786 lines
No EOL
32 KiB
JSON
786 lines
No EOL
32 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--560a3ca1-e110-476e-b730-4765950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:56.000Z",
|
|
"modified": "2015-09-29T07:30:56.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--560a3ca1-e110-476e-b730-4765950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:56.000Z",
|
|
"modified": "2015-09-29T07:30:56.000Z",
|
|
"name": "OSINT Infected Korean Website Installs Banking Malware by Cyphort",
|
|
"published": "2015-09-29T07:30:59Z",
|
|
"object_refs": [
|
|
"observed-data--560a3cba-80f8-4552-b0f5-472e950d210b",
|
|
"url--560a3cba-80f8-4552-b0f5-472e950d210b",
|
|
"observed-data--560a3d16-8174-4ec6-abb5-4817950d210b",
|
|
"domain-name--560a3d16-8174-4ec6-abb5-4817950d210b",
|
|
"observed-data--560a3d16-f058-4646-a321-4dc8950d210b",
|
|
"domain-name--560a3d16-f058-4646-a321-4dc8950d210b",
|
|
"observed-data--560a3d17-2eb0-4f10-bc30-41d9950d210b",
|
|
"domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b",
|
|
"observed-data--560a3d17-1c24-4311-a351-408c950d210b",
|
|
"domain-name--560a3d17-1c24-4311-a351-408c950d210b",
|
|
"observed-data--560a3d17-6eec-43e5-bd7a-412f950d210b",
|
|
"domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b",
|
|
"observed-data--560a3d18-1a88-4db3-81c8-450f950d210b",
|
|
"domain-name--560a3d18-1a88-4db3-81c8-450f950d210b",
|
|
"observed-data--560a3d18-980c-4c66-ac01-4881950d210b",
|
|
"domain-name--560a3d18-980c-4c66-ac01-4881950d210b",
|
|
"observed-data--560a3d18-6774-46fe-acf1-4c60950d210b",
|
|
"domain-name--560a3d18-6774-46fe-acf1-4c60950d210b",
|
|
"observed-data--560a3d19-787c-4cd7-89da-4390950d210b",
|
|
"domain-name--560a3d19-787c-4cd7-89da-4390950d210b",
|
|
"observed-data--560a3d19-ed44-4225-96ce-48b6950d210b",
|
|
"domain-name--560a3d19-ed44-4225-96ce-48b6950d210b",
|
|
"observed-data--560a3d19-4b38-45d6-95c6-438b950d210b",
|
|
"domain-name--560a3d19-4b38-45d6-95c6-438b950d210b",
|
|
"vulnerability--560a3d2f-80d4-4082-b16c-4c4c950d210b",
|
|
"vulnerability--560a3d2f-7b1c-40e9-9a93-4d5f950d210b",
|
|
"vulnerability--560a3d2f-f99c-4d63-a726-4e2d950d210b",
|
|
"indicator--560a3d99-cd74-481b-9861-e475950d210b",
|
|
"indicator--560a3d99-c840-4f69-ae51-e475950d210b",
|
|
"indicator--560a3d9a-8d6c-4f79-b327-e475950d210b",
|
|
"indicator--560a3d9a-b6a0-4cbc-924b-e475950d210b",
|
|
"indicator--560a3da7-2510-4ae0-a6bb-417f950d210b",
|
|
"indicator--560a3da7-f748-49bc-982b-47b9950d210b",
|
|
"indicator--560a3dcb-a60c-46f7-a05d-470d950d210b",
|
|
"indicator--560a3dcb-7e10-4595-a21f-4913950d210b",
|
|
"indicator--560a3dcb-7e90-4d72-883c-4add950d210b",
|
|
"indicator--560a3e21-0638-4bcd-8d62-4319950d210b",
|
|
"indicator--560a3e21-4654-4a55-b8c2-428d950d210b",
|
|
"observed-data--560a3e22-2db0-4a39-b37f-4ef5950d210b",
|
|
"url--560a3e22-2db0-4a39-b37f-4ef5950d210b",
|
|
"indicator--560a3e22-027c-4e2d-b613-40cb950d210b",
|
|
"indicator--560a3e22-73bc-488e-81ec-42d5950d210b",
|
|
"observed-data--560a3e23-008c-4560-9c3a-40a7950d210b",
|
|
"url--560a3e23-008c-4560-9c3a-40a7950d210b"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3cba-80f8-4552-b0f5-472e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:24:42.000Z",
|
|
"modified": "2015-09-29T07:24:42.000Z",
|
|
"first_observed": "2015-09-29T07:24:42Z",
|
|
"last_observed": "2015-09-29T07:24:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a3cba-80f8-4552-b0f5-472e950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a3cba-80f8-4552-b0f5-472e950d210b",
|
|
"value": "http://www.cyphort.com/koreatimes-installs-venik/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d16-8174-4ec6-abb5-4817950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:14.000Z",
|
|
"modified": "2015-09-29T07:26:14.000Z",
|
|
"first_observed": "2015-09-29T07:26:14Z",
|
|
"last_observed": "2015-09-29T07:26:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d16-8174-4ec6-abb5-4817950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d16-8174-4ec6-abb5-4817950d210b",
|
|
"value": "koreatimes.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d16-f058-4646-a321-4dc8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:14.000Z",
|
|
"modified": "2015-09-29T07:26:14.000Z",
|
|
"first_observed": "2015-09-29T07:26:14Z",
|
|
"last_observed": "2015-09-29T07:26:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d16-f058-4646-a321-4dc8950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d16-f058-4646-a321-4dc8950d210b",
|
|
"value": "filehon.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d17-2eb0-4f10-bc30-41d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:15.000Z",
|
|
"modified": "2015-09-29T07:26:15.000Z",
|
|
"first_observed": "2015-09-29T07:26:15Z",
|
|
"last_observed": "2015-09-29T07:26:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d17-2eb0-4f10-bc30-41d9950d210b",
|
|
"value": "joara.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d17-1c24-4311-a351-408c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:15.000Z",
|
|
"modified": "2015-09-29T07:26:15.000Z",
|
|
"first_observed": "2015-09-29T07:26:15Z",
|
|
"last_observed": "2015-09-29T07:26:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d17-1c24-4311-a351-408c950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d17-1c24-4311-a351-408c950d210b",
|
|
"value": "hometax.go.kr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d17-6eec-43e5-bd7a-412f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:15.000Z",
|
|
"modified": "2015-09-29T07:26:15.000Z",
|
|
"first_observed": "2015-09-29T07:26:15Z",
|
|
"last_observed": "2015-09-29T07:26:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d17-6eec-43e5-bd7a-412f950d210b",
|
|
"value": "soriaudio.co.kr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d18-1a88-4db3-81c8-450f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:16.000Z",
|
|
"modified": "2015-09-29T07:26:16.000Z",
|
|
"first_observed": "2015-09-29T07:26:16Z",
|
|
"last_observed": "2015-09-29T07:26:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d18-1a88-4db3-81c8-450f950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d18-1a88-4db3-81c8-450f950d210b",
|
|
"value": "gomsee.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d18-980c-4c66-ac01-4881950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:16.000Z",
|
|
"modified": "2015-09-29T07:26:16.000Z",
|
|
"first_observed": "2015-09-29T07:26:16Z",
|
|
"last_observed": "2015-09-29T07:26:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d18-980c-4c66-ac01-4881950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d18-980c-4c66-ac01-4881950d210b",
|
|
"value": "lottoplay.co.kr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d18-6774-46fe-acf1-4c60950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:16.000Z",
|
|
"modified": "2015-09-29T07:26:16.000Z",
|
|
"first_observed": "2015-09-29T07:26:16Z",
|
|
"last_observed": "2015-09-29T07:26:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d18-6774-46fe-acf1-4c60950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d18-6774-46fe-acf1-4c60950d210b",
|
|
"value": "insight.co.kr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d19-787c-4cd7-89da-4390950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:17.000Z",
|
|
"modified": "2015-09-29T07:26:17.000Z",
|
|
"first_observed": "2015-09-29T07:26:17Z",
|
|
"last_observed": "2015-09-29T07:26:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d19-787c-4cd7-89da-4390950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d19-787c-4cd7-89da-4390950d210b",
|
|
"value": "filecity.co.kr"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d19-ed44-4225-96ce-48b6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:17.000Z",
|
|
"modified": "2015-09-29T07:26:17.000Z",
|
|
"first_observed": "2015-09-29T07:26:17Z",
|
|
"last_observed": "2015-09-29T07:26:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d19-ed44-4225-96ce-48b6950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d19-ed44-4225-96ce-48b6950d210b",
|
|
"value": "nggol.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3d19-4b38-45d6-95c6-438b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:17.000Z",
|
|
"modified": "2015-09-29T07:26:17.000Z",
|
|
"first_observed": "2015-09-29T07:26:17Z",
|
|
"last_observed": "2015-09-29T07:26:17Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--560a3d19-4b38-45d6-95c6-438b950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--560a3d19-4b38-45d6-95c6-438b950d210b",
|
|
"value": "koreamanse.com"
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--560a3d2f-80d4-4082-b16c-4c4c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:39.000Z",
|
|
"modified": "2015-09-29T07:26:39.000Z",
|
|
"name": "CVE-2014-6332",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2014-6332"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--560a3d2f-7b1c-40e9-9a93-4d5f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:39.000Z",
|
|
"modified": "2015-09-29T07:26:39.000Z",
|
|
"name": "CVE-2011-3544",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2011-3544"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "vulnerability",
|
|
"spec_version": "2.1",
|
|
"id": "vulnerability--560a3d2f-f99c-4d63-a726-4e2d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:26:39.000Z",
|
|
"modified": "2015-09-29T07:26:39.000Z",
|
|
"name": "CVE-2015-0336",
|
|
"labels": [
|
|
"misp:type=\"vulnerability\"",
|
|
"misp:category=\"Payload delivery\""
|
|
],
|
|
"external_references": [
|
|
{
|
|
"source_name": "cve",
|
|
"external_id": "CVE-2015-0336"
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3d99-cd74-481b-9861-e475950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:28:25.000Z",
|
|
"modified": "2015-09-29T07:28:25.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '99.188.106.161']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:28:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3d99-c840-4f69-ae51-e475950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:28:25.000Z",
|
|
"modified": "2015-09-29T07:28:25.000Z",
|
|
"pattern": "[url:value = 'http://142.0.137.68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:28:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3d9a-8d6c-4f79-b327-e475950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:28:26.000Z",
|
|
"modified": "2015-09-29T07:28:26.000Z",
|
|
"pattern": "[url:value = 'http://142.0.137.67:805/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:28:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3d9a-b6a0-4cbc-924b-e475950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:28:26.000Z",
|
|
"modified": "2015-09-29T07:28:26.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.199']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:28:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3da7-2510-4ae0-a6bb-417f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:28:39.000Z",
|
|
"modified": "2015-09-29T07:28:39.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:28:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3da7-f748-49bc-982b-47b9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:28:39.000Z",
|
|
"modified": "2015-09-29T07:28:39.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.0.137.67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:28:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3dcb-a60c-46f7-a05d-470d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:29:15.000Z",
|
|
"modified": "2015-09-29T07:29:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c242d641d9432f611360db36f2075f67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:29:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3dcb-7e10-4595-a21f-4913950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:29:15.000Z",
|
|
"modified": "2015-09-29T07:29:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a6ec0fbe1ad821a3fb527f39e180e378']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:29:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3dcb-7e90-4d72-883c-4add950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:29:15.000Z",
|
|
"modified": "2015-09-29T07:29:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b9a5a00e134fe0df217c01145319b1cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:29:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3e21-0638-4bcd-8d62-4319950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:41.000Z",
|
|
"modified": "2015-09-29T07:30:41.000Z",
|
|
"description": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378",
|
|
"pattern": "[file:hashes.SHA256 = '04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:30:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3e21-4654-4a55-b8c2-428d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:41.000Z",
|
|
"modified": "2015-09-29T07:30:41.000Z",
|
|
"description": "- Xchecked via VT: a6ec0fbe1ad821a3fb527f39e180e378",
|
|
"pattern": "[file:hashes.SHA1 = '0cb0f491de8ba2761de899d8cbc136e2747145ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:30:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3e22-2db0-4a39-b37f-4ef5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:42.000Z",
|
|
"modified": "2015-09-29T07:30:42.000Z",
|
|
"first_observed": "2015-09-29T07:30:42Z",
|
|
"last_observed": "2015-09-29T07:30:42Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a3e22-2db0-4a39-b37f-4ef5950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a3e22-2db0-4a39-b37f-4ef5950d210b",
|
|
"value": "https://www.virustotal.com/file/04272c55bf2a534cf9f4556f102f01770d1ac2d4979cd98e9a2e294cf57c2a49/analysis/1443347085/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3e22-027c-4e2d-b613-40cb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:42.000Z",
|
|
"modified": "2015-09-29T07:30:42.000Z",
|
|
"description": "- Xchecked via VT: c242d641d9432f611360db36f2075f67",
|
|
"pattern": "[file:hashes.SHA256 = '3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:30:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--560a3e22-73bc-488e-81ec-42d5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:42.000Z",
|
|
"modified": "2015-09-29T07:30:42.000Z",
|
|
"description": "- Xchecked via VT: c242d641d9432f611360db36f2075f67",
|
|
"pattern": "[file:hashes.SHA1 = 'be8e700fb54019f06e3c816473d9141cc7d75630']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-09-29T07:30:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--560a3e23-008c-4560-9c3a-40a7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-09-29T07:30:43.000Z",
|
|
"modified": "2015-09-29T07:30:43.000Z",
|
|
"first_observed": "2015-09-29T07:30:43Z",
|
|
"last_observed": "2015-09-29T07:30:43Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--560a3e23-008c-4560-9c3a-40a7950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--560a3e23-008c-4560-9c3a-40a7950d210b",
|
|
"value": "https://www.virustotal.com/file/3361cece5f1e2920f2eb6029aa844d434f3f265cace7061cc52a0e11a6d1d383/analysis/1443415018/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |