1781 lines
No EOL
74 KiB
JSON
1781 lines
No EOL
74 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5af14dc2-e6fc-41be-a917-865d950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-24T08:43:32.000Z",
|
|
"modified": "2018-09-24T08:43:32.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--5af14dc2-e6fc-41be-a917-865d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-09-24T08:43:32.000Z",
|
|
"modified": "2018-09-24T08:43:32.000Z",
|
|
"name": "OSINT - Malicious Documents Targeting Security Professionals",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"observed-data--5af14e94-9914-4907-b0fe-86a0950d210f",
|
|
"url--5af14e94-9914-4907-b0fe-86a0950d210f",
|
|
"x-misp-attribute--5af19b99-e94c-4553-8161-4273950d210f",
|
|
"indicator--5af19a71-83f8-4b1d-a40a-474a950d210f",
|
|
"indicator--5af19a70-3148-49a0-a827-4f48950d210f",
|
|
"indicator--5af19a70-2078-4023-9df3-4ac7950d210f",
|
|
"indicator--5af19a70-2a3c-456c-9960-4241950d210f",
|
|
"indicator--5af19a6f-fd10-4266-b7d6-4c3c950d210f",
|
|
"indicator--5af19a6f-e62c-425c-a2f8-4873950d210f",
|
|
"indicator--5af19a6e-5498-42df-b551-40cd950d210f",
|
|
"indicator--5af19a6e-6540-41da-8bad-43b8950d210f",
|
|
"indicator--5af19a6d-8f4c-4bbb-8e2a-411a950d210f",
|
|
"indicator--5af19a6d-5c48-4ee1-83ad-43bb950d210f",
|
|
"indicator--5af19a6c-49cc-4ec7-a001-4b81950d210f",
|
|
"indicator--5af19a6c-0180-4082-a38a-43eb950d210f",
|
|
"indicator--5af19a6c-9c20-42c3-8068-4531950d210f",
|
|
"indicator--5af19a6b-043c-446b-b689-4f22950d210f",
|
|
"indicator--5af19a6b-1e40-41b1-9eab-409f950d210f",
|
|
"indicator--5af19a6a-4adc-4e8d-b17f-4443950d210f",
|
|
"indicator--5af19a6a-7868-4680-b1f4-42f7950d210f",
|
|
"indicator--5af19a6a-931c-49f2-a751-4fd5950d210f",
|
|
"indicator--5af19a69-0ae0-4e62-8641-4ab3950d210f",
|
|
"indicator--5af19a69-7294-47e3-b9f7-49f7950d210f",
|
|
"indicator--5af19a68-1acc-473c-913c-4ad9950d210f",
|
|
"indicator--5af19a68-4948-4be3-b110-4037950d210f",
|
|
"indicator--5af19a68-ab70-472f-9767-466c950d210f",
|
|
"indicator--5af19a67-84fc-406c-8f62-4f8b950d210f",
|
|
"indicator--5af19a67-a17c-4c26-8311-435a950d210f",
|
|
"indicator--5af19a66-9c64-4813-8edb-46fb950d210f",
|
|
"indicator--5af19a66-58a0-4c24-8b76-43cc950d210f",
|
|
"indicator--5af19a66-62bc-42e3-9963-40a1950d210f",
|
|
"indicator--5af19a65-51e8-4408-9455-4f56950d210f",
|
|
"indicator--5af19a65-68f0-4291-b9d8-4157950d210f",
|
|
"indicator--5af19a64-682c-4b97-a62b-458b950d210f",
|
|
"indicator--5af19a64-d5e0-4675-9dda-426d950d210f",
|
|
"indicator--5af19a64-054c-49d7-a3fe-4559950d210f",
|
|
"indicator--5af19a63-f814-405d-8d73-4470950d210f",
|
|
"indicator--5af19a63-f0d8-4576-90d9-4d5d950d210f",
|
|
"indicator--5af19a62-58e0-4b68-a495-4718950d210f",
|
|
"indicator--5af19a62-3544-4c09-810c-40e2950d210f",
|
|
"indicator--5af19a62-3f68-4337-915d-45c8950d210f",
|
|
"indicator--5af19a61-dbac-4eef-87e3-461b950d210f",
|
|
"indicator--5af19a60-446c-4ca8-9ff8-4232950d210f",
|
|
"indicator--5af19a5f-246c-4f93-8b55-4121950d210f",
|
|
"indicator--5af19a5f-fcf4-4915-b11d-4a1f950d210f",
|
|
"indicator--5af19a5f-9e70-48d0-abfb-4df5950d210f",
|
|
"indicator--5af19a5e-0e20-4e33-9a94-405c950d210f",
|
|
"indicator--5af19a5e-6b84-4031-8012-43c7950d210f",
|
|
"indicator--5af19a5d-01c0-4ed9-9b6d-4493950d210f",
|
|
"indicator--5af19a5d-999c-4530-9b17-4c88950d210f",
|
|
"indicator--5af19a5c-a474-4a26-8cc0-4666950d210f",
|
|
"indicator--5af19a5c-9cb4-4fbd-9981-4b68950d210f",
|
|
"indicator--5af19a5b-4044-4cf8-a777-46b3950d210f",
|
|
"indicator--5af19b1d-a4b4-4ceb-8f5d-4d23950d210f",
|
|
"indicator--5af19b2f-11f0-400f-a7c0-4d86950d210f",
|
|
"indicator--5af19b44-a0ac-4250-b880-4b8b950d210f",
|
|
"indicator--5af19b54-e774-4814-9e53-4631950d210f",
|
|
"indicator--5af19b65-88d4-4364-b0e2-473f950d210f",
|
|
"indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef",
|
|
"x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6",
|
|
"indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680",
|
|
"x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e",
|
|
"indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab",
|
|
"x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461",
|
|
"indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c",
|
|
"x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330",
|
|
"indicator--17ef59e9-90d1-419f-8e13-876d80929841",
|
|
"x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde",
|
|
"relationship--e68801a5-0437-47a6-8706-371b4bb781e4",
|
|
"relationship--b76216fe-abb1-4cbd-8ebd-d9e89cf84198",
|
|
"relationship--48742284-af3f-40cb-b7e9-b02ad8d0ba3c",
|
|
"relationship--701d1687-547d-44b5-93e0-2e93f0ed7e0b",
|
|
"relationship--95b33e7a-e47c-466e-853d-1defe4de16dc"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"admiralty-scale:information-credibility=\"4\"",
|
|
"estimative-language:confidence-in-analytic-judgment=\"low\"",
|
|
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
|
|
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
|
|
"misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"",
|
|
"misp-galaxy:threat-actor=\"Sofacy\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5af14e94-9914-4907-b0fe-86a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:39.000Z",
|
|
"modified": "2018-05-08T12:50:39.000Z",
|
|
"first_observed": "2018-05-08T12:50:39Z",
|
|
"last_observed": "2018-05-08T12:50:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5af14e94-9914-4907-b0fe-86a0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5af14e94-9914-4907-b0fe-86a0950d210f",
|
|
"value": "https://www.jigsawsecurityenterprise.com/single-post/2017/11/01/Malicious-Documents-Targeting-Security-Professionals"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5af19b99-e94c-4553-8161-4273950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:39.000Z",
|
|
"modified": "2018-05-08T12:50:39.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear\u2026). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 at Washington, D.C. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a71-83f8-4b1d-a40a-474a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:40.000Z",
|
|
"modified": "2018-05-08T12:50:40.000Z",
|
|
"pattern": "[domain-name:value = 'www.sdhjjekfp4k.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a70-3148-49a0-a827-4f48950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:40.000Z",
|
|
"modified": "2018-05-08T12:50:40.000Z",
|
|
"pattern": "[domain-name:value = 'www.cdnmsnupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a70-2078-4023-9df3-4ac7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:41.000Z",
|
|
"modified": "2018-05-08T12:50:41.000Z",
|
|
"pattern": "[domain-name:value = 'www.adobeproduct.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a70-2a3c-456c-9960-4241950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:41.000Z",
|
|
"modified": "2018-05-08T12:50:41.000Z",
|
|
"pattern": "[domain-name:value = 'windows81.duckdns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6f-fd10-4266-b7d6-4c3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:41.000Z",
|
|
"modified": "2018-05-08T12:50:41.000Z",
|
|
"pattern": "[domain-name:value = 'windows.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6f-e62c-425c-a2f8-4873950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:42.000Z",
|
|
"modified": "2018-05-08T12:50:42.000Z",
|
|
"pattern": "[domain-name:value = 'w9umi9wrvzsvlvstvfvslbumdfdvda5tl.1.d.255.adobeproduct.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6e-5498-42df-b551-40cd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:42.000Z",
|
|
"modified": "2018-05-08T12:50:42.000Z",
|
|
"pattern": "[domain-name:value = 'vascothreatscan.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6e-6540-41da-8bad-43b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:43.000Z",
|
|
"modified": "2018-05-08T12:50:43.000Z",
|
|
"pattern": "[domain-name:value = 'sinkhole.tigersecurity.pro']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6d-8f4c-4bbb-8e2a-411a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:43.000Z",
|
|
"modified": "2018-05-08T12:50:43.000Z",
|
|
"pattern": "[domain-name:value = 'runssnetworks.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6d-5c48-4ee1-83ad-43bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:43.000Z",
|
|
"modified": "2018-05-08T12:50:43.000Z",
|
|
"pattern": "[domain-name:value = 'protectingsearch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6c-49cc-4ec7-a001-4b81950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:44.000Z",
|
|
"modified": "2018-05-08T12:50:44.000Z",
|
|
"pattern": "[domain-name:value = 'peacefund.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6c-0180-4082-a38a-43eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:44.000Z",
|
|
"modified": "2018-05-08T12:50:44.000Z",
|
|
"pattern": "[domain-name:value = 'ns3.cdnmsnupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6c-9c20-42c3-8068-4531950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:45.000Z",
|
|
"modified": "2018-05-08T12:50:45.000Z",
|
|
"pattern": "[domain-name:value = 'ns2.ntpupdateserver.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6b-043c-446b-b689-4f22950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:45.000Z",
|
|
"modified": "2018-05-08T12:50:45.000Z",
|
|
"pattern": "[domain-name:value = 'ns2.cdnmsnupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6b-1e40-41b1-9eab-409f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:46.000Z",
|
|
"modified": "2018-05-08T12:50:46.000Z",
|
|
"pattern": "[domain-name:value = 'ns1.cdnmsnupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6a-4adc-4e8d-b17f-4443950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:46.000Z",
|
|
"modified": "2018-05-08T12:50:46.000Z",
|
|
"pattern": "[domain-name:value = 'networkschecker.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6a-7868-4680-b1f4-42f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:47.000Z",
|
|
"modified": "2018-05-08T12:50:47.000Z",
|
|
"pattern": "[domain-name:value = 'n.n.c.303ff7b225c14f1498a2.cdnmsnupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a6a-931c-49f2-a751-4fd5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:47.000Z",
|
|
"modified": "2018-05-08T12:50:47.000Z",
|
|
"pattern": "[domain-name:value = 'n.n.c.26055.adobeproduct.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a69-0ae0-4e62-8641-4ab3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:47.000Z",
|
|
"modified": "2018-05-08T12:50:47.000Z",
|
|
"pattern": "[domain-name:value = 'n.n.c.255.adobeproduct.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a69-7294-47e3-b9f7-49f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:48.000Z",
|
|
"modified": "2018-05-08T12:50:48.000Z",
|
|
"pattern": "[domain-name:value = 'n.3.f.255.adobeproduct.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a68-1acc-473c-913c-4ad9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:48.000Z",
|
|
"modified": "2018-05-08T12:50:48.000Z",
|
|
"pattern": "[domain-name:value = 'myinvestgroup.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a68-4948-4be3-b110-4037950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:49.000Z",
|
|
"modified": "2018-05-08T12:50:49.000Z",
|
|
"pattern": "[domain-name:value = 'msoffice-cdn.comns3.cdnmsnupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a68-ab70-472f-9767-466c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:49.000Z",
|
|
"modified": "2018-05-08T12:50:49.000Z",
|
|
"pattern": "[domain-name:value = 'microsoftupdated.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a67-84fc-406c-8f62-4f8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:50.000Z",
|
|
"modified": "2018-05-08T12:50:50.000Z",
|
|
"pattern": "[domain-name:value = 'maskulan.dynu.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a67-a17c-4c26-8311-435a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:50.000Z",
|
|
"modified": "2018-05-08T12:50:50.000Z",
|
|
"pattern": "[domain-name:value = 'maskulan.duckdns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a66-9c64-4813-8edb-46fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:51.000Z",
|
|
"modified": "2018-05-08T12:50:51.000Z",
|
|
"pattern": "[domain-name:value = 'jflynci.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a66-58a0-4c24-8b76-43cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:51.000Z",
|
|
"modified": "2018-05-08T12:50:51.000Z",
|
|
"pattern": "[domain-name:value = 'jeremizo888.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a66-62bc-42e3-9963-40a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:51.000Z",
|
|
"modified": "2018-05-08T12:50:51.000Z",
|
|
"pattern": "[domain-name:value = 'ip113.ip-91-134-203.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a65-51e8-4408-9455-4f56950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:52.000Z",
|
|
"modified": "2018-05-08T12:50:52.000Z",
|
|
"pattern": "[domain-name:value = 'ikmtrust.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a65-68f0-4291-b9d8-4157950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:52.000Z",
|
|
"modified": "2018-05-08T12:50:52.000Z",
|
|
"pattern": "[domain-name:value = 'hhcghibvywzedwa2iyvsuzzhx8.2.d.255.adobeproduct.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a64-682c-4b97-a62b-458b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:53.000Z",
|
|
"modified": "2018-05-08T12:50:53.000Z",
|
|
"pattern": "[domain-name:value = 'googlea.net63.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a64-d5e0-4675-9dda-426d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:53.000Z",
|
|
"modified": "2018-05-08T12:50:53.000Z",
|
|
"pattern": "[domain-name:value = 'fsportal.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a64-054c-49d7-a3fe-4559950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:53.000Z",
|
|
"modified": "2018-05-08T12:50:53.000Z",
|
|
"pattern": "[domain-name:value = 'flashcontentdelivery.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a63-f814-405d-8d73-4470950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:54.000Z",
|
|
"modified": "2018-05-08T12:50:54.000Z",
|
|
"pattern": "[domain-name:value = 'faststoragefiles.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a63-f0d8-4576-90d9-4d5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:54.000Z",
|
|
"modified": "2018-05-08T12:50:54.000Z",
|
|
"pattern": "[domain-name:value = 'fastfileconverter.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a62-58e0-4b68-a495-4718950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:55.000Z",
|
|
"modified": "2018-05-08T12:50:55.000Z",
|
|
"pattern": "[domain-name:value = 'elaxo.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a62-3544-4c09-810c-40e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:55.000Z",
|
|
"modified": "2018-05-08T12:50:55.000Z",
|
|
"pattern": "[domain-name:value = 'd6261034c34.placehol-6f699a.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a62-3f68-4337-915d-45c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:56.000Z",
|
|
"modified": "2018-05-08T12:50:56.000Z",
|
|
"pattern": "[domain-name:value = 'd6261024c34.placehol-6f699a.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a61-dbac-4eef-87e3-461b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:56.000Z",
|
|
"modified": "2018-05-08T12:50:56.000Z",
|
|
"pattern": "[domain-name:value = 'd6261013c34.placehol-6f699a.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a60-446c-4ca8-9ff8-4232950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:57.000Z",
|
|
"modified": "2018-05-08T12:50:57.000Z",
|
|
"pattern": "[domain-name:value = 'd6238210c34.placehol-6f699a.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5f-246c-4f93-8b55-4121950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:57.000Z",
|
|
"modified": "2018-05-08T12:50:57.000Z",
|
|
"pattern": "[domain-name:value = 'd6238158c34.placehol-6f699a.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5f-fcf4-4915-b11d-4a1f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:57.000Z",
|
|
"modified": "2018-05-08T12:50:57.000Z",
|
|
"pattern": "[domain-name:value = 'd6238111c34.placehol-6f699a.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5f-9e70-48d0-abfb-4df5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:58.000Z",
|
|
"modified": "2018-05-08T12:50:58.000Z",
|
|
"pattern": "[domain-name:value = 'd6238051c34.placehol-6f699a.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5e-0e20-4e33-9a94-405c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:58.000Z",
|
|
"modified": "2018-05-08T12:50:58.000Z",
|
|
"pattern": "[domain-name:value = 'd6231738c34.john-pc.c.mswordupdate17.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5e-6b84-4031-8012-43c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:59.000Z",
|
|
"modified": "2018-05-08T12:50:59.000Z",
|
|
"pattern": "[domain-name:value = 'carlos88.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5d-01c0-4ed9-9b6d-4493950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:59.000Z",
|
|
"modified": "2018-05-08T12:50:59.000Z",
|
|
"pattern": "[domain-name:value = 'bonjourcheck.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5d-999c-4530-9b17-4c88950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:50:59.000Z",
|
|
"modified": "2018-05-08T12:50:59.000Z",
|
|
"pattern": "[domain-name:value = 'ahr0cdovlzkyljiymi4ymdkundkvywn0a.0.d.255.adobeproduct.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:50:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5c-a474-4a26-8cc0-4666950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:00.000Z",
|
|
"modified": "2018-05-08T12:51:00.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.134.203.113']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5c-9cb4-4fbd-9981-4b68950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:00.000Z",
|
|
"modified": "2018-05-08T12:51:00.000Z",
|
|
"pattern": "[domain-name:value = '357.duckdns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19a5b-4044-4cf8-a777-46b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:01.000Z",
|
|
"modified": "2018-05-08T12:51:01.000Z",
|
|
"pattern": "[domain-name:value = '200200.duckdns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19b1d-a4b4-4ceb-8f5d-4d23950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:42:05.000Z",
|
|
"modified": "2018-05-08T12:42:05.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:42:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19b2f-11f0-400f-a7c0-4d86950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:42:23.000Z",
|
|
"modified": "2018-05-08T12:42:23.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:42:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19b44-a0ac-4250-b880-4b8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:42:44.000Z",
|
|
"modified": "2018-05-08T12:42:44.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:42:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19b54-e774-4814-9e53-4631950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:43:00.000Z",
|
|
"modified": "2018-05-08T12:43:00.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:43:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5af19b65-88d4-4364-b0e2-473f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:43:17.000Z",
|
|
"modified": "2018-05-08T12:43:17.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:43:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:04.000Z",
|
|
"modified": "2018-05-08T12:51:04.000Z",
|
|
"pattern": "[file:hashes.MD5 = '60bc999ff14ee2f359130d6c1375b033' AND file:hashes.SHA1 = '142f524121fe16e1c67031f12015be4adec42bb7' AND file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:03.000Z",
|
|
"modified": "2018-05-08T12:51:03.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/",
|
|
"category": "External analysis",
|
|
"uuid": "5af19d37-9f6c-4806-9332-476502de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/67",
|
|
"category": "Other",
|
|
"uuid": "5af19d37-72a0-4dc4-a527-474002de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-05-01 22:15:25",
|
|
"category": "Other",
|
|
"uuid": "5af19d37-43b0-48fb-b246-48b602de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:07.000Z",
|
|
"modified": "2018-05-08T12:51:07.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f52ea8f238e57e49bfae304bd656ad98' AND file:hashes.SHA1 = '169c8f3e3d22e192c108bc95164d362ce5437465' AND file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:05.000Z",
|
|
"modified": "2018-05-08T12:51:05.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/",
|
|
"category": "External analysis",
|
|
"uuid": "5af19d39-9aa8-49a4-b505-44de02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/59",
|
|
"category": "Other",
|
|
"uuid": "5af19d39-b33c-4eaf-b9dd-4cd502de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-05-08 00:23:54",
|
|
"category": "Other",
|
|
"uuid": "5af19d39-4144-45f2-92ae-4c0202de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:09.000Z",
|
|
"modified": "2018-05-08T12:51:09.000Z",
|
|
"pattern": "[file:hashes.MD5 = '94b288154e3d0225f86bb3c012fa8d63' AND file:hashes.SHA1 = '4873bafe44cff06845faa0ce7c270c4ce3c9f7b9' AND file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:07.000Z",
|
|
"modified": "2018-05-08T12:51:07.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/",
|
|
"category": "External analysis",
|
|
"uuid": "5af19d3c-b5b4-4987-9f35-4dce02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/59",
|
|
"category": "Other",
|
|
"uuid": "5af19d3c-fcc8-4055-9b18-47e702de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-05-08 00:14:43",
|
|
"category": "Other",
|
|
"uuid": "5af19d3b-59d8-4a09-8ac8-488b02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:11.000Z",
|
|
"modified": "2018-05-08T12:51:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fc7d4cde5d2266082966d80f5f1566b9' AND file:hashes.SHA1 = '8a68f26d01372114f660e32ac4c9117e5d0577f1' AND file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:10.000Z",
|
|
"modified": "2018-05-08T12:51:10.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/",
|
|
"category": "External analysis",
|
|
"uuid": "5af19d3e-0e54-4b99-8f39-437f02de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "49/67",
|
|
"category": "Other",
|
|
"uuid": "5af19d3e-1f50-4efc-afa7-437902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-05-08 00:25:24",
|
|
"category": "Other",
|
|
"uuid": "5af19d3e-4af0-416d-ba8e-45ab02de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--17ef59e9-90d1-419f-8e13-876d80929841",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:14.000Z",
|
|
"modified": "2018-05-08T12:51:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '085be1b8b8f3e90be00f6a3bcea2879f' AND file:hashes.SHA1 = 'cc7607015cd7a1a4452acd3d87adabdd7e005bd7' AND file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-05-08T12:51:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-05-08T12:51:12.000Z",
|
|
"modified": "2018-05-08T12:51:12.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/",
|
|
"category": "External analysis",
|
|
"uuid": "5af19d40-d9e0-49c1-83a5-455602de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "31/60",
|
|
"category": "Other",
|
|
"uuid": "5af19d40-0110-49fa-8fbd-4c5502de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-05-08 00:01:00",
|
|
"category": "Other",
|
|
"uuid": "5af19d40-d024-4c29-8c9b-40c002de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e68801a5-0437-47a6-8706-371b4bb781e4",
|
|
"created": "2018-05-08T12:51:13.000Z",
|
|
"modified": "2018-05-08T12:51:13.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef",
|
|
"target_ref": "x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b76216fe-abb1-4cbd-8ebd-d9e89cf84198",
|
|
"created": "2018-05-08T12:51:13.000Z",
|
|
"modified": "2018-05-08T12:51:13.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680",
|
|
"target_ref": "x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--48742284-af3f-40cb-b7e9-b02ad8d0ba3c",
|
|
"created": "2018-05-08T12:51:13.000Z",
|
|
"modified": "2018-05-08T12:51:13.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab",
|
|
"target_ref": "x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--701d1687-547d-44b5-93e0-2e93f0ed7e0b",
|
|
"created": "2018-05-08T12:51:13.000Z",
|
|
"modified": "2018-05-08T12:51:13.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c",
|
|
"target_ref": "x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--95b33e7a-e47c-466e-853d-1defe4de16dc",
|
|
"created": "2018-05-08T12:51:13.000Z",
|
|
"modified": "2018-05-08T12:51:13.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--17ef59e9-90d1-419f-8e13-876d80929841",
|
|
"target_ref": "x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |