misp-circl-feed/feeds/circl/misp/58e73aab-3530-44d8-94b7-4cbf950d210f.json

1601 lines
No EOL
67 KiB
JSON

{
"type": "bundle",
"id": "bundle--58e73aab-3530-44d8-94b7-4cbf950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:39.000Z",
"modified": "2017-04-07T10:13:39.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58e73aab-3530-44d8-94b7-4cbf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:39.000Z",
"modified": "2017-04-07T10:13:39.000Z",
"name": "OSINT - High-Volume Dridex Campaigns Return, First to Hit Millions Since June 2016",
"published": "2017-04-07T10:15:39Z",
"object_refs": [
"indicator--58e73b5f-bd3c-4749-b338-4683950d210f",
"indicator--58e73b60-9508-41a5-b5d4-4076950d210f",
"indicator--58e73b61-5820-4259-bf31-47ad950d210f",
"observed-data--58e73b73-775c-4c97-a655-4120950d210f",
"url--58e73b73-775c-4c97-a655-4120950d210f",
"indicator--58e73cbd-d934-4c4f-9673-4aed950d210f",
"indicator--58e73cbe-0a68-4d90-9596-450a950d210f",
"indicator--58e73cbf-c770-4e6d-97b8-4004950d210f",
"indicator--58e73cc0-08cc-4ade-84b3-44fa950d210f",
"indicator--58e73cc1-ce74-4efe-b509-483d950d210f",
"indicator--58e73cc2-0044-43f2-8a9f-4cd3950d210f",
"indicator--58e73cc3-5ad8-48e1-ae5e-4e5f950d210f",
"indicator--58e73d58-13c4-4a30-8f9b-4072950d210f",
"indicator--58e73d59-2f14-4f5d-8b44-4275950d210f",
"indicator--58e73d5a-3b5c-4902-a0c9-4608950d210f",
"indicator--58e73d5b-aab0-4ab1-85b4-4007950d210f",
"indicator--58e73da3-cf44-49cc-9c82-4fd1950d210f",
"indicator--58e73da4-a844-4319-851a-491c950d210f",
"indicator--58e73de0-26d0-4e32-b380-47e4950d210f",
"indicator--58e73de1-26f8-4352-862a-4204950d210f",
"indicator--58e73de2-9c50-4fe6-99d3-431e950d210f",
"indicator--58e73de3-cee8-4425-9217-43c2950d210f",
"indicator--58e73de5-d9c8-48b4-91ce-40cf950d210f",
"indicator--58e73de6-1c44-421f-b169-465c950d210f",
"x-misp-attribute--58e73e57-0c84-41fe-a209-491d950d210f",
"indicator--58e73fc0-6d00-4fcd-9200-4af8950d210f",
"indicator--58e73fc2-fbf8-4eb2-b55e-47f9950d210f",
"indicator--58e73fc4-5f60-4ad3-b30c-42bf950d210f",
"indicator--58e73fc6-f0a0-4574-89c8-4dee950d210f",
"indicator--58e73fc8-4d50-453a-af40-4238950d210f",
"indicator--58e73fca-7608-49de-8ecf-4130950d210f",
"indicator--58e73fcc-4910-4c8e-817e-4be1950d210f",
"indicator--58e73fce-f480-4d25-be75-4505950d210f",
"indicator--58e73ff3-8c9c-4cd0-b98b-4e5d950d210f",
"indicator--58e73ff4-ecfc-48fd-9970-4075950d210f",
"indicator--58e73ff5-1f6c-4567-bb07-4a94950d210f",
"indicator--58e76654-0f90-4af3-9d77-499302de0b81",
"indicator--58e76655-1eb0-46f4-b791-413602de0b81",
"observed-data--58e76656-b394-4f3d-8498-40ac02de0b81",
"url--58e76656-b394-4f3d-8498-40ac02de0b81",
"indicator--58e76657-0cf8-48f2-9e77-45eb02de0b81",
"indicator--58e76658-8684-4696-9e23-4c7402de0b81",
"observed-data--58e76659-b41c-4a12-afdf-41af02de0b81",
"url--58e76659-b41c-4a12-afdf-41af02de0b81",
"indicator--58e7665a-89dc-48f5-a69e-4d3b02de0b81",
"indicator--58e7665b-d364-4005-b2c2-406902de0b81",
"observed-data--58e7665c-5394-4250-9d8c-49f302de0b81",
"url--58e7665c-5394-4250-9d8c-49f302de0b81",
"indicator--58e7665d-3844-4f1f-9fa8-40e202de0b81",
"indicator--58e7665e-9778-483d-9712-4e2202de0b81",
"observed-data--58e7665f-c77c-4b35-acd9-4f0302de0b81",
"url--58e7665f-c77c-4b35-acd9-4f0302de0b81",
"indicator--58e76660-f4ec-4ac7-96c6-4e9202de0b81",
"indicator--58e76660-28a0-4837-b925-405202de0b81",
"observed-data--58e76661-edf0-4e21-945d-4df102de0b81",
"url--58e76661-edf0-4e21-945d-4df102de0b81",
"indicator--58e76662-6f30-4eeb-987b-441602de0b81",
"indicator--58e76663-b798-454f-887a-460502de0b81",
"observed-data--58e76664-e204-4ed7-8ab0-439c02de0b81",
"url--58e76664-e204-4ed7-8ab0-439c02de0b81",
"indicator--58e76665-f120-4ccd-a42c-4e7502de0b81",
"indicator--58e76666-87b4-420b-92f6-433c02de0b81",
"observed-data--58e76667-b1b0-43d3-bacd-413102de0b81",
"url--58e76667-b1b0-43d3-bacd-413102de0b81",
"indicator--58e76668-dbac-41b1-84c0-41fc02de0b81",
"indicator--58e76669-a3c0-454b-8635-43ea02de0b81",
"observed-data--58e7666a-9bb8-40ac-a37a-4e9402de0b81",
"url--58e7666a-9bb8-40ac-a37a-4e9402de0b81",
"indicator--58e7666b-5a48-4cf6-a3f5-4cb502de0b81",
"indicator--58e7666c-7810-4fa4-9361-4e4d02de0b81",
"observed-data--58e7666d-4628-4053-a1a9-4bb602de0b81",
"url--58e7666d-4628-4053-a1a9-4bb602de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:tool=\"Dridex\"",
"osint:source-type=\"blog-post\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73b5f-bd3c-4749-b338-4683950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "VBS Downloader Example",
"pattern": "[file:hashes.SHA256 = '84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73b60-9508-41a5-b5d4-4076950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Macro Document",
"pattern": "[file:hashes.SHA256 = '1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73b61-5820-4259-bf31-47ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Macro Document",
"pattern": "[file:hashes.SHA256 = '743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e73b73-775c-4c97-a655-4120950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:15.000Z",
"modified": "2017-04-07T10:13:15.000Z",
"first_observed": "2017-04-07T10:13:15Z",
"last_observed": "2017-04-07T10:13:15Z",
"number_observed": 1,
"object_refs": [
"url--58e73b73-775c-4c97-a655-4120950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e73b73-775c-4c97-a655-4120950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/high-volume-dridex-campaigns-return"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73cbd-d934-4c4f-9673-4aed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Document Payload",
"pattern": "[url:value = 'http://meyermuehltal.de/0h656jk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73cbe-0a68-4d90-9596-450a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Document Payload",
"pattern": "[url:value = 'http://technologyservice.eu/0h656jk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73cbf-c770-4e6d-97b8-4004950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Document Payload",
"pattern": "[url:value = 'http://tspars.com/0h656jk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73cc0-08cc-4ade-84b3-44fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Document Payload",
"pattern": "[url:value = 'http://thaipowertools.com/0h656jk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73cc1-ce74-4efe-b509-483d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Document Payload",
"pattern": "[url:value = 'http://www.movimentodiesel.gr/0h656jk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73cc2-0044-43f2-8a9f-4cd3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Document Payload",
"pattern": "[url:value = 'http://lhgarden.org/0h656jk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73cc3-5ad8-48e1-ae5e-4e5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Document Payload",
"pattern": "[url:value = 'http://www.soulcube.com/0h656jk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73d58-13c4-4a30-8f9b-4072950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "VBS Payload",
"pattern": "[url:value = 'http://roylgrafix.com/76gbce?']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73d59-2f14-4f5d-8b44-4275950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "VBS Payload",
"pattern": "[url:value = 'http://signwaves.net/76gbce?']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73d5a-3b5c-4902-a0c9-4608950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "VBS Payload",
"pattern": "[url:value = 'http://testsite.prosun.com/76gbce?']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73d5b-aab0-4ab1-85b4-4007950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "VBS Payload",
"pattern": "[url:value = 'http://omurongen.com/76gbce?']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73da3-cf44-49cc-9c82-4fd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Smoke Loader Payload",
"pattern": "[url:value = 'http://pastasmolinero.es/76gf33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73da4-a844-4319-851a-491c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Quant Loader Payload",
"pattern": "[url:value = 'http://nzhat.net/9jgtyft6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73de0-26d0-4e32-b380-47e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Botnet 7500 Loader",
"pattern": "[file:hashes.SHA256 = 'dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73de1-26f8-4352-862a-4204950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Botnet 7500 Loader",
"pattern": "[file:hashes.SHA256 = '20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73de2-9c50-4fe6-99d3-431e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Smoke Loader",
"pattern": "[file:hashes.SHA256 = '4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73de3-cee8-4425-9217-43c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Botnet 7200 Loader",
"pattern": "[file:hashes.SHA256 = '379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73de5-d9c8-48b4-91ce-40cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Botnet 7200 Loader",
"pattern": "[file:hashes.SHA256 = '6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73de6-1c44-421f-b169-465c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Quant Loader",
"pattern": "[file:hashes.SHA256 = 'ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58e73e57-0c84-41fe-a209-491d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"labels": [
"misp:type=\"other\"",
"misp:category=\"Payload delivery\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "Dridex Botnet 7200 Loader",
"x_misp_type": "other",
"x_misp_value": "5054518c52e70f86a6e42641b094e9b64df96bd65C&C9ab0d21e810dcf14c87b5|SHA256|Dridex Botnet 7200 Loader"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fc0-6d00-4fcd-9200-4af8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.8.247.36' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fc2-fbf8-4eb2-b55e-47f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.12.229.190' AND network-traffic:dst_port = '8043']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fc4-5f60-4ad3-b30c-42bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.170.0.14' AND network-traffic:dst_port = '8043']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fc6-f0a0-4574-89c8-4dee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.120.172.171' AND network-traffic:dst_port = '4143']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fc8-4d50-453a-af40-4238950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.219.28.55' AND network-traffic:dst_port = '443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fca-7608-49de-8ecf-4130950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.32.255.130' AND network-traffic:dst_port = '44343']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fcc-4910-4c8e-817e-4be1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.197.39.1' AND network-traffic:dst_port = '8443']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73fce-f480-4d25-be75-4505950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Dridex Loader C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.88.209.221' AND network-traffic:dst_port = '4413']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"ip-dst|port\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73ff3-8c9c-4cd0-b98b-4e5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Smoke Loader C&C",
"pattern": "[url:value = 'http://justjohnwilhertthet.ws/m/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73ff4-ecfc-48fd-9970-4075950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Quant Loader C&C",
"pattern": "[url:value = 'http://jusevengwassresbet.ws/q/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e73ff5-1f6c-4567-bb07-4a94950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:12:57.000Z",
"modified": "2017-04-07T10:12:57.000Z",
"description": "Quant Loader C&C",
"pattern": "[url:value = 'http://sinmanarattot.ws/q/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:12:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76654-0f90-4af3-9d77-499302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:40.000Z",
"modified": "2017-04-07T10:13:40.000Z",
"description": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1",
"pattern": "[file:hashes.SHA1 = '155863bcd4ea677986beb13b1e519f3f71cf2183']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76655-1eb0-46f4-b791-413602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:41.000Z",
"modified": "2017-04-07T10:13:41.000Z",
"description": "Quant Loader - Xchecked via VT: ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1",
"pattern": "[file:hashes.MD5 = '3ede7214e1fe848aefd67e8d11beec00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e76656-b394-4f3d-8498-40ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:42.000Z",
"modified": "2017-04-07T10:13:42.000Z",
"first_observed": "2017-04-07T10:13:42Z",
"last_observed": "2017-04-07T10:13:42Z",
"number_observed": 1,
"object_refs": [
"url--58e76656-b394-4f3d-8498-40ac02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e76656-b394-4f3d-8498-40ac02de0b81",
"value": "https://www.virustotal.com/file/ac4d02637e1e01b16062f368658275cb8400b21f6592819d3a09dbee31cb5cc1/analysis/1491538426/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76657-0cf8-48f2-9e77-45eb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:43.000Z",
"modified": "2017-04-07T10:13:43.000Z",
"description": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd",
"pattern": "[file:hashes.SHA1 = '694266450ffedf4008f0cf0e5573c63c56f2e5d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76658-8684-4696-9e23-4c7402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:44.000Z",
"modified": "2017-04-07T10:13:44.000Z",
"description": "Dridex Botnet 7200 Loader - Xchecked via VT: 6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd",
"pattern": "[file:hashes.MD5 = 'f4e11acef79702561dea6070d4dbba45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e76659-b41c-4a12-afdf-41af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:45.000Z",
"modified": "2017-04-07T10:13:45.000Z",
"first_observed": "2017-04-07T10:13:45Z",
"last_observed": "2017-04-07T10:13:45Z",
"number_observed": 1,
"object_refs": [
"url--58e76659-b41c-4a12-afdf-41af02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e76659-b41c-4a12-afdf-41af02de0b81",
"value": "https://www.virustotal.com/file/6adda664e3ab2936a8dbe8e95e10d33e34d13fbe375123c69abf3ac5fbf52fcd/analysis/1491294800/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e7665a-89dc-48f5-a69e-4d3b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:46.000Z",
"modified": "2017-04-07T10:13:46.000Z",
"description": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22",
"pattern": "[file:hashes.SHA1 = '44bbd62533c8b1257a02f11756b39ebca77eda78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e7665b-d364-4005-b2c2-406902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:47.000Z",
"modified": "2017-04-07T10:13:47.000Z",
"description": "Dridex Botnet 7200 Loader - Xchecked via VT: 379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22",
"pattern": "[file:hashes.MD5 = '0243c9bb903d6f89d7eeadae882cf591']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e7665c-5394-4250-9d8c-49f302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:48.000Z",
"modified": "2017-04-07T10:13:48.000Z",
"first_observed": "2017-04-07T10:13:48Z",
"last_observed": "2017-04-07T10:13:48Z",
"number_observed": 1,
"object_refs": [
"url--58e7665c-5394-4250-9d8c-49f302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e7665c-5394-4250-9d8c-49f302de0b81",
"value": "https://www.virustotal.com/file/379466fd81787399f7da3bfaab288c4b67ba3518c0225d1deabf9bc833dcaa22/analysis/1491192423/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e7665d-3844-4f1f-9fa8-40e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:49.000Z",
"modified": "2017-04-07T10:13:49.000Z",
"description": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02",
"pattern": "[file:hashes.SHA1 = 'a6cc5c3aedf9eba6ff3f18b76430e3f8efb90f57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e7665e-9778-483d-9712-4e2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:50.000Z",
"modified": "2017-04-07T10:13:50.000Z",
"description": "Smoke Loader - Xchecked via VT: 4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02",
"pattern": "[file:hashes.MD5 = 'c738746c751e3f4465cdf20959ed7115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e7665f-c77c-4b35-acd9-4f0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:51.000Z",
"modified": "2017-04-07T10:13:51.000Z",
"first_observed": "2017-04-07T10:13:51Z",
"last_observed": "2017-04-07T10:13:51Z",
"number_observed": 1,
"object_refs": [
"url--58e7665f-c77c-4b35-acd9-4f0302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e7665f-c77c-4b35-acd9-4f0302de0b81",
"value": "https://www.virustotal.com/file/4d76f25637f4193457b124290f878a47b5b9361ff486b79dc48a2d5c3648de02/analysis/1491540064/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76660-f4ec-4ac7-96c6-4e9202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:52.000Z",
"modified": "2017-04-07T10:13:52.000Z",
"description": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81",
"pattern": "[file:hashes.SHA1 = '6812c5b94ea2452b794e8e735428eddd415e1bb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76660-28a0-4837-b925-405202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:52.000Z",
"modified": "2017-04-07T10:13:52.000Z",
"description": "Dridex Botnet 7500 Loader - Xchecked via VT: 20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81",
"pattern": "[file:hashes.MD5 = 'e50522bf1817a8f5698b740e5225c34f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e76661-edf0-4e21-945d-4df102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:53.000Z",
"modified": "2017-04-07T10:13:53.000Z",
"first_observed": "2017-04-07T10:13:53Z",
"last_observed": "2017-04-07T10:13:53Z",
"number_observed": 1,
"object_refs": [
"url--58e76661-edf0-4e21-945d-4df102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e76661-edf0-4e21-945d-4df102de0b81",
"value": "https://www.virustotal.com/file/20b61b6ce821f8011f2cb1a409e6221b7bc1ae3a0cde56d66b025d12d640ee81/analysis/1491282981/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76662-6f30-4eeb-987b-441602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:54.000Z",
"modified": "2017-04-07T10:13:54.000Z",
"description": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a",
"pattern": "[file:hashes.SHA1 = '7eb1ab6a19b3ab9fc8dd96f73e5a696571a72400']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76663-b798-454f-887a-460502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:55.000Z",
"modified": "2017-04-07T10:13:55.000Z",
"description": "Dridex Botnet 7500 Loader - Xchecked via VT: dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a",
"pattern": "[file:hashes.MD5 = '41a5b1d50947452adb663abcb6ecb829']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e76664-e204-4ed7-8ab0-439c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:56.000Z",
"modified": "2017-04-07T10:13:56.000Z",
"first_observed": "2017-04-07T10:13:56Z",
"last_observed": "2017-04-07T10:13:56Z",
"number_observed": 1,
"object_refs": [
"url--58e76664-e204-4ed7-8ab0-439c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e76664-e204-4ed7-8ab0-439c02de0b81",
"value": "https://www.virustotal.com/file/dfd99e050505ec41bc41fbaf51fee908fcda8c17a1bc92623748d34915c5bc0a/analysis/1491188391/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76665-f120-4ccd-a42c-4e7502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:57.000Z",
"modified": "2017-04-07T10:13:57.000Z",
"description": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20",
"pattern": "[file:hashes.SHA1 = 'f40791fd456f4e9429cbcc231e5550bfe8fcb906']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76666-87b4-420b-92f6-433c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:58.000Z",
"modified": "2017-04-07T10:13:58.000Z",
"description": "Macro Document - Xchecked via VT: 743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20",
"pattern": "[file:hashes.MD5 = '130b76fcf04f44433fa075c3cc596d03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:13:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e76667-b1b0-43d3-bacd-413102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:13:59.000Z",
"modified": "2017-04-07T10:13:59.000Z",
"first_observed": "2017-04-07T10:13:59Z",
"last_observed": "2017-04-07T10:13:59Z",
"number_observed": 1,
"object_refs": [
"url--58e76667-b1b0-43d3-bacd-413102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e76667-b1b0-43d3-bacd-413102de0b81",
"value": "https://www.virustotal.com/file/743f6538c1dc1b224e443356f9bf3ae3954f2dea2c3b6e7986a5bc410b8dda20/analysis/1491287540/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76668-dbac-41b1-84c0-41fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:14:00.000Z",
"modified": "2017-04-07T10:14:00.000Z",
"description": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8",
"pattern": "[file:hashes.SHA1 = '49858617e73d5a56894140d90f0d75fe59496b1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:14:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e76669-a3c0-454b-8635-43ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:14:01.000Z",
"modified": "2017-04-07T10:14:01.000Z",
"description": "Macro Document - Xchecked via VT: 1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8",
"pattern": "[file:hashes.MD5 = '6c8104146ba1bb6e1a4c3b8b6f6a1fa9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:14:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e7666a-9bb8-40ac-a37a-4e9402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:14:02.000Z",
"modified": "2017-04-07T10:14:02.000Z",
"first_observed": "2017-04-07T10:14:02Z",
"last_observed": "2017-04-07T10:14:02Z",
"number_observed": 1,
"object_refs": [
"url--58e7666a-9bb8-40ac-a37a-4e9402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e7666a-9bb8-40ac-a37a-4e9402de0b81",
"value": "https://www.virustotal.com/file/1ac8931791374c156c8e619b4ca66fdcbd31a56203fa3a429d981e20955099c8/analysis/1491436931/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e7666b-5a48-4cf6-a3f5-4cb502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:14:03.000Z",
"modified": "2017-04-07T10:14:03.000Z",
"description": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69",
"pattern": "[file:hashes.SHA1 = '71792564c59392c6f875c18bb62b7f501ba48a5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:14:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58e7666c-7810-4fa4-9361-4e4d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:14:04.000Z",
"modified": "2017-04-07T10:14:04.000Z",
"description": "VBS Downloader Example - Xchecked via VT: 84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69",
"pattern": "[file:hashes.MD5 = '1cdecc032262cc06375296dd7d907968']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-04-07T10:14:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58e7666d-4628-4053-a1a9-4bb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-04-07T10:14:05.000Z",
"modified": "2017-04-07T10:14:05.000Z",
"first_observed": "2017-04-07T10:14:05Z",
"last_observed": "2017-04-07T10:14:05Z",
"number_observed": 1,
"object_refs": [
"url--58e7666d-4628-4053-a1a9-4bb602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58e7666d-4628-4053-a1a9-4bb602de0b81",
"value": "https://www.virustotal.com/file/84c9028a1d25e5f171c170179f2f1ea3e1eab9514812ab9e4b617de822b46e69/analysis/1491200234/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}