z",
"first_observed": "2015-09-29T07:30:42Z",
"last_observed": "2015-09-29T07:30:42Z",
"number_observed": 1,
"object_refs": [
"url--560a3e22-2db0-4a39-b37f-4ef5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--560a3e22-2db0-4a39-b37f-4ef5950d210b",
"value": "https://www.virustotal.com/file/04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49/analysis/1443347085/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3e22-027c-4e2d-b613-40cb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:42.000Z",
"modified": "2015-09-29T07:30:42.000Z",
"description": "- Xchecked via VT: c242d641d9432f611360db36f2075f67",
"pattern": "[file:hashes.SHA256 = '3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:30:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560a3e22-73bc-488e-81ec-42d5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:42.000Z",
"modified": "2015-09-29T07:30:42.000Z",
"description": "- Xchecked via VT: c242d641d9432f611360db36f2075f67",
"pattern": "[file:hashes.SHA1 = 'be8e700fb54019f06e3c816473d9141cc7d75630']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-29T07:30:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560a3e23-008c-4560-9c3a-40a7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-29T07:30:43.000Z",
"modified": "2015-09-29T07:30:43.000Z",
"first_observed": "2015-09-29T07:30:43Z",
"last_observed": "2015-09-29T07:30:43Z",
"number_observed": 1,
"object_refs": [
"url--560a3e23-008c-4560-9c3a-40a7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--560a3e23-008c-4560-9c3a-40a7950d210b",
"value": "https://www.virustotal.com/file/3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383/analysis/1443415018/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}