misp-circl-feed/feeds/circl/misp/56fba597-d420-45fe-9a73-46f5950d210f.json

1188 lines
No EOL
49 KiB
JSON

{
"type": "bundle",
"id": "bundle--56fba597-d420-45fe-9a73-46f5950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:01.000Z",
"modified": "2016-03-30T12:31:01.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56fba597-d420-45fe-9a73-46f5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:01.000Z",
"modified": "2016-03-30T12:31:01.000Z",
"name": "OSINT - GongDa vs. Korean News",
"published": "2016-03-30T12:31:23Z",
"object_refs": [
"observed-data--56fba5e3-85e4-4c5e-9c95-4320950d210f",
"url--56fba5e3-85e4-4c5e-9c95-4320950d210f",
"x-misp-attribute--56fba628-5b94-43b0-849c-455d950d210f",
"indicator--56fba707-7cec-48ad-9cab-4e21950d210f",
"indicator--56fba707-3ff4-48e2-8a78-4b8c950d210f",
"indicator--56fba707-5820-48a5-bb02-48b6950d210f",
"indicator--56fba708-3674-4f99-af9d-4f4d950d210f",
"indicator--56fba708-4004-4f77-a616-4e45950d210f",
"indicator--56fba708-6b08-4d1d-9045-4a92950d210f",
"indicator--56fbbee3-be00-478b-94f5-467302de0b81",
"indicator--56fbbee3-f308-4678-9af5-479502de0b81",
"observed-data--56fbbee3-a27c-44b7-9d45-4a4202de0b81",
"url--56fbbee3-a27c-44b7-9d45-4a4202de0b81",
"indicator--56fbbee4-d4f0-4ccd-af00-404f02de0b81",
"indicator--56fbbee4-0794-4bd1-90be-4f4e02de0b81",
"observed-data--56fbbee4-18bc-4e56-90af-46d002de0b81",
"url--56fbbee4-18bc-4e56-90af-46d002de0b81",
"indicator--56fbbee5-72e0-415f-ab67-4bb702de0b81",
"indicator--56fbbee5-82d4-4414-8a81-48c202de0b81",
"observed-data--56fbbee5-cfd4-430d-a275-46c102de0b81",
"url--56fbbee5-cfd4-430d-a275-46c102de0b81",
"indicator--56fbbee5-fe40-4bc9-ac32-432202de0b81",
"indicator--56fbbee6-7cd8-41c5-8113-4eca02de0b81",
"observed-data--56fbbee6-062c-441a-bbb0-463a02de0b81",
"url--56fbbee6-062c-441a-bbb0-463a02de0b81",
"indicator--56fbbee6-e7d4-4597-a66b-471d02de0b81",
"indicator--56fbbee7-3f2c-4be6-9b73-4fda02de0b81",
"observed-data--56fbbee7-abc0-4b55-93d4-479302de0b81",
"url--56fbbee7-abc0-4b55-93d4-479302de0b81",
"indicator--56fbbee7-131c-4db6-a41e-43af02de0b81",
"indicator--56fbbee7-535c-4965-82b4-494602de0b81",
"observed-data--56fbbee8-9d28-4cf6-b251-426c02de0b81",
"url--56fbbee8-9d28-4cf6-b251-426c02de0b81",
"observed-data--56fbc700-b5c0-4155-a301-440b950d210f",
"url--56fbc700-b5c0-4155-a301-440b950d210f",
"observed-data--56fbc700-3d70-4cb2-a57d-40a9950d210f",
"url--56fbc700-3d70-4cb2-a57d-40a9950d210f",
"observed-data--56fbc701-d604-40cf-b1dd-4d9e950d210f",
"url--56fbc701-d604-40cf-b1dd-4d9e950d210f",
"observed-data--56fbc701-6dc4-4b2e-9773-4bfd950d210f",
"url--56fbc701-6dc4-4b2e-9773-4bfd950d210f",
"observed-data--56fbc701-96f4-4ecc-8869-48bb950d210f",
"url--56fbc701-96f4-4ecc-8869-48bb950d210f",
"observed-data--56fbc701-0bd4-4303-87d3-44fc950d210f",
"url--56fbc701-0bd4-4303-87d3-44fc950d210f",
"observed-data--56fbc702-0d0c-4962-8aa0-4565950d210f",
"url--56fbc702-0d0c-4962-8aa0-4565950d210f",
"observed-data--56fbc702-fcb0-4330-855a-486f950d210f",
"url--56fbc702-fcb0-4330-855a-486f950d210f",
"observed-data--56fbc702-43e4-41a4-a483-406b950d210f",
"url--56fbc702-43e4-41a4-a483-406b950d210f",
"observed-data--56fbc703-e2ac-4b3d-8e4d-47d0950d210f",
"url--56fbc703-e2ac-4b3d-8e4d-47d0950d210f",
"observed-data--56fbc703-b09c-493f-9509-4cfc950d210f",
"url--56fbc703-b09c-493f-9509-4cfc950d210f",
"observed-data--56fbc703-3220-4c25-ad7f-4346950d210f",
"url--56fbc703-3220-4c25-ad7f-4346950d210f",
"observed-data--56fbc703-96a8-4644-9a03-4638950d210f",
"url--56fbc703-96a8-4644-9a03-4638950d210f",
"observed-data--56fbc704-c5c8-4d4a-bdf7-4bdb950d210f",
"url--56fbc704-c5c8-4d4a-bdf7-4bdb950d210f",
"observed-data--56fbc704-7140-41af-9374-42ca950d210f",
"url--56fbc704-7140-41af-9374-42ca950d210f",
"observed-data--56fbc704-dd6c-4e00-9d6d-4f5d950d210f",
"url--56fbc704-dd6c-4e00-9d6d-4f5d950d210f",
"observed-data--56fbc704-9ca0-453c-b200-435f950d210f",
"url--56fbc704-9ca0-453c-b200-435f950d210f",
"observed-data--56fbc705-4f58-4e08-972d-49ff950d210f",
"url--56fbc705-4f58-4e08-972d-49ff950d210f",
"observed-data--56fbc705-467c-4711-8cae-4ef3950d210f",
"url--56fbc705-467c-4711-8cae-4ef3950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fba5e3-85e4-4c5e-9c95-4320950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:09:39.000Z",
"modified": "2016-03-30T10:09:39.000Z",
"first_observed": "2016-03-30T10:09:39Z",
"last_observed": "2016-03-30T10:09:39Z",
"number_observed": 1,
"object_refs": [
"url--56fba5e3-85e4-4c5e-9c95-4320950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fba5e3-85e4-4c5e-9c95-4320950d210f",
"value": "https://www.fireeye.com/blog/threat-research/2016/03/gongda_vs_koreanne.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56fba628-5b94-43b0-849c-455d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:10:48.000Z",
"modified": "2016-03-30T10:10:48.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "GongDa is an exploit kit that can compromise vulnerable endpoints by use of exploits, allowing harmful malware to be installed on the system. While GongDa is an older exploit kit that continues to use Java exploits, it has also been found delivering both Flash and VBScript exploits as well. Despite its shortcomings when compared to newer EK\u00e2\u20ac\u2122s such as Angler or Neutrino, GongDa proves that old tricks (or vulnerabilities) can still work effectively."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fba707-7cec-48ad-9cab-4e21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:14:31.000Z",
"modified": "2016-03-30T10:14:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = 'aac178f775588ca1d42c00d4d95604bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T10:14:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fba707-3ff4-48e2-8a78-4b8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:14:31.000Z",
"modified": "2016-03-30T10:14:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '3d58f4b2008f6d87cab9166c09e513b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T10:14:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fba707-5820-48a5-bb02-48b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:14:31.000Z",
"modified": "2016-03-30T10:14:31.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = 'a18d1bce5618b23f592dae9133c25229']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T10:14:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fba708-3674-4f99-af9d-4f4d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:14:32.000Z",
"modified": "2016-03-30T10:14:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '40be7c9424c6c6de0d560d358a020a5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T10:14:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fba708-4004-4f77-a616-4e45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:14:32.000Z",
"modified": "2016-03-30T10:14:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = '808e27fd120ade3ecfb2b21aeda8bc58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T10:14:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fba708-6b08-4d1d-9045-4a92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T10:14:32.000Z",
"modified": "2016-03-30T10:14:32.000Z",
"description": "Imported via the freetext import.",
"pattern": "[file:hashes.MD5 = 'ed751ce651d685100e00ed133e4e5018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T10:14:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee3-be00-478b-94f5-467302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:19.000Z",
"modified": "2016-03-30T11:56:19.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: ed751ce651d685100e00ed133e4e5018",
"pattern": "[file:hashes.SHA256 = '89834c1deb693c4491c7641f9ee618beed11b3f560cf607427360a95c8c329fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee3-f308-4678-9af5-479502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:19.000Z",
"modified": "2016-03-30T11:56:19.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: ed751ce651d685100e00ed133e4e5018",
"pattern": "[file:hashes.SHA1 = 'a81b05d02505ece88af76f0496cf1b3b5c6c3248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbbee3-a27c-44b7-9d45-4a4202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:19.000Z",
"modified": "2016-03-30T11:56:19.000Z",
"first_observed": "2016-03-30T11:56:19Z",
"last_observed": "2016-03-30T11:56:19Z",
"number_observed": 1,
"object_refs": [
"url--56fbbee3-a27c-44b7-9d45-4a4202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbbee3-a27c-44b7-9d45-4a4202de0b81",
"value": "https://www.virustotal.com/file/89834c1deb693c4491c7641f9ee618beed11b3f560cf607427360a95c8c329fd/analysis/1447245683/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee4-d4f0-4ccd-af00-404f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:20.000Z",
"modified": "2016-03-30T11:56:20.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 808e27fd120ade3ecfb2b21aeda8bc58",
"pattern": "[file:hashes.SHA256 = 'ec121f3e1068fa724c3345096e3f76c76ab7bc2a7e1f5e1b667718c32b37b52a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee4-0794-4bd1-90be-4f4e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:20.000Z",
"modified": "2016-03-30T11:56:20.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 808e27fd120ade3ecfb2b21aeda8bc58",
"pattern": "[file:hashes.SHA1 = '714f99e141eb289d141fc66e57be155cfc56bc36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbbee4-18bc-4e56-90af-46d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:20.000Z",
"modified": "2016-03-30T11:56:20.000Z",
"first_observed": "2016-03-30T11:56:20Z",
"last_observed": "2016-03-30T11:56:20Z",
"number_observed": 1,
"object_refs": [
"url--56fbbee4-18bc-4e56-90af-46d002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbbee4-18bc-4e56-90af-46d002de0b81",
"value": "https://www.virustotal.com/file/ec121f3e1068fa724c3345096e3f76c76ab7bc2a7e1f5e1b667718c32b37b52a/analysis/1458753480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee5-72e0-415f-ab67-4bb702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:21.000Z",
"modified": "2016-03-30T11:56:21.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 40be7c9424c6c6de0d560d358a020a5c",
"pattern": "[file:hashes.SHA256 = '2720739c345a66ff03121e3695164a9d71603dac089f68ee547fee59bd74abea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee5-82d4-4414-8a81-48c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:21.000Z",
"modified": "2016-03-30T11:56:21.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 40be7c9424c6c6de0d560d358a020a5c",
"pattern": "[file:hashes.SHA1 = '415702298f325957e7f92db74ebb748652232f6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbbee5-cfd4-430d-a275-46c102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:21.000Z",
"modified": "2016-03-30T11:56:21.000Z",
"first_observed": "2016-03-30T11:56:21Z",
"last_observed": "2016-03-30T11:56:21Z",
"number_observed": 1,
"object_refs": [
"url--56fbbee5-cfd4-430d-a275-46c102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbbee5-cfd4-430d-a275-46c102de0b81",
"value": "https://www.virustotal.com/file/2720739c345a66ff03121e3695164a9d71603dac089f68ee547fee59bd74abea/analysis/1458559566/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee5-fe40-4bc9-ac32-432202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:21.000Z",
"modified": "2016-03-30T11:56:21.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: a18d1bce5618b23f592dae9133c25229",
"pattern": "[file:hashes.SHA256 = '7e78d38c40a69d7938fb3bb0be9958040f3d67d8a7f4f7716287ea4a79b559b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee6-7cd8-41c5-8113-4eca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:22.000Z",
"modified": "2016-03-30T11:56:22.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: a18d1bce5618b23f592dae9133c25229",
"pattern": "[file:hashes.SHA1 = '51f4662fae481fbab8d57d4cca67172083f55408']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbbee6-062c-441a-bbb0-463a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:22.000Z",
"modified": "2016-03-30T11:56:22.000Z",
"first_observed": "2016-03-30T11:56:22Z",
"last_observed": "2016-03-30T11:56:22Z",
"number_observed": 1,
"object_refs": [
"url--56fbbee6-062c-441a-bbb0-463a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbbee6-062c-441a-bbb0-463a02de0b81",
"value": "https://www.virustotal.com/file/7e78d38c40a69d7938fb3bb0be9958040f3d67d8a7f4f7716287ea4a79b559b4/analysis/1458803140/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee6-e7d4-4597-a66b-471d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:22.000Z",
"modified": "2016-03-30T11:56:22.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 3d58f4b2008f6d87cab9166c09e513b5",
"pattern": "[file:hashes.SHA256 = 'e251d761bc383b97e3df39b7565457ac0e5d497a1e0073563ce1787e60911def']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee7-3f2c-4be6-9b73-4fda02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:23.000Z",
"modified": "2016-03-30T11:56:23.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: 3d58f4b2008f6d87cab9166c09e513b5",
"pattern": "[file:hashes.SHA1 = 'b1004e02d99b517604e6d34a5f522624ffa92a12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbbee7-abc0-4b55-93d4-479302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:23.000Z",
"modified": "2016-03-30T11:56:23.000Z",
"first_observed": "2016-03-30T11:56:23Z",
"last_observed": "2016-03-30T11:56:23Z",
"number_observed": 1,
"object_refs": [
"url--56fbbee7-abc0-4b55-93d4-479302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbbee7-abc0-4b55-93d4-479302de0b81",
"value": "https://www.virustotal.com/file/e251d761bc383b97e3df39b7565457ac0e5d497a1e0073563ce1787e60911def/analysis/1454321451/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee7-131c-4db6-a41e-43af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:23.000Z",
"modified": "2016-03-30T11:56:23.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: aac178f775588ca1d42c00d4d95604bd",
"pattern": "[file:hashes.SHA256 = 'a65c12d9b255ae96cbfb7d1d29aa9396782184aae06384e48dc08de5b83f768e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56fbbee7-535c-4965-82b4-494602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:23.000Z",
"modified": "2016-03-30T11:56:23.000Z",
"description": "Imported via the freetext import. - Xchecked via VT: aac178f775588ca1d42c00d4d95604bd",
"pattern": "[file:hashes.SHA1 = '57d53205d25088c7e365d2fb9af556b3b961c341']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-30T11:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbbee8-9d28-4cf6-b251-426c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T11:56:24.000Z",
"modified": "2016-03-30T11:56:24.000Z",
"first_observed": "2016-03-30T11:56:24Z",
"last_observed": "2016-03-30T11:56:24Z",
"number_observed": 1,
"object_refs": [
"url--56fbbee8-9d28-4cf6-b251-426c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbbee8-9d28-4cf6-b251-426c02de0b81",
"value": "https://www.virustotal.com/file/a65c12d9b255ae96cbfb7d1d29aa9396782184aae06384e48dc08de5b83f768e/analysis/1454321908/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc700-b5c0-4155-a301-440b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:56.000Z",
"modified": "2016-03-30T12:30:56.000Z",
"first_observed": "2016-03-30T12:30:56Z",
"last_observed": "2016-03-30T12:30:56Z",
"number_observed": 1,
"object_refs": [
"url--56fbc700-b5c0-4155-a301-440b950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc700-b5c0-4155-a301-440b950d210f",
"value": "bose.co.kr/shop/img/click/ad1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc700-3d70-4cb2-a57d-40a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:56.000Z",
"modified": "2016-03-30T12:30:56.000Z",
"first_observed": "2016-03-30T12:30:56Z",
"last_observed": "2016-03-30T12:30:56Z",
"number_observed": 1,
"object_refs": [
"url--56fbc700-3d70-4cb2-a57d-40a9950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc700-3d70-4cb2-a57d-40a9950d210f",
"value": "bose.co.kr/shop/img/click/as1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc701-d604-40cf-b1dd-4d9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:57.000Z",
"modified": "2016-03-30T12:30:57.000Z",
"first_observed": "2016-03-30T12:30:57Z",
"last_observed": "2016-03-30T12:30:57Z",
"number_observed": 1,
"object_refs": [
"url--56fbc701-d604-40cf-b1dd-4d9e950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc701-d604-40cf-b1dd-4d9e950d210f",
"value": "bose.co.kr/shop/img/naver/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc701-6dc4-4b2e-9773-4bfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:57.000Z",
"modified": "2016-03-30T12:30:57.000Z",
"first_observed": "2016-03-30T12:30:57Z",
"last_observed": "2016-03-30T12:30:57Z",
"number_observed": 1,
"object_refs": [
"url--56fbc701-6dc4-4b2e-9773-4bfd950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc701-6dc4-4b2e-9773-4bfd950d210f",
"value": "edresearch.co.kr/PEG/click/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc701-96f4-4ecc-8869-48bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:57.000Z",
"modified": "2016-03-30T12:30:57.000Z",
"first_observed": "2016-03-30T12:30:57Z",
"last_observed": "2016-03-30T12:30:57Z",
"number_observed": 1,
"object_refs": [
"url--56fbc701-96f4-4ecc-8869-48bb950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc701-96f4-4ecc-8869-48bb950d210f",
"value": "edresearch.co.kr/PEG/click1/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc701-0bd4-4303-87d3-44fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:57.000Z",
"modified": "2016-03-30T12:30:57.000Z",
"first_observed": "2016-03-30T12:30:57Z",
"last_observed": "2016-03-30T12:30:57Z",
"number_observed": 1,
"object_refs": [
"url--56fbc701-0bd4-4303-87d3-44fc950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc701-0bd4-4303-87d3-44fc950d210f",
"value": "nstory.com/tmp/click/ad1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc702-0d0c-4962-8aa0-4565950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:58.000Z",
"modified": "2016-03-30T12:30:58.000Z",
"first_observed": "2016-03-30T12:30:58Z",
"last_observed": "2016-03-30T12:30:58Z",
"number_observed": 1,
"object_refs": [
"url--56fbc702-0d0c-4962-8aa0-4565950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc702-0d0c-4962-8aa0-4565950d210f",
"value": "nstory.com/vars/ad/ad1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc702-fcb0-4330-855a-486f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:58.000Z",
"modified": "2016-03-30T12:30:58.000Z",
"first_observed": "2016-03-30T12:30:58Z",
"last_observed": "2016-03-30T12:30:58Z",
"number_observed": 1,
"object_refs": [
"url--56fbc702-fcb0-4330-855a-486f950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc702-fcb0-4330-855a-486f950d210f",
"value": "nstory.com/vars/cache/click/ad1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc702-43e4-41a4-a483-406b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:58.000Z",
"modified": "2016-03-30T12:30:58.000Z",
"first_observed": "2016-03-30T12:30:58Z",
"last_observed": "2016-03-30T12:30:58Z",
"number_observed": 1,
"object_refs": [
"url--56fbc702-43e4-41a4-a483-406b950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc702-43e4-41a4-a483-406b950d210f",
"value": "odbike.co.kr/w3c/cdn/ad1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc703-e2ac-4b3d-8e4d-47d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:58.000Z",
"modified": "2016-03-30T12:30:58.000Z",
"first_observed": "2016-03-30T12:30:58Z",
"last_observed": "2016-03-30T12:30:58Z",
"number_observed": 1,
"object_refs": [
"url--56fbc703-e2ac-4b3d-8e4d-47d0950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc703-e2ac-4b3d-8e4d-47d0950d210f",
"value": "odbike.co.kr/shop/skin/click/ad1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc703-b09c-493f-9509-4cfc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:59.000Z",
"modified": "2016-03-30T12:30:59.000Z",
"first_observed": "2016-03-30T12:30:59Z",
"last_observed": "2016-03-30T12:30:59Z",
"number_observed": 1,
"object_refs": [
"url--56fbc703-b09c-493f-9509-4cfc950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc703-b09c-493f-9509-4cfc950d210f",
"value": "odbike.co.kr/shop/temp/click/ad1.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc703-3220-4c25-ad7f-4346950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:59.000Z",
"modified": "2016-03-30T12:30:59.000Z",
"first_observed": "2016-03-30T12:30:59Z",
"last_observed": "2016-03-30T12:30:59Z",
"number_observed": 1,
"object_refs": [
"url--56fbc703-3220-4c25-ad7f-4346950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc703-3220-4c25-ad7f-4346950d210f",
"value": "poption.kr/gnu/cdn1/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc703-96a8-4644-9a03-4638950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:30:59.000Z",
"modified": "2016-03-30T12:30:59.000Z",
"first_observed": "2016-03-30T12:30:59Z",
"last_observed": "2016-03-30T12:30:59Z",
"number_observed": 1,
"object_refs": [
"url--56fbc703-96a8-4644-9a03-4638950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc703-96a8-4644-9a03-4638950d210f",
"value": "poption.kr/gnu/click/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc704-c5c8-4d4a-bdf7-4bdb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:00.000Z",
"modified": "2016-03-30T12:31:00.000Z",
"first_observed": "2016-03-30T12:31:00Z",
"last_observed": "2016-03-30T12:31:00Z",
"number_observed": 1,
"object_refs": [
"url--56fbc704-c5c8-4d4a-bdf7-4bdb950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc704-c5c8-4d4a-bdf7-4bdb950d210f",
"value": "poption.kr/gnu/extend/ad/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc704-7140-41af-9374-42ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:00.000Z",
"modified": "2016-03-30T12:31:00.000Z",
"first_observed": "2016-03-30T12:31:00Z",
"last_observed": "2016-03-30T12:31:00Z",
"number_observed": 1,
"object_refs": [
"url--56fbc704-7140-41af-9374-42ca950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc704-7140-41af-9374-42ca950d210f",
"value": "poption.kr/w3c/click/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc704-dd6c-4e00-9d6d-4f5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:00.000Z",
"modified": "2016-03-30T12:31:00.000Z",
"first_observed": "2016-03-30T12:31:00Z",
"last_observed": "2016-03-30T12:31:00Z",
"number_observed": 1,
"object_refs": [
"url--56fbc704-dd6c-4e00-9d6d-4f5d950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc704-dd6c-4e00-9d6d-4f5d950d210f",
"value": "sekielec.co.kr/m/et/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc704-9ca0-453c-b200-435f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:00.000Z",
"modified": "2016-03-30T12:31:00.000Z",
"first_observed": "2016-03-30T12:31:00Z",
"last_observed": "2016-03-30T12:31:00Z",
"number_observed": 1,
"object_refs": [
"url--56fbc704-9ca0-453c-b200-435f950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc704-9ca0-453c-b200-435f950d210f",
"value": "smsmaster.co.kr/docs/click1/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc705-4f58-4e08-972d-49ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:01.000Z",
"modified": "2016-03-30T12:31:01.000Z",
"first_observed": "2016-03-30T12:31:01Z",
"last_observed": "2016-03-30T12:31:01Z",
"number_observed": 1,
"object_refs": [
"url--56fbc705-4f58-4e08-972d-49ff950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc705-4f58-4e08-972d-49ff950d210f",
"value": "smsmaster.co.kr/docs/click3/ad.html"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56fbc705-467c-4711-8cae-4ef3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-30T12:31:01.000Z",
"modified": "2016-03-30T12:31:01.000Z",
"first_observed": "2016-03-30T12:31:01Z",
"last_observed": "2016-03-30T12:31:01Z",
"number_observed": 1,
"object_refs": [
"url--56fbc705-467c-4711-8cae-4ef3950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56fbc705-467c-4711-8cae-4ef3950d210f",
"value": "www.poption.kr/gnu/js/click/ad.html"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}