misp-circl-feed/feeds/circl/misp/570b9eee-6f60-41d4-bd1b-40d2950d210f.json

1524 lines
No EOL
65 KiB
JSON

{
"type": "bundle",
"id": "bundle--570b9eee-6f60-41d4-bd1b-40d2950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:39.000Z",
"modified": "2016-04-11T12:58:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--570b9eee-6f60-41d4-bd1b-40d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:39.000Z",
"modified": "2016-04-11T12:58:39.000Z",
"name": "OSINT - Mobile Devices Used to Execute DNS Malware Against Home Routers",
"published": "2016-04-11T12:59:14Z",
"object_refs": [
"observed-data--570b9f09-912c-4f67-992c-42b2950d210f",
"url--570b9f09-912c-4f67-992c-42b2950d210f",
"x-misp-attribute--570b9f1e-1a40-4b3e-813c-4315950d210f",
"indicator--570b9f36-ef00-4f0b-aec6-d938950d210f",
"indicator--570b9f37-8c00-4a1c-8415-d938950d210f",
"indicator--570b9f37-6840-4611-a633-d938950d210f",
"indicator--570b9f37-e1f8-4474-8c30-d938950d210f",
"indicator--570b9f38-5558-4947-b2d5-d938950d210f",
"indicator--570b9f38-aee0-42e9-9a88-d938950d210f",
"indicator--570b9f38-8f60-4a1d-8b16-d938950d210f",
"indicator--570b9f39-8b04-4aa3-b9a0-d938950d210f",
"indicator--570b9f39-953c-409c-9bc3-d938950d210f",
"indicator--570b9f39-8084-4bc7-adfc-d938950d210f",
"indicator--570b9f5a-f32c-4ae7-bda8-d939950d210f",
"indicator--570b9f5a-d290-435e-a054-d939950d210f",
"indicator--570b9f5a-ed88-4967-a6c2-d939950d210f",
"indicator--570b9f5b-662c-49af-85ee-d939950d210f",
"indicator--570b9f5b-b6d4-4c0b-955c-d939950d210f",
"indicator--570b9f5c-8fec-4f80-b521-d939950d210f",
"indicator--570b9f5c-2500-4dec-a17a-d939950d210f",
"indicator--570b9f5c-6c64-4872-b332-d939950d210f",
"indicator--570b9f5d-9294-4f3e-b1d9-d939950d210f",
"indicator--570b9f5d-b8f8-40de-93f5-d939950d210f",
"indicator--570b9f5d-3ed0-457d-931c-d939950d210f",
"indicator--570b9f5e-8240-4939-b922-d939950d210f",
"indicator--570b9f5e-e41c-4513-a445-d939950d210f",
"indicator--570b9f5e-7690-4f7e-a442-d939950d210f",
"indicator--570b9f7f-7164-4d5c-8bc9-463302de0b81",
"indicator--570b9f7f-df40-43bf-b3f2-498802de0b81",
"observed-data--570b9f7f-e33c-4a04-a835-4cc102de0b81",
"url--570b9f7f-e33c-4a04-a835-4cc102de0b81",
"indicator--570b9f80-ae0c-4c52-9d4c-4fab02de0b81",
"indicator--570b9f80-a664-41c5-ac22-433702de0b81",
"observed-data--570b9f81-d550-4ab5-b6ea-48b002de0b81",
"url--570b9f81-d550-4ab5-b6ea-48b002de0b81",
"indicator--570b9f81-74fc-4995-9012-454b02de0b81",
"indicator--570b9f81-9fa4-49d3-bbc4-40b402de0b81",
"observed-data--570b9f82-003c-41cd-8317-402202de0b81",
"url--570b9f82-003c-41cd-8317-402202de0b81",
"indicator--570b9f82-06d8-4854-99e0-429b02de0b81",
"indicator--570b9f82-5bac-4b60-be5d-4aa802de0b81",
"observed-data--570b9f83-9c50-46c4-a6d8-4e1a02de0b81",
"url--570b9f83-9c50-46c4-a6d8-4e1a02de0b81",
"indicator--570b9f83-d724-4ad7-b398-418002de0b81",
"indicator--570b9f83-faa0-45f9-89b8-430102de0b81",
"observed-data--570b9f84-7ce4-4691-8548-45aa02de0b81",
"url--570b9f84-7ce4-4691-8548-45aa02de0b81",
"indicator--570b9f84-6d80-49dc-a0d8-4b5002de0b81",
"indicator--570b9f84-d638-4a5f-8acf-438c02de0b81",
"observed-data--570b9f85-468c-486c-8789-482c02de0b81",
"url--570b9f85-468c-486c-8789-482c02de0b81",
"indicator--570b9f85-c8c4-4377-b8ff-4d6a02de0b81",
"indicator--570b9f85-01bc-4752-91c3-440802de0b81",
"observed-data--570b9f86-6328-472b-889f-478002de0b81",
"url--570b9f86-6328-472b-889f-478002de0b81",
"indicator--570b9f86-5744-4fc4-822f-4abb02de0b81",
"indicator--570b9f86-2978-4f5e-8946-473002de0b81",
"observed-data--570b9f87-d4ec-4faf-954f-442302de0b81",
"url--570b9f87-d4ec-4faf-954f-442302de0b81",
"indicator--570b9f87-93b0-40c1-bc6f-41b102de0b81",
"indicator--570b9f88-4d60-490a-b807-449402de0b81",
"observed-data--570b9f88-a514-4043-8ffa-476c02de0b81",
"url--570b9f88-a514-4043-8ffa-476c02de0b81",
"indicator--570b9f88-0fb0-4695-8961-4ac802de0b81",
"indicator--570b9f89-568c-4380-ab31-475602de0b81",
"observed-data--570b9f89-5e98-4637-af9b-424002de0b81",
"url--570b9f89-5e98-4637-af9b-424002de0b81",
"indicator--570b9f89-a130-4255-b1c1-490d02de0b81",
"indicator--570b9f8a-2704-4f00-8969-4fca02de0b81",
"observed-data--570b9f8a-dec4-49f9-9cc1-4f0502de0b81",
"url--570b9f8a-dec4-49f9-9cc1-4f0502de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f09-912c-4f67-992c-42b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:56:41.000Z",
"modified": "2016-04-11T12:56:41.000Z",
"first_observed": "2016-04-11T12:56:41Z",
"last_observed": "2016-04-11T12:56:41Z",
"number_observed": 1,
"object_refs": [
"url--570b9f09-912c-4f67-992c-42b2950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f09-912c-4f67-992c-42b2950d210f",
"value": "http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-devices-used-to-execute-dns-malware-against-home-routers/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--570b9f1e-1a40-4b3e-813c-4315950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:02.000Z",
"modified": "2016-04-11T12:57:02.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Attacks against home routers have been going around for years\u00e2\u20ac\u201dfrom malware that rigs routers to DNS rebinding attacks and backdoors, among others. Just last year one of our researchers reported a Domain Name System (DNS) changer malware that redirected users to malicious pages when they visited specific websites. This enabled cyber crooks to get hold of the victims\u00e2\u20ac\u2122 online credentials, such as passwords and PINs.\r\n\r\nWe recently came across an attack that proves how the Internet of Things (IoT) can be an entry point for cybercriminal activities. In this attack, which has been going on since December 2015, it requires users to access malicious websites hosting the JavaScript via their mobile devices. Accessing these sites via mobile devices enable the JavaScript to download another JavaScript with DNS changing routines.\r\n\r\nDetected as JS_JITON, this JavaScript can be downloaded whether users are accessing compromised websites via their computers or mobile devices. However, the infection chain differs depending on the medium employed by users. For instance, JS_JITON downloads JS_JITONDNS that only infects mobile devices and triggers the DNS changing routine. JITON only exploits the vulnerability if the affected users have ZTE modems."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f36-ef00-4f0b-aec6-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:26.000Z",
"modified": "2016-04-11T12:57:26.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://lib.tongjii.us/tj.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f37-8c00-4a1c-8415-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:27.000Z",
"modified": "2016-04-11T12:57:27.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://lib.tongjii.us/tongji.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f37-6840-4611-a633-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:27.000Z",
"modified": "2016-04-11T12:57:27.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://cn.tongjii.us/show.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f37-e1f8-4474-8c30-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:27.000Z",
"modified": "2016-04-11T12:57:27.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://cn.tongjii.us/show1.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f38-5558-4947-b2d5-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:28.000Z",
"modified": "2016-04-11T12:57:28.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://dns.tongjj.info/dns/dlink.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f38-aee0-42e9-9a88-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:28.000Z",
"modified": "2016-04-11T12:57:28.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://dns.tongjj.info/dns/tplink.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f38-8f60-4a1d-8b16-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:28.000Z",
"modified": "2016-04-11T12:57:28.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://dns.tongjj.info/dns/zte.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f39-8b04-4aa3-b9a0-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:29.000Z",
"modified": "2016-04-11T12:57:29.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://dns.tongjj.info/dns/china/dlink.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f39-953c-409c-9bc3-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:29.000Z",
"modified": "2016-04-11T12:57:29.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://dns.tongjj.info/dns/china/tplink.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f39-8084-4bc7-adfc-d938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:57:29.000Z",
"modified": "2016-04-11T12:57:29.000Z",
"description": "Malicious website",
"pattern": "[url:value = 'http://dns.tongjj.info/dns/china/zte.js']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:57:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5a-f32c-4ae7-bda8-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:02.000Z",
"modified": "2016-04-11T12:58:02.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = '4b75a94613b7bf238948104092fe9fd4107fbf97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5a-d290-435e-a054-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:02.000Z",
"modified": "2016-04-11T12:58:02.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = 'da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5a-ed88-4967-a6c2-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:02.000Z",
"modified": "2016-04-11T12:58:02.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = 'f7d9dbc1c198de25512cb15f3c19827a2b2188df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5b-662c-49af-85ee-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:03.000Z",
"modified": "2016-04-11T12:58:03.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = '545c71b9988d6df27eae31e8738f28da7caae534']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5b-b6d4-4c0b-955c-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:03.000Z",
"modified": "2016-04-11T12:58:03.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = '67c28c29ebef9a57657e84dce83d458225447ae9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5c-8fec-4f80-b521-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:04.000Z",
"modified": "2016-04-11T12:58:04.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = '1f6e45204a28d9da16777d772eddf7e8d10e588a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5c-2500-4dec-a17a-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:04.000Z",
"modified": "2016-04-11T12:58:04.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = '331441f69ceae4d9f3a78f4b4b46bdc64c11bd4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5c-6c64-4872-b332-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:04.000Z",
"modified": "2016-04-11T12:58:04.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = '2f48f1c75f0984d722395b47cd10af9c15ea142f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5d-9294-4f3e-b1d9-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:05.000Z",
"modified": "2016-04-11T12:58:05.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = 'b6c423ff0c91fa65b63a37a136ca6bbe29fce34d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5d-b8f8-40de-93f5-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:05.000Z",
"modified": "2016-04-11T12:58:05.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = '9d37dcf8f87479545adf78d44ca97464491fe39a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5d-3ed0-457d-931c-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:05.000Z",
"modified": "2016-04-11T12:58:05.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = 'af3ececf550f9486d90fca6f7bb7c735318d50cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5e-8240-4939-b922-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:06.000Z",
"modified": "2016-04-11T12:58:06.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = 'ce034e437b20dce84e75a90ed2b3a58532ebcbb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5e-e41c-4513-a445-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:06.000Z",
"modified": "2016-04-11T12:58:06.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = 'acb1f8caa3d2babe37ea21014e0c79ce6c18f8a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f5e-7690-4f7e-a442-d939950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:06.000Z",
"modified": "2016-04-11T12:58:06.000Z",
"description": "JS_JITON sample",
"pattern": "[file:hashes.SHA1 = 'b62ea64db9643fe0a4331f724d234e19c149cabf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f7f-7164-4d5c-8bc9-463302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:39.000Z",
"modified": "2016-04-11T12:58:39.000Z",
"description": "JS_JITON sample - Xchecked via VT: acb1f8caa3d2babe37ea21014e0c79ce6c18f8a2",
"pattern": "[file:hashes.SHA256 = '295ccf30b6fd09ca858cfe749cdedfd8bb29c613452b66c9cdc24173ad213c9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f7f-df40-43bf-b3f2-498802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:39.000Z",
"modified": "2016-04-11T12:58:39.000Z",
"description": "JS_JITON sample - Xchecked via VT: acb1f8caa3d2babe37ea21014e0c79ce6c18f8a2",
"pattern": "[file:hashes.MD5 = '22ebde4114a9b7028beab9d8673fa1e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f7f-e33c-4a04-a835-4cc102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:39.000Z",
"modified": "2016-04-11T12:58:39.000Z",
"first_observed": "2016-04-11T12:58:39Z",
"last_observed": "2016-04-11T12:58:39Z",
"number_observed": 1,
"object_refs": [
"url--570b9f7f-e33c-4a04-a835-4cc102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f7f-e33c-4a04-a835-4cc102de0b81",
"value": "https://www.virustotal.com/file/295ccf30b6fd09ca858cfe749cdedfd8bb29c613452b66c9cdc24173ad213c9c/analysis/1449711767/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f80-ae0c-4c52-9d4c-4fab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:40.000Z",
"modified": "2016-04-11T12:58:40.000Z",
"description": "JS_JITON sample - Xchecked via VT: ce034e437b20dce84e75a90ed2b3a58532ebcbb9",
"pattern": "[file:hashes.SHA256 = 'a019a303c9e54bff72fd7bfcdd9b6264b42e9c7eb6f0ae3cf332f563b20c402a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f80-a664-41c5-ac22-433702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:40.000Z",
"modified": "2016-04-11T12:58:40.000Z",
"description": "JS_JITON sample - Xchecked via VT: ce034e437b20dce84e75a90ed2b3a58532ebcbb9",
"pattern": "[file:hashes.MD5 = '8a9975c9d8895ca9b1c380624cde780a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f81-d550-4ab5-b6ea-48b002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:41.000Z",
"modified": "2016-04-11T12:58:41.000Z",
"first_observed": "2016-04-11T12:58:41Z",
"last_observed": "2016-04-11T12:58:41Z",
"number_observed": 1,
"object_refs": [
"url--570b9f81-d550-4ab5-b6ea-48b002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f81-d550-4ab5-b6ea-48b002de0b81",
"value": "https://www.virustotal.com/file/a019a303c9e54bff72fd7bfcdd9b6264b42e9c7eb6f0ae3cf332f563b20c402a/analysis/1453586843/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f81-74fc-4995-9012-454b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:41.000Z",
"modified": "2016-04-11T12:58:41.000Z",
"description": "JS_JITON sample - Xchecked via VT: af3ececf550f9486d90fca6f7bb7c735318d50cd",
"pattern": "[file:hashes.SHA256 = 'b4eb873dd1c037dabe6da9e76af356575a9bd43c6b5bbdedc85e1ca4ad502c08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f81-9fa4-49d3-bbc4-40b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:41.000Z",
"modified": "2016-04-11T12:58:41.000Z",
"description": "JS_JITON sample - Xchecked via VT: af3ececf550f9486d90fca6f7bb7c735318d50cd",
"pattern": "[file:hashes.MD5 = '01f21760ba4411cb5488f287d74e4a71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f82-003c-41cd-8317-402202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:42.000Z",
"modified": "2016-04-11T12:58:42.000Z",
"first_observed": "2016-04-11T12:58:42Z",
"last_observed": "2016-04-11T12:58:42Z",
"number_observed": 1,
"object_refs": [
"url--570b9f82-003c-41cd-8317-402202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f82-003c-41cd-8317-402202de0b81",
"value": "https://www.virustotal.com/file/b4eb873dd1c037dabe6da9e76af356575a9bd43c6b5bbdedc85e1ca4ad502c08/analysis/1453655360/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f82-06d8-4854-99e0-429b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:42.000Z",
"modified": "2016-04-11T12:58:42.000Z",
"description": "JS_JITON sample - Xchecked via VT: b6c423ff0c91fa65b63a37a136ca6bbe29fce34d",
"pattern": "[file:hashes.SHA256 = '0c6acde9da4e9109f81ddd9315a66bf9e7f13d92bdd948ef1b2c8bc391e117a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f82-5bac-4b60-be5d-4aa802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:42.000Z",
"modified": "2016-04-11T12:58:42.000Z",
"description": "JS_JITON sample - Xchecked via VT: b6c423ff0c91fa65b63a37a136ca6bbe29fce34d",
"pattern": "[file:hashes.MD5 = 'b1e77eef8a1c0509593c424ac12a52d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f83-9c50-46c4-a6d8-4e1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:43.000Z",
"modified": "2016-04-11T12:58:43.000Z",
"first_observed": "2016-04-11T12:58:43Z",
"last_observed": "2016-04-11T12:58:43Z",
"number_observed": 1,
"object_refs": [
"url--570b9f83-9c50-46c4-a6d8-4e1a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f83-9c50-46c4-a6d8-4e1a02de0b81",
"value": "https://www.virustotal.com/file/0c6acde9da4e9109f81ddd9315a66bf9e7f13d92bdd948ef1b2c8bc391e117a6/analysis/1459939978/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f83-d724-4ad7-b398-418002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:43.000Z",
"modified": "2016-04-11T12:58:43.000Z",
"description": "JS_JITON sample - Xchecked via VT: 331441f69ceae4d9f3a78f4b4b46bdc64c11bd4a",
"pattern": "[file:hashes.SHA256 = 'dd80bc159d3f4a8130a499952a124bd0c8192c371ef62b789496c809894a822a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f83-faa0-45f9-89b8-430102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:43.000Z",
"modified": "2016-04-11T12:58:43.000Z",
"description": "JS_JITON sample - Xchecked via VT: 331441f69ceae4d9f3a78f4b4b46bdc64c11bd4a",
"pattern": "[file:hashes.MD5 = '5afcb17b3e53745b6fa987ca46bfde30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f84-7ce4-4691-8548-45aa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:44.000Z",
"modified": "2016-04-11T12:58:44.000Z",
"first_observed": "2016-04-11T12:58:44Z",
"last_observed": "2016-04-11T12:58:44Z",
"number_observed": 1,
"object_refs": [
"url--570b9f84-7ce4-4691-8548-45aa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f84-7ce4-4691-8548-45aa02de0b81",
"value": "https://www.virustotal.com/file/dd80bc159d3f4a8130a499952a124bd0c8192c371ef62b789496c809894a822a/analysis/1456446825/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f84-6d80-49dc-a0d8-4b5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:44.000Z",
"modified": "2016-04-11T12:58:44.000Z",
"description": "JS_JITON sample - Xchecked via VT: 1f6e45204a28d9da16777d772eddf7e8d10e588a",
"pattern": "[file:hashes.SHA256 = 'e05255556781f8c5700604c4c0c631d6c5c6a195ee734e01fb220297030e3b8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f84-d638-4a5f-8acf-438c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:44.000Z",
"modified": "2016-04-11T12:58:44.000Z",
"description": "JS_JITON sample - Xchecked via VT: 1f6e45204a28d9da16777d772eddf7e8d10e588a",
"pattern": "[file:hashes.MD5 = 'cc94092aa34f8a15abacd5912ad65def']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f85-468c-486c-8789-482c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:45.000Z",
"modified": "2016-04-11T12:58:45.000Z",
"first_observed": "2016-04-11T12:58:45Z",
"last_observed": "2016-04-11T12:58:45Z",
"number_observed": 1,
"object_refs": [
"url--570b9f85-468c-486c-8789-482c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f85-468c-486c-8789-482c02de0b81",
"value": "https://www.virustotal.com/file/e05255556781f8c5700604c4c0c631d6c5c6a195ee734e01fb220297030e3b8b/analysis/1452839571/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f85-c8c4-4377-b8ff-4d6a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:45.000Z",
"modified": "2016-04-11T12:58:45.000Z",
"description": "JS_JITON sample - Xchecked via VT: 67c28c29ebef9a57657e84dce83d458225447ae9",
"pattern": "[file:hashes.SHA256 = 'd17376cf4cb292b91b3b207caef7166aa92219d13b421771f8a56bb588aea74f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f85-01bc-4752-91c3-440802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:45.000Z",
"modified": "2016-04-11T12:58:45.000Z",
"description": "JS_JITON sample - Xchecked via VT: 67c28c29ebef9a57657e84dce83d458225447ae9",
"pattern": "[file:hashes.MD5 = '99fa606bb886163b675c9e76e6389c69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f86-6328-472b-889f-478002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:46.000Z",
"modified": "2016-04-11T12:58:46.000Z",
"first_observed": "2016-04-11T12:58:46Z",
"last_observed": "2016-04-11T12:58:46Z",
"number_observed": 1,
"object_refs": [
"url--570b9f86-6328-472b-889f-478002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f86-6328-472b-889f-478002de0b81",
"value": "https://www.virustotal.com/file/d17376cf4cb292b91b3b207caef7166aa92219d13b421771f8a56bb588aea74f/analysis/1451909306/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f86-5744-4fc4-822f-4abb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:46.000Z",
"modified": "2016-04-11T12:58:46.000Z",
"description": "JS_JITON sample - Xchecked via VT: 545c71b9988d6df27eae31e8738f28da7caae534",
"pattern": "[file:hashes.SHA256 = '0fbdba6c3e06dbf3255ec85b086a252a65b2411c26e0f09d7fb29b6775d48fc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f86-2978-4f5e-8946-473002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:46.000Z",
"modified": "2016-04-11T12:58:46.000Z",
"description": "JS_JITON sample - Xchecked via VT: 545c71b9988d6df27eae31e8738f28da7caae534",
"pattern": "[file:hashes.MD5 = '12ffd1585304d593bd63cfaf16d2de7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f87-d4ec-4faf-954f-442302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:47.000Z",
"modified": "2016-04-11T12:58:47.000Z",
"first_observed": "2016-04-11T12:58:47Z",
"last_observed": "2016-04-11T12:58:47Z",
"number_observed": 1,
"object_refs": [
"url--570b9f87-d4ec-4faf-954f-442302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f87-d4ec-4faf-954f-442302de0b81",
"value": "https://www.virustotal.com/file/0fbdba6c3e06dbf3255ec85b086a252a65b2411c26e0f09d7fb29b6775d48fc5/analysis/1458349418/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f87-93b0-40c1-bc6f-41b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:47.000Z",
"modified": "2016-04-11T12:58:47.000Z",
"description": "JS_JITON sample - Xchecked via VT: f7d9dbc1c198de25512cb15f3c19827a2b2188df",
"pattern": "[file:hashes.SHA256 = 'cf8f91b07ce83247aadc58eded46a59b51a939c4083e47b100a511a377057763']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f88-4d60-490a-b807-449402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:48.000Z",
"modified": "2016-04-11T12:58:48.000Z",
"description": "JS_JITON sample - Xchecked via VT: f7d9dbc1c198de25512cb15f3c19827a2b2188df",
"pattern": "[file:hashes.MD5 = '09a34b286a748573fa16d66957432df0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f88-a514-4043-8ffa-476c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:48.000Z",
"modified": "2016-04-11T12:58:48.000Z",
"first_observed": "2016-04-11T12:58:48Z",
"last_observed": "2016-04-11T12:58:48Z",
"number_observed": 1,
"object_refs": [
"url--570b9f88-a514-4043-8ffa-476c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f88-a514-4043-8ffa-476c02de0b81",
"value": "https://www.virustotal.com/file/cf8f91b07ce83247aadc58eded46a59b51a939c4083e47b100a511a377057763/analysis/1457939144/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f88-0fb0-4695-8961-4ac802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:48.000Z",
"modified": "2016-04-11T12:58:48.000Z",
"description": "JS_JITON sample - Xchecked via VT: da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb",
"pattern": "[file:hashes.SHA256 = '59ec2b49759dd09f18e6a99dd9424f56223bef43b624f37979e02bd21c976722']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f89-568c-4380-ab31-475602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:49.000Z",
"modified": "2016-04-11T12:58:49.000Z",
"description": "JS_JITON sample - Xchecked via VT: da19d2b503932bfb7b0ccf6c40b9f0b0d19282fb",
"pattern": "[file:hashes.MD5 = 'e3234a0a314ab9037281a61532d9f385']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f89-5e98-4637-af9b-424002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:49.000Z",
"modified": "2016-04-11T12:58:49.000Z",
"first_observed": "2016-04-11T12:58:49Z",
"last_observed": "2016-04-11T12:58:49Z",
"number_observed": 1,
"object_refs": [
"url--570b9f89-5e98-4637-af9b-424002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f89-5e98-4637-af9b-424002de0b81",
"value": "https://www.virustotal.com/file/59ec2b49759dd09f18e6a99dd9424f56223bef43b624f37979e02bd21c976722/analysis/1458825711/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f89-a130-4255-b1c1-490d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:49.000Z",
"modified": "2016-04-11T12:58:49.000Z",
"description": "JS_JITON sample - Xchecked via VT: 4b75a94613b7bf238948104092fe9fd4107fbf97",
"pattern": "[file:hashes.SHA256 = 'a1aabff6b63746df8c0c022ab54645a2945d1fcabfbbb047a0ab3d322fd15c66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570b9f8a-2704-4f00-8969-4fca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:50.000Z",
"modified": "2016-04-11T12:58:50.000Z",
"description": "JS_JITON sample - Xchecked via VT: 4b75a94613b7bf238948104092fe9fd4107fbf97",
"pattern": "[file:hashes.MD5 = 'cc1a14c0183b22881f7fe3d7ce247ba3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-11T12:58:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570b9f8a-dec4-49f9-9cc1-4f0502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-11T12:58:50.000Z",
"modified": "2016-04-11T12:58:50.000Z",
"first_observed": "2016-04-11T12:58:50Z",
"last_observed": "2016-04-11T12:58:50Z",
"number_observed": 1,
"object_refs": [
"url--570b9f8a-dec4-49f9-9cc1-4f0502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570b9f8a-dec4-49f9-9cc1-4f0502de0b81",
"value": "https://www.virustotal.com/file/a1aabff6b63746df8c0c022ab54645a2945d1fcabfbbb047a0ab3d322fd15c66/analysis/1459487002/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}