adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/56f92df0-24f0-4c6e-a297-6f2402de0b81.json

1387 lines
No EOL
59 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--56f92df0-24f0-4c6e-a297-6f2402de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:20:02.000Z",
"modified": "2016-03-28T13:20:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56f92df0-24f0-4c6e-a297-6f2402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:20:02.000Z",
"modified": "2016-03-28T13:20:02.000Z",
"name": "OSINT - TREASUREHUNT: A CUSTOM POS MALWARE TOOL",
"published": "2016-03-28T13:20:31Z",
"object_refs": [
"observed-data--56f92e2a-1be0-4a3a-a3b6-3f2a02de0b81",
"url--56f92e2a-1be0-4a3a-a3b6-3f2a02de0b81",
"x-misp-attribute--56f92e3c-2ab8-4dba-bc15-74ae02de0b81",
"x-misp-attribute--56f92e6f-b504-4115-81bd-3f2f02de0b81",
"indicator--56f92ea5-2d50-4fc9-92ef-6f2302de0b81",
"indicator--56f92ea6-2890-41b3-8059-6f2302de0b81",
"indicator--56f92ea6-009c-4348-a0b2-6f2302de0b81",
"indicator--56f92ea6-5070-43a2-a874-6f2302de0b81",
"indicator--56f92ea6-18ec-4295-acf9-6f2302de0b81",
"indicator--56f92ea7-4c38-4d72-ada3-6f2302de0b81",
"indicator--56f92ea7-0eb4-4fd2-a1e9-6f2302de0b81",
"indicator--56f92ea7-af3c-4c3f-9520-6f2302de0b81",
"indicator--56f92ea8-ecd4-43e1-ad7c-6f2302de0b81",
"indicator--56f92eea-ac18-4ba4-ab20-3f2f02de0b81",
"indicator--56f92eeb-30ec-4789-aafb-3f2f02de0b81",
"observed-data--56f92eeb-1ccc-4c4f-8e3f-3f2f02de0b81",
"url--56f92eeb-1ccc-4c4f-8e3f-3f2f02de0b81",
"indicator--56f92eeb-8880-47ad-b5a3-3f2f02de0b81",
"indicator--56f92eec-9acc-40aa-a04c-3f2f02de0b81",
"observed-data--56f92eec-74a4-47a5-8e1f-3f2f02de0b81",
"url--56f92eec-74a4-47a5-8e1f-3f2f02de0b81",
"indicator--56f92eec-cb08-42a5-a92c-3f2f02de0b81",
"indicator--56f92eed-be5c-45ca-988f-3f2f02de0b81",
"observed-data--56f92eed-a3d4-4e99-bb70-3f2f02de0b81",
"url--56f92eed-a3d4-4e99-bb70-3f2f02de0b81",
"indicator--56f92eed-74d0-4003-8897-3f2f02de0b81",
"indicator--56f92eee-b4fc-40b6-a166-3f2f02de0b81",
"observed-data--56f92eee-bf40-43c5-9093-3f2f02de0b81",
"url--56f92eee-bf40-43c5-9093-3f2f02de0b81",
"indicator--56f92eee-ce30-4600-b1c8-3f2f02de0b81",
"indicator--56f92eef-74b4-465d-84cf-3f2f02de0b81",
"observed-data--56f92eef-d390-4ef2-b190-3f2f02de0b81",
"url--56f92eef-d390-4ef2-b190-3f2f02de0b81",
"indicator--56f92eef-b2d4-4816-ac53-3f2f02de0b81",
"indicator--56f92ef0-3d38-49f3-82cb-3f2f02de0b81",
"observed-data--56f92ef0-68b8-4ca9-b104-3f2f02de0b81",
"url--56f92ef0-68b8-4ca9-b104-3f2f02de0b81",
"indicator--56f92ef0-d61c-4aa4-a5b8-3f2f02de0b81",
"indicator--56f92ef1-102c-43b0-bc57-3f2f02de0b81",
"observed-data--56f92ef1-1fc8-4a34-a578-3f2f02de0b81",
"url--56f92ef1-1fc8-4a34-a578-3f2f02de0b81",
"indicator--56f92ef1-0fa4-4296-863c-3f2f02de0b81",
"indicator--56f92ef1-5540-44ce-8692-3f2f02de0b81",
"observed-data--56f92ef2-aa44-45f1-b419-3f2f02de0b81",
"url--56f92ef2-aa44-45f1-b419-3f2f02de0b81",
"indicator--56f92f32-3d88-4926-902b-3f2602de0b81",
"indicator--56f92f33-d728-4b66-9836-3f2602de0b81",
"indicator--56f92f33-7eb4-49a3-be41-3f2602de0b81",
"indicator--56f92f33-f708-441f-878d-3f2602de0b81",
"indicator--56f92f33-ad68-4f3f-8d32-3f2602de0b81",
"indicator--56f92f34-b594-40c9-8f45-3f2602de0b81",
"indicator--56f92f34-05fc-4b79-9aa7-3f2602de0b81",
"indicator--56f92f34-eb28-45fe-b3c6-3f2602de0b81",
"indicator--56f92f35-fc5c-4f56-9fac-3f2602de0b81",
"indicator--56f92f55-ac44-403f-ab8a-74ad02de0b81",
"indicator--56f92f56-8260-4ad2-9d62-74ad02de0b81",
"indicator--56f92f56-cb74-431d-8695-74ad02de0b81",
"indicator--56f92f56-b3e0-4cf5-82ac-74ad02de0b81",
"indicator--56f92f57-e3f4-40e8-8bf1-74ad02de0b81",
"indicator--56f92f57-2024-43e8-a11c-74ad02de0b81",
"indicator--56f92f58-49e4-4721-ab04-74ad02de0b81",
"indicator--56f92f69-d568-4a12-a081-3f2802de0b81",
"indicator--56f92f82-de18-4d14-91fb-6f2302de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92e2a-1be0-4a3a-a3b6-3f2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:14:18.000Z",
"modified": "2016-03-28T13:14:18.000Z",
"first_observed": "2016-03-28T13:14:18Z",
"last_observed": "2016-03-28T13:14:18Z",
"number_observed": 1,
"object_refs": [
"url--56f92e2a-1be0-4a3a-a3b6-3f2a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92e2a-1be0-4a3a-a3b6-3f2a02de0b81",
"value": "https://www.fireeye.com/blog/threat-research/2016/03/treasurehunt_a_cust.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56f92e3c-2ab8-4dba-bc15-74ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:14:36.000Z",
"modified": "2016-03-28T13:14:36.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pattern-in-file",
"x_misp_value": "%USERPROFILE%\\documents\\visual studio 2012\\Projects\\treasureHunter\\Release\\treasureHunter.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56f92e6f-b504-4115-81bd-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:15:27.000Z",
"modified": "2016-03-28T13:15:27.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Since early 2015, FireEye Threat Intelligence has observed the significant growth of point-of-sale (POS) malware families in underground cyber crime forums. POS malware refers to malicious software that extracts payment card information from memory and usually uploads that data to a command and control (CnC) server.\r\n\r\nAlthough the PCI DSS rules changed in October 2015, leaving retailers who have not transitioned from existing \u00e2\u20ac\u0153swipe\u00e2\u20ac\u009d cards to EMV or \u00e2\u20ac\u0153chip\u00e2\u20ac\u009d enabled cards liable for card present fraud in more ways than before, many retailers are still in the process of transitioning to chip-enabled card technology. Criminals appear to be racing to infect POS systems in the United States before US retailers complete this transition. In 2015, more than a dozen new POS malware families were discovered.[1]\r\n\r\nPOS malware may be freely available, available for purchase, or custom-built for specific cyber criminals. Free tools are often a result of malware source code being leaked, and tend to be older and more easily detected by security software. POS malware available for purchase may be newly developed tools or modified versions of older tools. Then there is another class of POS malware that is developed for use exclusively by a particular threat group.\r\n\r\nIn this article we examine TREASUREHUNT, POS malware that appears to have been custom-built for the operations of a particular \u00e2\u20ac\u0153dump shop,\u00e2\u20ac\u009d which sells stolen credit card data. TREASUREHUNT enumerates running processes, extracts payment card information from memory, and then transmits this information to a command and control server."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea5-2d50-4fc9-92ef-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:21.000Z",
"modified": "2016-03-28T13:16:21.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = 'cec2810556c63e9c225afb6a5ca58bc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea6-2890-41b3-8059-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:22.000Z",
"modified": "2016-03-28T13:16:22.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = 'cb75de605c171e36c8a593e337275d8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea6-009c-4348-a0b2-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:22.000Z",
"modified": "2016-03-28T13:16:22.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = '6a9348f582b2e121a5d9bff1e8f0935f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea6-5070-43a2-a874-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:22.000Z",
"modified": "2016-03-28T13:16:22.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = '070e9a317ee53ac3814eb86bc7d5bf49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea6-18ec-4295-acf9-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:22.000Z",
"modified": "2016-03-28T13:16:22.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = '3e2003878b364b5d77790109f24c9137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea7-4c38-4d72-ada3-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:23.000Z",
"modified": "2016-03-28T13:16:23.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = '21f99135f836fb4d3f4685d704a4460d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea7-0eb4-4fd2-a1e9-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:23.000Z",
"modified": "2016-03-28T13:16:23.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = 'ea6248e4ddd080e60e6140ab0f8562e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea7-af3c-4c3f-9520-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:23.000Z",
"modified": "2016-03-28T13:16:23.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = '48692beb88058652115b5c447cd28589']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ea8-ecd4-43e1-ad7c-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:16:24.000Z",
"modified": "2016-03-28T13:16:24.000Z",
"description": "TREASUREHUNT 0.1",
"pattern": "[file:hashes.MD5 = '9f9c2e6072e0a233631d234bdcf1b293']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:16:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eea-ac18-4ba4-ab20-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:30.000Z",
"modified": "2016-03-28T13:17:30.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: cec2810556c63e9c225afb6a5ca58bc1",
"pattern": "[file:hashes.SHA256 = '046d0b8024cea9c6aea2ef04b51ce9fd482214fbb3ef068a85c0f91f193f248f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eeb-30ec-4789-aafb-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:31.000Z",
"modified": "2016-03-28T13:17:31.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: cec2810556c63e9c225afb6a5ca58bc1",
"pattern": "[file:hashes.SHA1 = '95cfa6e9e2eab0e5e34a96ce6781320d42ff8c0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92eeb-1ccc-4c4f-8e3f-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:31.000Z",
"modified": "2016-03-28T13:17:31.000Z",
"first_observed": "2016-03-28T13:17:31Z",
"last_observed": "2016-03-28T13:17:31Z",
"number_observed": 1,
"object_refs": [
"url--56f92eeb-1ccc-4c4f-8e3f-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92eeb-1ccc-4c4f-8e3f-3f2f02de0b81",
"value": "https://www.virustotal.com/file/046d0b8024cea9c6aea2ef04b51ce9fd482214fbb3ef068a85c0f91f193f248f/analysis/1458803364/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eeb-8880-47ad-b5a3-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:31.000Z",
"modified": "2016-03-28T13:17:31.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 6a9348f582b2e121a5d9bff1e8f0935f",
"pattern": "[file:hashes.SHA256 = 'fe5f50fce2f430432a636ef899919505e9477968d8caff7506e888cffed0b5f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eec-9acc-40aa-a04c-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:32.000Z",
"modified": "2016-03-28T13:17:32.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 6a9348f582b2e121a5d9bff1e8f0935f",
"pattern": "[file:hashes.SHA1 = 'e03dbcf2d45cf99fbcd9aef453cdeb3a00c59d4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92eec-74a4-47a5-8e1f-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:32.000Z",
"modified": "2016-03-28T13:17:32.000Z",
"first_observed": "2016-03-28T13:17:32Z",
"last_observed": "2016-03-28T13:17:32Z",
"number_observed": 1,
"object_refs": [
"url--56f92eec-74a4-47a5-8e1f-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92eec-74a4-47a5-8e1f-3f2f02de0b81",
"value": "https://www.virustotal.com/file/fe5f50fce2f430432a636ef899919505e9477968d8caff7506e888cffed0b5f8/analysis/1450248638/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eec-cb08-42a5-a92c-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:32.000Z",
"modified": "2016-03-28T13:17:32.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 070e9a317ee53ac3814eb86bc7d5bf49",
"pattern": "[file:hashes.SHA256 = 'ceed84d8d76ee27c92d48dd01c96e6345fb3981319151601f78f4e9ec754a73b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eed-be5c-45ca-988f-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:33.000Z",
"modified": "2016-03-28T13:17:33.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 070e9a317ee53ac3814eb86bc7d5bf49",
"pattern": "[file:hashes.SHA1 = '63f377989a84d65b372819992c95110318c6e7c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92eed-a3d4-4e99-bb70-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:33.000Z",
"modified": "2016-03-28T13:17:33.000Z",
"first_observed": "2016-03-28T13:17:33Z",
"last_observed": "2016-03-28T13:17:33Z",
"number_observed": 1,
"object_refs": [
"url--56f92eed-a3d4-4e99-bb70-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92eed-a3d4-4e99-bb70-3f2f02de0b81",
"value": "https://www.virustotal.com/file/ceed84d8d76ee27c92d48dd01c96e6345fb3981319151601f78f4e9ec754a73b/analysis/1440623335/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eed-74d0-4003-8897-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:33.000Z",
"modified": "2016-03-28T13:17:33.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 3e2003878b364b5d77790109f24c9137",
"pattern": "[file:hashes.SHA256 = '68358c49d084939ecae7b78f2c0df0eb8d5b98f31dc13fb5878d8bfbdd5db86f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eee-b4fc-40b6-a166-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:34.000Z",
"modified": "2016-03-28T13:17:34.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 3e2003878b364b5d77790109f24c9137",
"pattern": "[file:hashes.SHA1 = 'efc73c637c63704c31a4b8516adc866feedbfc43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92eee-bf40-43c5-9093-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:34.000Z",
"modified": "2016-03-28T13:17:34.000Z",
"first_observed": "2016-03-28T13:17:34Z",
"last_observed": "2016-03-28T13:17:34Z",
"number_observed": 1,
"object_refs": [
"url--56f92eee-bf40-43c5-9093-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92eee-bf40-43c5-9093-3f2f02de0b81",
"value": "https://www.virustotal.com/file/68358c49d084939ecae7b78f2c0df0eb8d5b98f31dc13fb5878d8bfbdd5db86f/analysis/1458802637/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eee-ce30-4600-b1c8-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:34.000Z",
"modified": "2016-03-28T13:17:34.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 21f99135f836fb4d3f4685d704a4460d",
"pattern": "[file:hashes.SHA256 = '442bca26dddfe4a5d1c0b4adaaaab205a1dca856c41d9353ba45e0794e3660ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eef-74b4-465d-84cf-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:35.000Z",
"modified": "2016-03-28T13:17:35.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 21f99135f836fb4d3f4685d704a4460d",
"pattern": "[file:hashes.SHA1 = 'a269ca72b899d30d9730d6a213f643c5e560bdd4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92eef-d390-4ef2-b190-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:35.000Z",
"modified": "2016-03-28T13:17:35.000Z",
"first_observed": "2016-03-28T13:17:35Z",
"last_observed": "2016-03-28T13:17:35Z",
"number_observed": 1,
"object_refs": [
"url--56f92eef-d390-4ef2-b190-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92eef-d390-4ef2-b190-3f2f02de0b81",
"value": "https://www.virustotal.com/file/442bca26dddfe4a5d1c0b4adaaaab205a1dca856c41d9353ba45e0794e3660ed/analysis/1458802460/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92eef-b2d4-4816-ac53-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:35.000Z",
"modified": "2016-03-28T13:17:35.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: ea6248e4ddd080e60e6140ab0f8562e1",
"pattern": "[file:hashes.SHA256 = '7eca8bf6d17891529c74d8fce85471135a203f312ae09fe3d907355c7dea9f59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ef0-3d38-49f3-82cb-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:36.000Z",
"modified": "2016-03-28T13:17:36.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: ea6248e4ddd080e60e6140ab0f8562e1",
"pattern": "[file:hashes.SHA1 = '67bd53130d2ebe851489b607b81ca2d2fb0a20f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92ef0-68b8-4ca9-b104-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:36.000Z",
"modified": "2016-03-28T13:17:36.000Z",
"first_observed": "2016-03-28T13:17:36Z",
"last_observed": "2016-03-28T13:17:36Z",
"number_observed": 1,
"object_refs": [
"url--56f92ef0-68b8-4ca9-b104-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92ef0-68b8-4ca9-b104-3f2f02de0b81",
"value": "https://www.virustotal.com/file/7eca8bf6d17891529c74d8fce85471135a203f312ae09fe3d907355c7dea9f59/analysis/1458803543/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ef0-d61c-4aa4-a5b8-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:36.000Z",
"modified": "2016-03-28T13:17:36.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 48692beb88058652115b5c447cd28589",
"pattern": "[file:hashes.SHA256 = '6a6b099dd313cfd9009d28f42613ed0375ffac9e03e5392329a2a3a4a5c358cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ef1-102c-43b0-bc57-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:37.000Z",
"modified": "2016-03-28T13:17:37.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 48692beb88058652115b5c447cd28589",
"pattern": "[file:hashes.SHA1 = '0b3c2a94075a7ad996cedc81bd29e44a8ea9ed05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92ef1-1fc8-4a34-a578-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:37.000Z",
"modified": "2016-03-28T13:17:37.000Z",
"first_observed": "2016-03-28T13:17:37Z",
"last_observed": "2016-03-28T13:17:37Z",
"number_observed": 1,
"object_refs": [
"url--56f92ef1-1fc8-4a34-a578-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92ef1-1fc8-4a34-a578-3f2f02de0b81",
"value": "https://www.virustotal.com/file/6a6b099dd313cfd9009d28f42613ed0375ffac9e03e5392329a2a3a4a5c358cd/analysis/1458802694/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ef1-0fa4-4296-863c-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:37.000Z",
"modified": "2016-03-28T13:17:37.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 9f9c2e6072e0a233631d234bdcf1b293",
"pattern": "[file:hashes.SHA256 = 'ab7ac10833cf5936c98554c20a123c395631e09200b4f87a610195bf49dda8e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92ef1-5540-44ce-8692-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:37.000Z",
"modified": "2016-03-28T13:17:37.000Z",
"description": "TREASUREHUNT 0.1 - Xchecked via VT: 9f9c2e6072e0a233631d234bdcf1b293",
"pattern": "[file:hashes.SHA1 = 'ebcc227dbf3c33c3fc9e825ee62382e20a8756ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56f92ef2-aa44-45f1-b419-3f2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:17:38.000Z",
"modified": "2016-03-28T13:17:38.000Z",
"first_observed": "2016-03-28T13:17:38Z",
"last_observed": "2016-03-28T13:17:38Z",
"number_observed": 1,
"object_refs": [
"url--56f92ef2-aa44-45f1-b419-3f2f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56f92ef2-aa44-45f1-b419-3f2f02de0b81",
"value": "https://www.virustotal.com/file/ab7ac10833cf5936c98554c20a123c395631e09200b4f87a610195bf49dda8e1/analysis/1458803121/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f32-3d88-4926-902b-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:42.000Z",
"modified": "2016-03-28T13:18:42.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = 'millionjam.eu/megastock/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f33-d728-4b66-9836-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:43.000Z",
"modified": "2016-03-28T13:18:43.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = 'cortykopl.com/sdfsgsdsdssdf/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f33-7eb4-49a3-be41-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:43.000Z",
"modified": "2016-03-28T13:18:43.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = '91.232.29.83/sdfsgsdsdssdf/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f33-f708-441f-878d-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:43.000Z",
"modified": "2016-03-28T13:18:43.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = '179.43.160.34/wp-content/temp/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f33-ad68-4f3f-8d32-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:43.000Z",
"modified": "2016-03-28T13:18:43.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = '3sipiojt.com/noth/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f34-b594-40c9-8f45-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:44.000Z",
"modified": "2016-03-28T13:18:44.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = 'friltopyes.com/southcal/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f34-05fc-4b79-9aa7-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:44.000Z",
"modified": "2016-03-28T13:18:44.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = 'seatrip888.eu/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f34-eb28-45fe-b3c6-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:44.000Z",
"modified": "2016-03-28T13:18:44.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = 'friltopyes.com/alabol/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f35-fc5c-4f56-9fac-3f2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:18:45.000Z",
"modified": "2016-03-28T13:18:45.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[url:value = 'friltopyes.com/nothcal/gate.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:18:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f55-ac44-403f-ab8a-74ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:17.000Z",
"modified": "2016-03-28T13:19:17.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[domain-name:value = 'millionjam.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f56-8260-4ad2-9d62-74ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:18.000Z",
"modified": "2016-03-28T13:19:18.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[domain-name:value = 'cortykopl.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f56-cb74-431d-8695-74ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:18.000Z",
"modified": "2016-03-28T13:19:18.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.232.29.83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f56-b3e0-4cf5-82ac-74ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:18.000Z",
"modified": "2016-03-28T13:19:18.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.43.160.34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f57-e3f4-40e8-8bf1-74ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:19.000Z",
"modified": "2016-03-28T13:19:19.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[domain-name:value = '3sipiojt.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f57-2024-43e8-a11c-74ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:19.000Z",
"modified": "2016-03-28T13:19:19.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[domain-name:value = 'friltopyes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f58-49e4-4721-ab04-74ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:20.000Z",
"modified": "2016-03-28T13:19:20.000Z",
"description": "TREASUREHUNT v0.1",
"pattern": "[domain-name:value = 'seatrip888.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f69-d568-4a12-a081-3f2802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:19:37.000Z",
"modified": "2016-03-28T13:19:37.000Z",
"pattern": "[file:hashes.MD5 = '2dfddbc240cd6e320f69b172c1e3ce58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:19:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56f92f82-de18-4d14-91fb-6f2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-28T13:20:02.000Z",
"modified": "2016-03-28T13:20:02.000Z",
"description": "TREASUREHUNT v0.1.1",
"pattern": "[domain-name:value = 'logmeinrescue.us.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-28T13:20:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink