6055 lines
No EOL
244 KiB
JSON
6055 lines
No EOL
244 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5857cf66-aa18-4681-bff7-08720a950b0c",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2020-12-09T14:14:02.000Z",
|
|
"modified": "2020-12-09T14:14:02.000Z",
|
|
"name": "NCSC-NL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5857cf66-aa18-4681-bff7-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2020-12-09T14:14:02.000Z",
|
|
"modified": "2020-12-09T14:14:02.000Z",
|
|
"name": "Kaspersky Lab: Spearphishing attack hits industrial companies",
|
|
"published": "2020-10-10T09:13:39Z",
|
|
"object_refs": [
|
|
"indicator--5857d248-8124-423e-8e90-086e0a950b0c",
|
|
"indicator--5857d288-8438-4b59-934c-08700a950b0c",
|
|
"observed-data--5857cf95-b01c-46c9-9b92-08710a950b0c",
|
|
"url--5857cf95-b01c-46c9-9b92-08710a950b0c",
|
|
"indicator--5857d10f-935c-4084-acf4-0b7a0a950b0c",
|
|
"indicator--5857d110-d4fc-43f6-ad3b-0b7a0a950b0c",
|
|
"indicator--5857d110-ca0c-4e06-ae93-0b7a0a950b0c",
|
|
"indicator--5857d111-aa30-465e-b2f3-0b7a0a950b0c",
|
|
"indicator--5857d111-7190-42a3-98fe-0b7a0a950b0c",
|
|
"indicator--5857d112-9464-4588-86c3-0b7a0a950b0c",
|
|
"indicator--5857d112-8bf8-43c7-b09f-0b7a0a950b0c",
|
|
"indicator--5857d113-5934-4fa6-b878-0b7a0a950b0c",
|
|
"indicator--5857d114-8904-47aa-932b-0b7a0a950b0c",
|
|
"indicator--5857d114-8ef8-40ff-9627-0b7a0a950b0c",
|
|
"indicator--5857d115-62c0-422f-be94-0b7a0a950b0c",
|
|
"indicator--5857d115-6c38-4df6-bcdf-0b7a0a950b0c",
|
|
"indicator--5857d115-bab8-4c89-884f-0b7a0a950b0c",
|
|
"indicator--5857d116-af18-40a9-9e54-0b7a0a950b0c",
|
|
"indicator--5857d116-911c-4332-817e-0b7a0a950b0c",
|
|
"indicator--5857d117-cb68-43cb-94e6-0b7a0a950b0c",
|
|
"indicator--5857d117-1760-47d6-ab3f-0b7a0a950b0c",
|
|
"indicator--5857d118-3988-461a-8f2b-0b7a0a950b0c",
|
|
"indicator--5857d118-6e14-4421-a3c8-0b7a0a950b0c",
|
|
"indicator--5857d119-6b70-4184-b43d-0b7a0a950b0c",
|
|
"indicator--5857d119-bcc8-48d2-9ba5-0b7a0a950b0c",
|
|
"indicator--5857d11b-fdbc-4409-8dea-0b7a0a950b0c",
|
|
"indicator--5857d11b-adc0-4be1-bd04-0b7a0a950b0c",
|
|
"indicator--5857d11c-dc98-4437-b621-0b7a0a950b0c",
|
|
"indicator--5857d11c-c1ec-42eb-adeb-0b7a0a950b0c",
|
|
"indicator--5857d11d-4174-4872-8377-0b7a0a950b0c",
|
|
"indicator--5857d11d-7918-4d00-a762-0b7a0a950b0c",
|
|
"indicator--5857d11e-e3c4-40f6-8882-0b7a0a950b0c",
|
|
"indicator--5857d11e-da90-4041-81e4-0b7a0a950b0c",
|
|
"indicator--5857d11f-48b8-4ed5-9131-0b7a0a950b0c",
|
|
"indicator--5857d3a4-45fc-4d23-9256-0b840a950b0c",
|
|
"indicator--5857d3a5-429c-43c2-85df-0b840a950b0c",
|
|
"indicator--5857d3a5-1530-4003-892e-0b840a950b0c",
|
|
"indicator--5857d3a6-2d68-4522-b5f2-0b840a950b0c",
|
|
"indicator--5857d3a6-eb6c-4a10-811c-0b840a950b0c",
|
|
"indicator--5857d482-b35c-430d-8e4d-08720a950b0c",
|
|
"indicator--5857d2e2-2e84-455e-afeb-0b250a950b0c",
|
|
"indicator--5857d2e2-3fd0-4c5f-a4f3-0b250a950b0c",
|
|
"indicator--5857d2e3-97b8-4ff6-b3ca-0b250a950b0c",
|
|
"indicator--5857d2e3-7e34-4653-907c-0b250a950b0c",
|
|
"indicator--5857d2e4-5c54-4760-af56-0b250a950b0c",
|
|
"indicator--5857d2e4-7f50-473a-b32d-0b250a950b0c",
|
|
"indicator--5857d41e-5c20-4b1c-8ddc-086e0a950b0c",
|
|
"indicator--5857d41f-396c-4f4b-ab4f-086e0a950b0c",
|
|
"observed-data--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"network-traffic--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"observed-data--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"network-traffic--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"observed-data--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"network-traffic--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"observed-data--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"network-traffic--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"observed-data--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"network-traffic--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"observed-data--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"network-traffic--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"observed-data--5857d11f-5110-4863-83be-0b7a0a950b0c",
|
|
"file--5857d11f-5110-4863-83be-0b7a0a950b0c",
|
|
"observed-data--5857d120-6d40-4390-9828-0b7a0a950b0c",
|
|
"file--5857d120-6d40-4390-9828-0b7a0a950b0c",
|
|
"observed-data--5857d120-cdb0-4b08-94a3-0b7a0a950b0c",
|
|
"file--5857d120-cdb0-4b08-94a3-0b7a0a950b0c",
|
|
"indicator--5857d121-10e8-4fb2-b052-0b7a0a950b0c",
|
|
"indicator--5857d121-4c7c-4792-bd29-0b7a0a950b0c",
|
|
"indicator--5857d122-767c-45da-9663-0b7a0a950b0c",
|
|
"indicator--5857d122-f2dc-45a6-aa0d-0b7a0a950b0c",
|
|
"indicator--5857d2e5-775c-4012-9ab4-0b250a950b0c",
|
|
"indicator--5857d2e5-44cc-456b-9af0-0b250a950b0c",
|
|
"indicator--5857d2e6-8c88-48c1-85cf-0b250a950b0c",
|
|
"indicator--5857d2e6-5b1c-4435-872a-0b250a950b0c",
|
|
"indicator--5857d2e7-d25c-4b38-8d27-0b250a950b0c",
|
|
"indicator--5857d2e7-294c-404a-bca5-0b250a950b0c",
|
|
"indicator--5857d2e8-2b64-47ab-8687-0b250a950b0c",
|
|
"observed-data--5857d35e-b72c-4dc4-bdb5-08720a950b0c",
|
|
"file--5857d35e-b72c-4dc4-bdb5-08720a950b0c",
|
|
"observed-data--5857d35f-0fb8-4e21-a26b-08720a950b0c",
|
|
"file--5857d35f-0fb8-4e21-a26b-08720a950b0c",
|
|
"indicator--5857d35f-6388-440f-9907-08720a950b0c",
|
|
"indicator--5857d360-951c-49d8-a9fa-08720a950b0c",
|
|
"indicator--5857d360-fa74-4848-8d27-08720a950b0c",
|
|
"indicator--5857d361-2e44-423e-8e7d-08720a950b0c",
|
|
"indicator--5857d361-187c-4598-8b51-08720a950b0c",
|
|
"indicator--5857d362-dac4-4d70-9aa6-08720a950b0c",
|
|
"indicator--5857d362-1380-4ed7-860f-08720a950b0c",
|
|
"indicator--5857d363-e2cc-41fa-b72a-08720a950b0c",
|
|
"observed-data--5857d363-5740-449c-b1f8-08720a950b0c",
|
|
"file--5857d363-5740-449c-b1f8-08720a950b0c",
|
|
"observed-data--5857d3a7-931c-4479-b4f9-0b840a950b0c",
|
|
"file--5857d3a7-931c-4479-b4f9-0b840a950b0c",
|
|
"indicator--5857d41f-069c-451d-90c2-086e0a950b0c",
|
|
"indicator--5857d420-783c-4199-adde-086e0a950b0c",
|
|
"observed-data--5857d420-00e0-4c95-8bec-086e0a950b0c",
|
|
"file--5857d420-00e0-4c95-8bec-086e0a950b0c",
|
|
"indicator--5857d483-31a8-4d0c-a909-08720a950b0c",
|
|
"observed-data--5857d484-0bec-4bc3-b42c-08720a950b0c",
|
|
"file--5857d484-0bec-4bc3-b42c-08720a950b0c",
|
|
"observed-data--5857d484-2b74-4183-8eed-08720a950b0c",
|
|
"file--5857d484-2b74-4183-8eed-08720a950b0c",
|
|
"indicator--5857d0e7-059c-48ed-b067-0b7a0a950b0c",
|
|
"indicator--5857d0e7-dcac-4c47-bf5e-0b7a0a950b0c",
|
|
"indicator--5857d0e8-adcc-4cd7-8bfd-0b7a0a950b0c",
|
|
"indicator--5857d0e8-18cc-492b-879b-0b7a0a950b0c",
|
|
"indicator--5857d0e9-1d94-4efb-bb18-0b7a0a950b0c",
|
|
"indicator--5857d0e9-d1e8-484a-a56a-0b7a0a950b0c",
|
|
"indicator--5857d0ea-9a54-4d4e-ae51-0b7a0a950b0c",
|
|
"indicator--5857d0ea-7b78-4377-900e-0b7a0a950b0c",
|
|
"indicator--5857d0eb-95f0-4ead-9e31-0b7a0a950b0c",
|
|
"indicator--5857d0eb-fbd8-42cb-b3c5-0b7a0a950b0c",
|
|
"indicator--5857d0ec-04ec-40fd-a6b6-0b7a0a950b0c",
|
|
"indicator--5857d0ec-8a34-4a54-93ef-0b7a0a950b0c",
|
|
"indicator--5857d0ed-ce34-4d5e-a96e-0b7a0a950b0c",
|
|
"indicator--5857d0ed-fae8-4165-a0fa-0b7a0a950b0c",
|
|
"indicator--5857d0ee-1378-4270-99cb-0b7a0a950b0c",
|
|
"indicator--5857d0ee-ff40-465b-b085-0b7a0a950b0c",
|
|
"indicator--5857d0ef-bcdc-4e87-85b5-0b7a0a950b0c",
|
|
"indicator--5857d0f0-5f84-48cd-808e-0b7a0a950b0c",
|
|
"indicator--5857d0f0-6830-4bf4-a67e-0b7a0a950b0c",
|
|
"indicator--5857d0f1-71f0-4932-95c5-0b7a0a950b0c",
|
|
"indicator--5857d0f1-aae8-4244-be2b-0b7a0a950b0c",
|
|
"indicator--5857d0f1-5d30-4319-8e8f-0b7a0a950b0c",
|
|
"indicator--5857d0f2-bd38-4e12-b01f-0b7a0a950b0c",
|
|
"indicator--5857d0f2-4aec-459f-8630-0b7a0a950b0c",
|
|
"indicator--5857d0f3-a4f8-4c8a-a877-0b7a0a950b0c",
|
|
"indicator--5857d0f3-a8b4-47c1-a021-0b7a0a950b0c",
|
|
"indicator--5857d0f4-5dc8-40a9-b2c0-0b7a0a950b0c",
|
|
"indicator--5857d0f4-a148-40cd-96c2-0b7a0a950b0c",
|
|
"indicator--5857d0f5-fe88-4c49-8ae5-0b7a0a950b0c",
|
|
"indicator--5857d0f5-07dc-4c8f-89fa-0b7a0a950b0c",
|
|
"indicator--5857d0f6-d88c-4f34-ae42-0b7a0a950b0c",
|
|
"indicator--5857d0f6-e40c-4c2a-9069-0b7a0a950b0c",
|
|
"indicator--5857d0f7-94e0-4ddc-9813-0b7a0a950b0c",
|
|
"indicator--5857d0f8-cafc-4ccf-922b-0b7a0a950b0c",
|
|
"indicator--5857d0f8-3540-4148-a605-0b7a0a950b0c",
|
|
"indicator--5857d0f9-0414-44aa-b642-0b7a0a950b0c",
|
|
"indicator--5857d0f9-315c-4d7a-ac30-0b7a0a950b0c",
|
|
"indicator--5857d0f9-d214-4827-892e-0b7a0a950b0c",
|
|
"indicator--5857d0fa-b698-42e4-a260-0b7a0a950b0c",
|
|
"indicator--5857d0fa-52fc-4849-8215-0b7a0a950b0c",
|
|
"indicator--5857d0fb-5a2c-450a-ae26-0b7a0a950b0c",
|
|
"indicator--5857d0fb-c2e0-4732-859d-0b7a0a950b0c",
|
|
"indicator--5857d0fc-f0f0-40d4-9e3d-0b7a0a950b0c",
|
|
"indicator--5857d0fc-4760-4a91-b675-0b7a0a950b0c",
|
|
"indicator--5857d0fd-38c4-441e-9ed9-0b7a0a950b0c",
|
|
"indicator--5857d0fe-b968-446a-9106-0b7a0a950b0c",
|
|
"indicator--5857d0fe-1d08-492c-a755-0b7a0a950b0c",
|
|
"indicator--5857d0ff-f768-4a11-8ded-0b7a0a950b0c",
|
|
"indicator--5857d0ff-f884-4780-9132-0b7a0a950b0c",
|
|
"indicator--5857d100-67a0-4de5-9f27-0b7a0a950b0c",
|
|
"indicator--5857d100-992c-491c-bd02-0b7a0a950b0c",
|
|
"indicator--5857d101-043c-401e-9cdd-0b7a0a950b0c",
|
|
"indicator--5857d101-cd84-4949-ab3b-0b7a0a950b0c",
|
|
"indicator--5857d102-6bc8-40f6-ac89-0b7a0a950b0c",
|
|
"indicator--5857d102-4a1c-45b5-8744-0b7a0a950b0c",
|
|
"indicator--5857d103-5db4-4398-94d3-0b7a0a950b0c",
|
|
"indicator--5857d103-5184-4220-9bc1-0b7a0a950b0c",
|
|
"indicator--5857d104-8034-4d70-a0d6-0b7a0a950b0c",
|
|
"indicator--5857d104-5a8c-47b6-b160-0b7a0a950b0c",
|
|
"indicator--5857d105-d92c-40c6-8aaf-0b7a0a950b0c",
|
|
"indicator--5857d105-7604-4ae5-b412-0b7a0a950b0c",
|
|
"indicator--5857d106-6f38-46f3-8ef0-0b7a0a950b0c",
|
|
"indicator--5857d106-8554-477c-9d9a-0b7a0a950b0c",
|
|
"indicator--5857d107-8070-41c2-b2f6-0b7a0a950b0c",
|
|
"indicator--5857d107-12c8-4b1a-a3c5-0b7a0a950b0c",
|
|
"indicator--5857d108-6f80-4cb6-81f3-0b7a0a950b0c",
|
|
"indicator--5857d108-1b2c-4148-9709-0b7a0a950b0c",
|
|
"indicator--5857d109-bd9c-4f46-a2af-0b7a0a950b0c",
|
|
"indicator--5857d109-9250-48e0-9afa-0b7a0a950b0c",
|
|
"indicator--5857d10a-e834-4864-87ec-0b7a0a950b0c",
|
|
"indicator--5857d10a-284c-4e58-8628-0b7a0a950b0c",
|
|
"indicator--5857d10b-aab4-42a7-aaa5-0b7a0a950b0c",
|
|
"indicator--5857d10c-a4a0-4527-ab0f-0b7a0a950b0c",
|
|
"indicator--5857d10c-8e60-4718-b975-0b7a0a950b0c",
|
|
"indicator--5857d10c-e01c-48cd-8381-0b7a0a950b0c",
|
|
"indicator--5857d10d-e6d0-4405-9018-0b7a0a950b0c",
|
|
"indicator--5857d10d-c540-4217-b759-0b7a0a950b0c",
|
|
"indicator--5857d10e-a880-4765-ae11-0b7a0a950b0c",
|
|
"indicator--5857d10e-e6e0-47ed-b5a8-0b7a0a950b0c",
|
|
"indicator--5857d10f-eac0-4535-b4de-0b7a0a950b0c",
|
|
"indicator--5857d2dd-0c30-4808-b728-0b250a950b0c",
|
|
"indicator--5857d2de-c2f4-4d24-823c-0b250a950b0c",
|
|
"indicator--5857d2df-75dc-4739-b7c2-0b250a950b0c",
|
|
"indicator--5857d2df-67fc-47f3-917f-0b250a950b0c",
|
|
"indicator--5857d2e0-1d84-4cf5-8638-0b250a950b0c",
|
|
"indicator--5857d2e0-6bf8-4e44-80bd-0b250a950b0c",
|
|
"indicator--5857d2e1-aab0-4754-b2d5-0b250a950b0c",
|
|
"indicator--5857d2e1-bd68-4462-86a8-0b250a950b0c",
|
|
"indicator--5857d359-a7e0-4e84-acf6-08720a950b0c",
|
|
"indicator--5857d359-78b4-4700-bf9d-08720a950b0c",
|
|
"indicator--5857d35a-7b28-458f-9a02-08720a950b0c",
|
|
"indicator--5857d35a-70f4-48d5-aa26-08720a950b0c",
|
|
"indicator--5857d35b-0398-4ccf-91e8-08720a950b0c",
|
|
"indicator--5857d35b-ff94-4a78-9c64-08720a950b0c",
|
|
"indicator--5857d35c-5a6c-4ebb-8d0a-08720a950b0c",
|
|
"indicator--5857d35c-2de4-4698-82bd-08720a950b0c",
|
|
"indicator--5857d35d-5010-4d23-aa36-08720a950b0c",
|
|
"indicator--5857d35d-6f64-449c-9c8c-08720a950b0c",
|
|
"indicator--5857d3a1-bf14-44b1-a03a-0b840a950b0c",
|
|
"indicator--5857d3a2-ad2c-4d19-a848-0b840a950b0c",
|
|
"indicator--5857d3a3-887c-4eca-be1c-0b840a950b0c",
|
|
"indicator--5857d3a3-f240-4bd8-bcb5-0b840a950b0c",
|
|
"indicator--5857d3a4-0f78-4f34-8de5-0b840a950b0c",
|
|
"indicator--5857d41c-97a4-4258-9a56-086e0a950b0c",
|
|
"indicator--5857d41d-c8e0-485a-96c9-086e0a950b0c",
|
|
"indicator--5857d47c-c624-43cd-9c39-08720a950b0c",
|
|
"indicator--5857d47d-c078-4b3a-90c5-08720a950b0c",
|
|
"indicator--5857d47d-7b40-4cb6-93a5-08720a950b0c",
|
|
"indicator--5857d47e-14b8-4b69-9c84-08720a950b0c",
|
|
"indicator--5857d47e-ecc4-4406-a471-08720a950b0c",
|
|
"indicator--5857d47f-7164-48d5-b4eb-08720a950b0c",
|
|
"indicator--5857d47f-4060-4409-bc0d-08720a950b0c",
|
|
"indicator--5857d480-fef4-4a09-8e68-08720a950b0c",
|
|
"indicator--5857d480-8368-49bc-92af-08720a950b0c",
|
|
"indicator--5857d481-a8dc-4d33-b52d-08720a950b0c",
|
|
"indicator--5857d481-0788-48ba-8063-08720a950b0c",
|
|
"indicator--5857d0d5-97b0-432b-a8ab-0b7a0a950b0c",
|
|
"indicator--5857d0d5-c9a0-4fde-a750-0b7a0a950b0c",
|
|
"indicator--5857d0d6-0768-489a-b11a-0b7a0a950b0c",
|
|
"indicator--5857d0d6-b4c4-44da-a738-0b7a0a950b0c",
|
|
"indicator--5857d0d7-11d0-4f67-8131-0b7a0a950b0c",
|
|
"indicator--5857d0d7-4c98-44af-b34f-0b7a0a950b0c",
|
|
"indicator--5857d0d8-5688-4c13-96f6-0b7a0a950b0c",
|
|
"indicator--5857d0d8-e7e4-4630-9d96-0b7a0a950b0c",
|
|
"indicator--5857d0d9-2d3c-40ab-914d-0b7a0a950b0c",
|
|
"indicator--5857d0d9-14ac-4d46-9b78-0b7a0a950b0c",
|
|
"indicator--5857d0da-c948-409f-8733-0b7a0a950b0c",
|
|
"indicator--5857d0da-8450-4a3f-9b17-0b7a0a950b0c",
|
|
"indicator--5857d0db-0568-4ac7-b8e0-0b7a0a950b0c",
|
|
"indicator--5857d0db-4390-4ce0-8b5a-0b7a0a950b0c",
|
|
"indicator--5857d0dc-d1b0-4e75-85b8-0b7a0a950b0c",
|
|
"indicator--5857d0dc-0ea8-4029-95c7-0b7a0a950b0c",
|
|
"indicator--5857d0dd-7b90-4b29-a25e-0b7a0a950b0c",
|
|
"indicator--5857d0dd-3868-4a95-ab01-0b7a0a950b0c",
|
|
"indicator--5857d0de-ff0c-4043-b450-0b7a0a950b0c",
|
|
"indicator--5857d0de-3914-451d-8858-0b7a0a950b0c",
|
|
"indicator--5857d0df-91fc-4c2d-b625-0b7a0a950b0c",
|
|
"indicator--5857d0df-1744-4479-9652-0b7a0a950b0c",
|
|
"indicator--5857d0e0-bb6c-43da-b61a-0b7a0a950b0c",
|
|
"indicator--5857d0e0-0084-4199-b01a-0b7a0a950b0c",
|
|
"indicator--5857d0e1-0e08-47e6-8df0-0b7a0a950b0c",
|
|
"indicator--5857d0e1-f074-4a7f-b871-0b7a0a950b0c",
|
|
"indicator--5857d0e2-efbc-4175-8f45-0b7a0a950b0c",
|
|
"indicator--5857d0e2-bd98-41f8-bd81-0b7a0a950b0c",
|
|
"indicator--5857d0e3-d59c-4063-9a92-0b7a0a950b0c",
|
|
"indicator--5857d0e3-0590-4103-a67c-0b7a0a950b0c",
|
|
"indicator--5857d0e4-92b8-459c-acf1-0b7a0a950b0c",
|
|
"indicator--5857d0e4-1d24-424c-baa0-0b7a0a950b0c",
|
|
"indicator--5857d0e5-e110-4e01-98c1-0b7a0a950b0c",
|
|
"indicator--5857d0e5-54b0-4fd0-a69e-0b7a0a950b0c",
|
|
"indicator--5857d0e6-2cdc-4178-b498-0b7a0a950b0c",
|
|
"indicator--5857d0e6-72a4-4136-807a-0b7a0a950b0c"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ncsc-nl-ndn:feed=\"generic\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"retention:1m",
|
|
"retention:expired"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d248-8124-423e-8e90-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2020-04-28T13:56:53.000Z",
|
|
"modified": "2020-04-28T13:56:53.000Z",
|
|
"description": "Rule to detect VB Packer of FareIT and Zbot samples",
|
|
"pattern": "[rule VBPacker_FareIT_Zbot\r\n{\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\ndescription = \"Rule to detect VB Packer of FareIT and Zbot samples\"\r\nhash1 = \"0b7f872d098ef8f1dd0e52f6d5c5a92e\"\r\nhash2 = \"0eb12f0c3aa4ec1db178fbbe69a329cf\"\r\nversion = \"1.1\"\r\n\r\nstrings:\r\n$a1 = \"C:\\\\Program Files (x86)\\\\Microsoft Visual Studio\\\\VB98\\\\VB6.OLB\"\r\n\r\n//\"gdi32\" + 0x11 +\"SetViewportOrgEx\"\r\n$a2 = {67 64 69 33 32 00 00 00 11 00 00 00 53 65 74 56 69 65 77 70 6F 72 74 4F 72 67 45 78}\r\n\r\n//OriginalFilename AX.exe\r\n$b1 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 41 00 58 00 2E 00 65 00 78 00 65 00}\r\n//OriginalFilename AS.exe\r\n$b2 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 41 00 53 00 2E 00 65 00 78 00 65 00}\r\n//OriginalFilename Can.exe\r\n$b3 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 43 00 61 00 6E 00 2E 00 65 00 78 00 65 00}\r\n//OriginalFilename usisui.exe\r\n$b5 = {4F 00 72 00 69 00 67 00 69 00 6E 00 61 00 6C 00 46 00 69 00 6C 00 65 00 6E 00 61 00 6D 00 65 00 00 00 75 00 73 00 69 00 73 00 75 00 69 00 2E 00 65 00 78 00 65 00}\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand (all of ($a*))\r\nand (any of ($b*))\r\n//and (any of ($c*))\r\nand filesize > 250000\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-04-28T13:56:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d288-8438-4b59-934c-08700a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2020-04-28T13:56:50.000Z",
|
|
"modified": "2020-04-28T13:56:50.000Z",
|
|
"description": "Rule to detect MSIL Packer of FareIT, ISR Stealer, Luminosity, HawkEye Keylogger samples",
|
|
"pattern": "[rule MSILPacker_ FareIT_ISR Stealer_Luminosity_HawkEye\r\n{\r\nmeta:\r\ncopyright = \"Kaspersky Lab\"\r\ndescription = \"Rule to detect MSIL Packer of FareIT, ISR Stealer, Luminosity, HawkEye Keylogger samples\"\r\nhash1 = \"1f9ea55ec924bf927db4fb4f429d49b6\"\r\nhash2 = \"80c4a3d66159877e264b0eab74a791db\"\r\nhash2 = \"e8bfa64826d095ff3699a5e3df205d24\"\r\nversion = \"1.1\"\r\n\r\nstrings:\r\n$a1 = \"set_Key\"\r\n$a2 = \"set_IV\"\r\n$a3 = \"set_ClientSize\"\r\n$a4 = \"set_ControlBox\"\r\n$a5 = \"SetCompatibleTextRenderingDefault\"\r\n$a6 = \"CompilationRelaxationsAttribute\"\r\n$a7 = \"ICryptoTransform\"\r\n$a8 = \"_CorExeMain\"\r\n\r\n$b1 = \"Video card management\"\r\n$b2 = \"Net Extensible Autheticator\"\r\n$b3 = \"NetTcpActivator\"\r\n$b4 = \"nVidia PhysX technology\"\r\n$b5 = \"WdiSytemHost\"\r\n\r\ncondition:\r\nuint16(0) == 0x5A4D\r\nand (all of ($a*))\r\nand (any of ($b*))\r\nand filesize > 100000\r\n}]",
|
|
"pattern_type": "yara",
|
|
"valid_from": "2020-04-28T13:56:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"yara\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857cf95-b01c-46c9-9b92-08710a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:16:21.000Z",
|
|
"modified": "2016-12-19T12:16:21.000Z",
|
|
"first_observed": "2016-12-19T12:16:21Z",
|
|
"last_observed": "2016-12-19T12:16:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5857cf95-b01c-46c9-9b92-08710a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5857cf95-b01c-46c9-9b92-08710a950b0c",
|
|
"value": "https://ics-cert.kaspersky.com/2016/12/16/spear-phishing-attack-hits-industrial-companies/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10f-935c-4084-acf4-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:39.000Z",
|
|
"modified": "2016-12-19T12:22:39.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'alreyadbplastics.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d110-d4fc-43f6-ad3b-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:40.000Z",
|
|
"modified": "2016-12-19T12:22:40.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'xpweb.win']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d110-ca0c-4e06-ae93-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:40.000Z",
|
|
"modified": "2016-12-19T12:22:40.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'heinevy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d111-aa30-465e-b2f3-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:41.000Z",
|
|
"modified": "2016-12-19T12:22:41.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'overseas-operation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d111-7190-42a3-98fe-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:41.000Z",
|
|
"modified": "2016-12-19T12:22:41.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'metaksen.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d112-9464-4588-86c3-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:42.000Z",
|
|
"modified": "2016-12-19T12:22:42.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'charlogistics.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d112-8bf8-43c7-b09f-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:42.000Z",
|
|
"modified": "2016-12-19T12:22:42.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'btinterment.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d113-5934-4fa6-b878-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:43.000Z",
|
|
"modified": "2016-12-19T12:22:43.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'kinqnuts-raaphorst.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d114-8904-47aa-932b-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:44.000Z",
|
|
"modified": "2016-12-19T12:22:44.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'watersysterns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d114-8ef8-40ff-9627-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:44.000Z",
|
|
"modified": "2016-12-19T12:22:44.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'hidroquil-ar.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d115-62c0-422f-be94-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:45.000Z",
|
|
"modified": "2016-12-19T12:22:45.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'thai-nidhi.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d115-6c38-4df6-bcdf-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:45.000Z",
|
|
"modified": "2016-12-19T12:22:45.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'ms45-hinet.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d115-bab8-4c89-884f-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:45.000Z",
|
|
"modified": "2016-12-19T12:22:45.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'fullone2u.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d116-af18-40a9-9e54-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:46.000Z",
|
|
"modified": "2016-12-19T12:22:46.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'poolkingsthailand.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d116-911c-4332-817e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:46.000Z",
|
|
"modified": "2016-12-19T12:22:46.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'soaaxa.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d117-cb68-43cb-94e6-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:47.000Z",
|
|
"modified": "2016-12-19T12:22:47.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'restarz.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d117-1760-47d6-ab3f-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:47.000Z",
|
|
"modified": "2016-12-19T12:22:47.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'galaxystarshop.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d118-3988-461a-8f2b-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:48.000Z",
|
|
"modified": "2016-12-19T12:22:48.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'asappyco.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d118-6e14-4421-a3c8-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:48.000Z",
|
|
"modified": "2016-12-19T12:22:48.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'gettoworkzz.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d119-6b70-4184-b43d-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:49.000Z",
|
|
"modified": "2016-12-19T12:22:49.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'yasive.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d119-bcc8-48d2-9ba5-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:49.000Z",
|
|
"modified": "2016-12-19T12:22:49.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'alu-heat.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11b-fdbc-4409-8dea-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:51.000Z",
|
|
"modified": "2016-12-19T12:22:51.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'sinctruk.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11b-adc0-4be1-bd04-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:51.000Z",
|
|
"modified": "2016-12-19T12:22:51.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'pguy.faith']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11c-dc98-4437-b621-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:52.000Z",
|
|
"modified": "2016-12-19T12:22:52.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'chunfenqlighting.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11c-c1ec-42eb-adeb-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:52.000Z",
|
|
"modified": "2016-12-19T12:22:52.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'hunterkaysmoves.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11d-4174-4872-8377-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:53.000Z",
|
|
"modified": "2016-12-19T12:22:53.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'danqote.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11d-7918-4d00-a762-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:53.000Z",
|
|
"modified": "2016-12-19T12:22:53.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'biblesoceities.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11e-e3c4-40f6-8882-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:54.000Z",
|
|
"modified": "2016-12-19T12:22:54.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'sympetax.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11e-da90-4041-81e4-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:54.000Z",
|
|
"modified": "2016-12-19T12:22:54.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'lumibrigth.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d11f-48b8-4ed5-9131-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:55.000Z",
|
|
"modified": "2016-12-19T12:22:55.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[domain-name:value = 'bothela-orsaro.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a4-45fc-4d23-9256-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:40.000Z",
|
|
"modified": "2016-12-19T12:33:40.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[domain-name:value = 'hardworkzone.cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a5-429c-43c2-85df-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:41.000Z",
|
|
"modified": "2016-12-19T12:33:41.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[domain-name:value = 'ivicker.usa.cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a5-1530-4003-892e-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:41.000Z",
|
|
"modified": "2016-12-19T12:33:41.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[domain-name:value = 'limco.usa.cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a6-2d68-4522-b5f2-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:42.000Z",
|
|
"modified": "2016-12-19T12:33:42.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[domain-name:value = 'cs19335.tmweb.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a6-eb6c-4a10-811c-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:42.000Z",
|
|
"modified": "2016-12-19T12:33:42.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[domain-name:value = 'mirchifunz.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d482-b35c-430d-8e4d-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:22.000Z",
|
|
"modified": "2016-12-19T12:37:22.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[domain-name:value = 'hungasidy.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e2-2e84-455e-afeb-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:26.000Z",
|
|
"modified": "2016-12-19T12:30:26.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[domain-name:value = 'www.creativeforwardings.cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e2-3fd0-4c5f-a4f3-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:26.000Z",
|
|
"modified": "2016-12-19T12:30:26.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[domain-name:value = 'shadowwalkersonline.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e3-97b8-4ff6-b3ca-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:27.000Z",
|
|
"modified": "2016-12-19T12:30:27.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[domain-name:value = 'owwalkersonline.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e3-7e34-4653-907c-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:27.000Z",
|
|
"modified": "2016-12-19T12:30:27.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[domain-name:value = 'www.ballerpushers.cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e4-5c54-4760-af56-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:28.000Z",
|
|
"modified": "2016-12-19T12:30:28.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[domain-name:value = 'remote.legacyrealestateadvisors.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e4-7f50-473a-b32d-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:28.000Z",
|
|
"modified": "2016-12-19T12:30:28.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[domain-name:value = 'alibabadns.legacyrealestateadvisors.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d41e-5c20-4b1c-8ddc-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:35:42.000Z",
|
|
"modified": "2016-12-19T12:35:42.000Z",
|
|
"description": "NetWire RAT",
|
|
"pattern": "[domain-name:value = 'gavingo2135235.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:35:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d41f-396c-4f4b-ab4f-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:35:43.000Z",
|
|
"modified": "2016-12-19T12:35:43.000Z",
|
|
"description": "NetWire RAT",
|
|
"pattern": "[domain-name:value = 'www.spmersclub.cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:35:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2019-07-19T07:47:22.000Z",
|
|
"modified": "2019-07-19T07:47:22.000Z",
|
|
"first_observed": "2019-07-19T07:47:22Z",
|
|
"last_observed": "2019-07-19T07:47:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"dst_ref": "ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5857d11a-d910-431a-b4ee-0b7a0a950b0c",
|
|
"value": "66.23.226.40"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2019-07-19T07:47:22.000Z",
|
|
"modified": "2019-07-19T07:47:22.000Z",
|
|
"first_observed": "2019-07-19T07:47:22Z",
|
|
"last_observed": "2019-07-19T07:47:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"dst_ref": "ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5857d41e-9210-4484-9230-086e0a950b0c",
|
|
"value": "178.175.138.196"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2017-08-17T11:06:39.000Z",
|
|
"modified": "2017-08-17T11:06:39.000Z",
|
|
"first_observed": "2017-08-17T11:06:39Z",
|
|
"last_observed": "2017-08-17T11:06:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"dst_ref": "ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5857d483-587c-45f8-9582-08720a950b0c",
|
|
"value": "186.202.127.132"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2019-07-19T07:47:22.000Z",
|
|
"modified": "2019-07-19T07:47:22.000Z",
|
|
"first_observed": "2019-07-19T07:47:22Z",
|
|
"last_observed": "2019-07-19T07:47:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"src_ref": "ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5857d11a-a8c8-457c-a4ce-0b7a0a950b0c",
|
|
"value": "66.23.226.40"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2019-07-19T07:47:22.000Z",
|
|
"modified": "2019-07-19T07:47:22.000Z",
|
|
"first_observed": "2019-07-19T07:47:22Z",
|
|
"last_observed": "2019-07-19T07:47:22Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"src_ref": "ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5857d41d-1510-4745-8f6c-086e0a950b0c",
|
|
"value": "178.175.138.196"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2017-08-17T11:06:39.000Z",
|
|
"modified": "2017-08-17T11:06:39.000Z",
|
|
"first_observed": "2017-08-17T11:06:39Z",
|
|
"last_observed": "2017-08-17T11:06:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-src\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"src_ref": "ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5857d482-4e68-4064-b1c4-08720a950b0c",
|
|
"value": "186.202.127.132"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d11f-5110-4863-83be-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:55.000Z",
|
|
"modified": "2016-12-19T12:22:55.000Z",
|
|
"first_observed": "2016-12-19T12:22:55Z",
|
|
"last_observed": "2016-12-19T12:22:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d11f-5110-4863-83be-0b7a0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d11f-5110-4863-83be-0b7a0a950b0c",
|
|
"name": "%APPDATA%\\[A-F0-9]{6}\\[A-F0-9]{6}.exe"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d120-6d40-4390-9828-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:56.000Z",
|
|
"modified": "2016-12-19T12:22:56.000Z",
|
|
"first_observed": "2016-12-19T12:22:56Z",
|
|
"last_observed": "2016-12-19T12:22:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d120-6d40-4390-9828-0b7a0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d120-6d40-4390-9828-0b7a0a950b0c",
|
|
"name": "%APPDATA%\\[A-F0-9]{6}\\[A-F0-9]{6}.hdb"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d120-cdb0-4b08-94a3-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:56.000Z",
|
|
"modified": "2016-12-19T12:22:56.000Z",
|
|
"first_observed": "2016-12-19T12:22:56Z",
|
|
"last_observed": "2016-12-19T12:22:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d120-cdb0-4b08-94a3-0b7a0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d120-cdb0-4b08-94a3-0b7a0a950b0c",
|
|
"name": "%APPDATA%\\[A-F0-9]{6}\\[A-F0-9]{6}.lck"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d121-10e8-4fb2-b052-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:57.000Z",
|
|
"modified": "2016-12-19T12:22:57.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Ticoapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d121-4c7c-4792-bd29-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:57.000Z",
|
|
"modified": "2016-12-19T12:22:57.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Escoapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d122-767c-45da-9663-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:58.000Z",
|
|
"modified": "2016-12-19T12:22:58.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Dulfapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d122-f2dc-45a6-aa0d-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:58.000Z",
|
|
"modified": "2016-12-19T12:22:58.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Echeapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e5-775c-4012-9ab4-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:29.000Z",
|
|
"modified": "2016-12-19T12:30:29.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\YiTapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e5-44cc-456b-9af0-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:29.000Z",
|
|
"modified": "2016-12-19T12:30:29.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\YaPapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e6-8c88-48c1-85cf-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:30.000Z",
|
|
"modified": "2016-12-19T12:30:30.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Nativeapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e6-5b1c-4435-872a-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:30.000Z",
|
|
"modified": "2016-12-19T12:30:30.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Nosapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e7-d25c-4b38-8d27-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:31.000Z",
|
|
"modified": "2016-12-19T12:30:31.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Monorapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e7-294c-404a-bca5-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:31.000Z",
|
|
"modified": "2016-12-19T12:30:31.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\WinLuapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e8-2b64-47ab-8687-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:32.000Z",
|
|
"modified": "2016-12-19T12:30:32.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:name = '\\\\%ProgramFiles\\\\%\\\\Client\\\\client.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d35e-b72c-4dc4-bdb5-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:58:33.000Z",
|
|
"modified": "2016-12-19T12:58:33.000Z",
|
|
"first_observed": "2016-12-19T12:58:33Z",
|
|
"last_observed": "2016-12-19T12:58:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d35e-b72c-4dc4-bdb5-08720a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d35e-b72c-4dc4-bdb5-08720a950b0c",
|
|
"name": "%APPDATA%\\pid.txt"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d35f-0fb8-4e21-a26b-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:58:33.000Z",
|
|
"modified": "2016-12-19T12:58:33.000Z",
|
|
"first_observed": "2016-12-19T12:58:33Z",
|
|
"last_observed": "2016-12-19T12:58:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d35f-0fb8-4e21-a26b-08720a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d35f-0fb8-4e21-a26b-08720a950b0c",
|
|
"name": "%APPDATA%\\pidloc.txt"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35f-6388-440f-9907-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:31.000Z",
|
|
"modified": "2016-12-19T12:32:31.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%AppData\\\\%\\\\WindowsUpdate.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d360-951c-49d8-a9fa-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:32.000Z",
|
|
"modified": "2016-12-19T12:32:32.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Runesapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d360-fa74-4848-8d27-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:32.000Z",
|
|
"modified": "2016-12-19T12:32:32.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Coinapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d361-2e44-423e-8e7d-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:33.000Z",
|
|
"modified": "2016-12-19T12:32:33.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Trumpapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d361-187c-4598-8b51-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:33.000Z",
|
|
"modified": "2016-12-19T12:32:33.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\doc_23772.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d362-dac4-4d70-9aa6-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:34.000Z",
|
|
"modified": "2016-12-19T12:32:34.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\holderwb.txt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d362-1380-4ed7-860f-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:34.000Z",
|
|
"modified": "2016-12-19T12:32:34.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\vbc.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d363-e2cc-41fa-b72a-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:35.000Z",
|
|
"modified": "2016-12-19T12:32:35.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\holdermail.txt']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d363-5740-449c-b1f8-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:58:33.000Z",
|
|
"modified": "2016-12-19T12:58:33.000Z",
|
|
"first_observed": "2016-12-19T12:58:33Z",
|
|
"last_observed": "2016-12-19T12:58:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d363-5740-449c-b1f8-08720a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d363-5740-449c-b1f8-08720a950b0c",
|
|
"name": "%TEMP%\\SysInfo.txt"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d3a7-931c-4479-b4f9-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:58:33.000Z",
|
|
"modified": "2016-12-19T12:58:33.000Z",
|
|
"first_observed": "2016-12-19T12:58:33Z",
|
|
"last_observed": "2016-12-19T12:58:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d3a7-931c-4479-b4f9-0b840a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d3a7-931c-4479-b4f9-0b840a950b0c",
|
|
"name": "%HOMEPATH%\\Desktop\\filename.exe"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d41f-069c-451d-90c2-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:35:43.000Z",
|
|
"modified": "2016-12-19T12:35:43.000Z",
|
|
"description": "NetWire RAT",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Documents\\\\Chunapp.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:35:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d420-783c-4199-adde-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:35:44.000Z",
|
|
"modified": "2016-12-19T12:35:44.000Z",
|
|
"description": "NetWire RAT",
|
|
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\Install\\\\Host.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:35:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d420-00e0-4c95-8bec-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:58:33.000Z",
|
|
"modified": "2016-12-19T12:58:33.000Z",
|
|
"first_observed": "2016-12-19T12:58:33Z",
|
|
"last_observed": "2016-12-19T12:58:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d420-00e0-4c95-8bec-086e0a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d420-00e0-4c95-8bec-086e0a950b0c",
|
|
"name": "%APPDATA%\\Install.Identifier"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d483-31a8-4d0c-a909-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:23.000Z",
|
|
"modified": "2016-12-19T12:37:23.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:name = '\\\\%HOMEPATH\\\\%\\\\Desktop\\\\system.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d484-0bec-4bc3-b42c-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:58:33.000Z",
|
|
"modified": "2016-12-19T12:58:33.000Z",
|
|
"first_observed": "2016-12-19T12:58:33Z",
|
|
"last_observed": "2016-12-19T12:58:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d484-0bec-4bc3-b42c-08720a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d484-0bec-4bc3-b42c-08720a950b0c",
|
|
"name": "%LocalTEMP%\\filename.exe"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5857d484-2b74-4183-8eed-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:58:33.000Z",
|
|
"modified": "2016-12-19T12:58:33.000Z",
|
|
"first_observed": "2016-12-19T12:58:33Z",
|
|
"last_observed": "2016-12-19T12:58:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"file--5857d484-2b74-4183-8eed-08720a950b0c"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "file",
|
|
"spec_version": "2.1",
|
|
"id": "file--5857d484-2b74-4183-8eed-08720a950b0c",
|
|
"name": "%LocalTEMP%\\system.exe"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e7-059c-48ed-b067-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:59.000Z",
|
|
"modified": "2016-12-19T12:21:59.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'd1212291e44846ff608711c0f9e07b3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e7-dcac-4c47-bf5e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:59.000Z",
|
|
"modified": "2016-12-19T12:21:59.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '01712e2261fa051e46c489df533d7bdc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e8-adcc-4cd7-8bfd-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:00.000Z",
|
|
"modified": "2016-12-19T12:22:00.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'd1d8c46271abfe4ea230214567ae6d61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e8-18cc-492b-879b-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:00.000Z",
|
|
"modified": "2016-12-19T12:22:00.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '6dd0b2770a7d7bcdecc5f6eebbde4d7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e9-1d94-4efb-bb18-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:01.000Z",
|
|
"modified": "2016-12-19T12:22:01.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '51966a70638915dbd7be9f15592cb453']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e9-d1e8-484a-a56a-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:01.000Z",
|
|
"modified": "2016-12-19T12:22:01.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '4258a22f09d39f5201f9deae0abec680']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ea-9a54-4d4e-ae51-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:02.000Z",
|
|
"modified": "2016-12-19T12:22:02.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '09fcb032b5330ca04cfc536dda6d8948']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ea-7b78-4377-900e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:02.000Z",
|
|
"modified": "2016-12-19T12:22:02.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '20cbe25bcabdf6557888d5c3353098a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0eb-95f0-4ead-9e31-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:03.000Z",
|
|
"modified": "2016-12-19T12:22:03.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'f354693b8f497e4e3599517fdffed0a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0eb-fbd8-42cb-b3c5-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:03.000Z",
|
|
"modified": "2016-12-19T12:22:03.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'b96d148f8ef2b2f3ef825342bf0eb651']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ec-04ec-40fd-a6b6-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:04.000Z",
|
|
"modified": "2016-12-19T12:22:04.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '652e2222f3523296020ae0adaa392036']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ec-8a34-4a54-93ef-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:04.000Z",
|
|
"modified": "2016-12-19T12:22:04.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '4ea4af607d7ec044bd7e94cf81f2d731']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ed-ce34-4d5e-a96e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:05.000Z",
|
|
"modified": "2016-12-19T12:22:05.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '4231e1ddf6cd6edc269b65221e983a2a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ed-fae8-4165-a0fa-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:05.000Z",
|
|
"modified": "2016-12-19T12:22:05.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '51a5f21d781c8ab2b081ca3d044bb548']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ee-1378-4270-99cb-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:06.000Z",
|
|
"modified": "2016-12-19T12:22:06.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'ba4dcb0af37929c7f85d0830e4fb7682']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ee-ff40-465b-b085-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:06.000Z",
|
|
"modified": "2016-12-19T12:22:06.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'b0a68240b82a8d4ff46a9bb4833c243a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ef-bcdc-4e87-85b5-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:07.000Z",
|
|
"modified": "2016-12-19T12:22:07.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '690090c7b2b1808ea5586dd3394951b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f0-5f84-48cd-808e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:08.000Z",
|
|
"modified": "2016-12-19T12:22:08.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'ad2e9747132bf556945785f06610dcc8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f0-6830-4bf4-a67e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:08.000Z",
|
|
"modified": "2016-12-19T12:22:08.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'f1e7507e85804477b46041c4f79a6318']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f1-71f0-4932-95c5-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:09.000Z",
|
|
"modified": "2016-12-19T12:22:09.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '7e5c5279a6b25fc25e822277a0e67893']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f1-aae8-4244-be2b-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:09.000Z",
|
|
"modified": "2016-12-19T12:22:09.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'bced2a9404e662d11e74eb92fe91cff7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f1-5d30-4319-8e8f-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:09.000Z",
|
|
"modified": "2016-12-19T12:22:09.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'e5c4cc287ada4d8f190f7d821fbd55a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f2-bd38-4e12-b01f-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:10.000Z",
|
|
"modified": "2016-12-19T12:22:10.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '4be18082a65cbdb37dc3f76c72ec50bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f2-4aec-459f-8630-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:10.000Z",
|
|
"modified": "2016-12-19T12:22:10.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'faecf9cfff312dfff977602a696905bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f3-a4f8-4c8a-a877-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:11.000Z",
|
|
"modified": "2016-12-19T12:22:11.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '139ac7a3ea98a743ab53e5dc9a143d14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f3-a8b4-47c1-a021-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:11.000Z",
|
|
"modified": "2016-12-19T12:22:11.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'c0632e26efc3b4bdbe8cc4e35cbf2ca2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f4-5dc8-40a9-b2c0-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:12.000Z",
|
|
"modified": "2016-12-19T12:22:12.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '57beddcde4930bff12554c70ac0d486e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f4-a148-40cd-96c2-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:12.000Z",
|
|
"modified": "2016-12-19T12:22:12.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'cec324588b4f4f1be7ca72a77a27bcc8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f5-fe88-4c49-8ae5-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:13.000Z",
|
|
"modified": "2016-12-19T12:22:13.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '4a0f4d8d1730e7cfb28ab9ab1dd0c458']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f5-07dc-4c8f-89fa-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:13.000Z",
|
|
"modified": "2016-12-19T12:22:13.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '1d562105d2b9bbee31b464e11add3314']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f6-d88c-4f34-ae42-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:14.000Z",
|
|
"modified": "2016-12-19T12:22:14.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'd68e6aa2e3b43db1e932212628d158d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f6-e40c-4c2a-9069-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:14.000Z",
|
|
"modified": "2016-12-19T12:22:14.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '25d70b4551fb7ab195fe4a20dad19f6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f7-94e0-4ddc-9813-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:15.000Z",
|
|
"modified": "2016-12-19T12:22:15.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '060aba7b0dfe98f344a08525794f3a39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f8-cafc-4ccf-922b-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:16.000Z",
|
|
"modified": "2016-12-19T12:22:16.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '3f11280bd0e9992d38f5c474d2031059']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f8-3540-4148-a605-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:16.000Z",
|
|
"modified": "2016-12-19T12:22:16.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '950675e2eae333debef01953a5e1ef8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f9-0414-44aa-b642-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:17.000Z",
|
|
"modified": "2016-12-19T12:22:17.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '51b4f43117385d03872644af00393f99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f9-315c-4d7a-ac30-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:17.000Z",
|
|
"modified": "2016-12-19T12:22:17.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '9d3ef8695eedf3759bf930134198b2d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0f9-d214-4827-892e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:17.000Z",
|
|
"modified": "2016-12-19T12:22:17.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '9b949ec2e377c101fb6607b7f0f46c69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fa-b698-42e4-a260-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:18.000Z",
|
|
"modified": "2016-12-19T12:22:18.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '21a3ff76584d0877a7d3d67e22700d84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fa-52fc-4849-8215-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:18.000Z",
|
|
"modified": "2016-12-19T12:22:18.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '95ff84fc026d94eb29c5766d3f412cb5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fb-5a2c-450a-ae26-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:19.000Z",
|
|
"modified": "2016-12-19T12:22:19.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '0431fb071b43075967d95dca4e4b74a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fb-c2e0-4732-859d-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:19.000Z",
|
|
"modified": "2016-12-19T12:22:19.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'a53b46d9cdfbe2dcf620852c6ff9e62c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fc-f0f0-40d4-9e3d-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:20.000Z",
|
|
"modified": "2016-12-19T12:22:20.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '81afa5b79a5e44ad1a5f993e56ea0f19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fc-4760-4a91-b675-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:20.000Z",
|
|
"modified": "2016-12-19T12:22:20.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'c31f027c91a17e696d3badb647b4776e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fd-38c4-441e-9ed9-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:21.000Z",
|
|
"modified": "2016-12-19T12:22:21.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '48c196ab809cf170027a36f8ce83b2a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fe-b968-446a-9106-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:22.000Z",
|
|
"modified": "2016-12-19T12:22:22.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'b3bf838e056efad6c4e2fc34ff907b1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0fe-1d08-492c-a755-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:22.000Z",
|
|
"modified": "2016-12-19T12:22:22.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'fa460248d72f9c927fbde7e49b3f9064']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ff-f768-4a11-8ded-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:23.000Z",
|
|
"modified": "2016-12-19T12:22:23.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'dc746f578444fd08b899acab6a9f9480']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0ff-f884-4780-9132-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:23.000Z",
|
|
"modified": "2016-12-19T12:22:23.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'a99a74ac5eccdf92a3d15226ff764437']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d100-67a0-4de5-9f27-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:24.000Z",
|
|
"modified": "2016-12-19T12:22:24.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '3f7c440d5ae431e2d638037b1522d537']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d100-992c-491c-bd02-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:24.000Z",
|
|
"modified": "2016-12-19T12:22:24.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '6d5bb65986d89c860434a131cd07af3c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d101-043c-401e-9cdd-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:25.000Z",
|
|
"modified": "2016-12-19T12:22:25.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '5834cfa707d899a6ded4df35fe454663']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d101-cd84-4949-ab3b-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:25.000Z",
|
|
"modified": "2016-12-19T12:22:25.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'b6ab6bd1952c68e8378e9e88f1d02844']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d102-6bc8-40f6-ac89-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:26.000Z",
|
|
"modified": "2016-12-19T12:22:26.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'f7e80eef3e16b5902839213542f2433d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d102-4a1c-45b5-8744-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:26.000Z",
|
|
"modified": "2016-12-19T12:22:26.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'a276bbbf4ea6628ee8ac6694aa23b70a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d103-5db4-4398-94d3-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:27.000Z",
|
|
"modified": "2016-12-19T12:22:27.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '27ede7277a5c482d156bf8cad3d67ecf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d103-5184-4220-9bc1-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:27.000Z",
|
|
"modified": "2016-12-19T12:22:27.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '7639651850c1f2a333f017a2b7a58c2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d104-8034-4d70-a0d6-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:28.000Z",
|
|
"modified": "2016-12-19T12:22:28.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '9ab8bd9a64bb4ab9b921958af213209c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d104-5a8c-47b6-b160-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:28.000Z",
|
|
"modified": "2016-12-19T12:22:28.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'df1ff7cc193e6daabdb54e44d7d376c1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d105-d92c-40c6-8aaf-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:29.000Z",
|
|
"modified": "2016-12-19T12:22:29.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '11b949dafc35aaab4595ed5d5119731f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d105-7604-4ae5-b412-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:29.000Z",
|
|
"modified": "2016-12-19T12:22:29.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '842f279d81f52a3d21d43367b976eb24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d106-6f38-46f3-8ef0-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:30.000Z",
|
|
"modified": "2016-12-19T12:22:30.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'a0c5cc06f6e5e9fb6da7529a02331972']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d106-8554-477c-9d9a-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:30.000Z",
|
|
"modified": "2016-12-19T12:22:30.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'fe5bf21593ddaf4aae3ac77f1bff02c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d107-8070-41c2-b2f6-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:31.000Z",
|
|
"modified": "2016-12-19T12:22:31.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'bc4d634d6b5d40a4be72de9b91b9d2d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d107-12c8-4b1a-a3c5-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:31.000Z",
|
|
"modified": "2016-12-19T12:22:31.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '6d021db429a696e5ab237b30a743cec3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d108-6f80-4cb6-81f3-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:32.000Z",
|
|
"modified": "2016-12-19T12:22:32.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '739d8fb283e2a7a6015f1be1391c33a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d108-1b2c-4148-9709-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:32.000Z",
|
|
"modified": "2016-12-19T12:22:32.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'cd770d2079332bfffac2b257d5ca88a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d109-bd9c-4f46-a2af-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:33.000Z",
|
|
"modified": "2016-12-19T12:22:33.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '0eb12f0c3aa4ec1db178fbbe69a329cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d109-9250-48e0-9afa-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:33.000Z",
|
|
"modified": "2016-12-19T12:22:33.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '10bd1bcf24e12761df2ac8574cd5421e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10a-e834-4864-87ec-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:34.000Z",
|
|
"modified": "2016-12-19T12:22:34.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '12c02277ede45fdad0cb6e5572555a64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10a-284c-4e58-8628-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:34.000Z",
|
|
"modified": "2016-12-19T12:22:34.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '13aa570ab9772d1e03e054eb4d5ec895']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10b-aab4-42a7-aaa5-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:35.000Z",
|
|
"modified": "2016-12-19T12:22:35.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '2a38488d890751f2e7b1a8dc7c212a54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10c-a4a0-4527-ab0f-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:36.000Z",
|
|
"modified": "2016-12-19T12:22:36.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '7fb0c05045f84aa9bb2e27ee490379c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10c-8e60-4718-b975-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:36.000Z",
|
|
"modified": "2016-12-19T12:22:36.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '8b573ec48dea7caffcd18eea04d73c6d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10c-e01c-48cd-8381-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:36.000Z",
|
|
"modified": "2016-12-19T12:22:36.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'a5bc70e11f4dd1858ab8bbcee699c39b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10d-e6d0-4405-9018-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:37.000Z",
|
|
"modified": "2016-12-19T12:22:37.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'da6794432858b2bfa8e7e252af5d59d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10d-c540-4217-b759-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:37.000Z",
|
|
"modified": "2016-12-19T12:22:37.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'ea87cce7ba48805a0082c59c8feab894']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10e-a880-4765-ae11-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:38.000Z",
|
|
"modified": "2016-12-19T12:22:38.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '0124976c3608a484d929a7bd0d6be7a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10e-e6e0-47ed-b5a8-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:38.000Z",
|
|
"modified": "2016-12-19T12:22:38.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '05ec671309abebc5e183ccfe98a4cc6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d10f-eac0-4535-b4de-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:22:39.000Z",
|
|
"modified": "2016-12-19T12:22:39.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '072f11f8bb4d295d1000148939e99577']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:22:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2dd-0c30-4808-b728-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:21.000Z",
|
|
"modified": "2016-12-19T12:30:21.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = '1f9ea55ec924bf927db4fb4f429d49b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2de-c2f4-4d24-823c-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:22.000Z",
|
|
"modified": "2016-12-19T12:30:22.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = 'f758f8cd8df5c969181f727bdc300b09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2df-75dc-4739-b7c2-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:23.000Z",
|
|
"modified": "2016-12-19T12:30:23.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = '09b3e90ba0352189c374ed9f925fd016']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2df-67fc-47f3-917f-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:23.000Z",
|
|
"modified": "2016-12-19T12:30:23.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = '4e6b187f08037c03887fc0cc7d2d7862']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e0-1d84-4cf5-8638-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:24.000Z",
|
|
"modified": "2016-12-19T12:30:24.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = '890ce994b735b36bbbb737d4ea86283c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e0-6bf8-4e44-80bd-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:24.000Z",
|
|
"modified": "2016-12-19T12:30:24.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = '8badfb1cfda4d0b88fa8e765b6162eaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e1-aab0-4754-b2d5-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:25.000Z",
|
|
"modified": "2016-12-19T12:30:25.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = '95cc32e268174eb70e5d4878c8c481f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d2e1-bd68-4462-86a8-0b250a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:30:25.000Z",
|
|
"modified": "2016-12-19T12:30:25.000Z",
|
|
"description": "Luminosity RAT",
|
|
"pattern": "[file:hashes.MD5 = 'cc6fa7ea140f2af9e821f0b2a3785f3b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:30:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d359-a7e0-4e84-acf6-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:25.000Z",
|
|
"modified": "2016-12-19T12:32:25.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = '59d528ac5530c7dd148fc85ac3e2de5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d359-78b4-4700-bf9d-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:25.000Z",
|
|
"modified": "2016-12-19T12:32:25.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = '80c4a3d66159877e264b0eab74a791db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35a-7b28-458f-9a02-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:26.000Z",
|
|
"modified": "2016-12-19T12:32:26.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = '94c4d42987540d6428a79c1ec4498a62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35a-70f4-48d5-aa26-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:26.000Z",
|
|
"modified": "2016-12-19T12:32:26.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'c96ac3ecac9e7f5c72aa452a299ccd4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35b-0398-4ccf-91e8-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:27.000Z",
|
|
"modified": "2016-12-19T12:32:27.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'ca261b901e94148a336b7504612900b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35b-ff94-4a78-9c64-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:27.000Z",
|
|
"modified": "2016-12-19T12:32:27.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = '5232002e147c9a71de02b1503549ee5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35c-5a6c-4ebb-8d0a-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:28.000Z",
|
|
"modified": "2016-12-19T12:32:28.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = '8f35879eedef813f7cf363e6b31bb720']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35c-2de4-4698-82bd-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:28.000Z",
|
|
"modified": "2016-12-19T12:32:28.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = '983ac1b9d8d8f93f6ec2133873e0d765']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35d-5010-4d23-aa36-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:29.000Z",
|
|
"modified": "2016-12-19T12:32:29.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'aa6eb70eb3760839617114e970eec9ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d35d-6f64-449c-9c8c-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:32:29.000Z",
|
|
"modified": "2016-12-19T12:32:29.000Z",
|
|
"description": "HawkEye Keylogger/Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'cc2a4547e94971b25f5c64db863c7007']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:32:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a1-bf14-44b1-a03a-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:37.000Z",
|
|
"modified": "2016-12-19T12:33:37.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[file:hashes.MD5 = '42de8eeb42766ab89f7ad30e3a95a6dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a2-ad2c-4d19-a848-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:38.000Z",
|
|
"modified": "2016-12-19T12:33:38.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'da0bc308da0fdd2bc88c16609de84799']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a3-887c-4eca-be1c-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:39.000Z",
|
|
"modified": "2016-12-19T12:33:39.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'e8bfa64826d095ff3699a5e3df205d24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a3-f240-4bd8-bcb5-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:39.000Z",
|
|
"modified": "2016-12-19T12:33:39.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'bd32f579daf66fc77d0d39faa0827d49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d3a4-0f78-4f34-8de5-0b840a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:33:40.000Z",
|
|
"modified": "2016-12-19T12:33:40.000Z",
|
|
"description": "ISR Stealer",
|
|
"pattern": "[file:hashes.MD5 = 'baf19d9baa948caa29fa4d47a5b00f39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:33:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d41c-97a4-4258-9a56-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:35:40.000Z",
|
|
"modified": "2016-12-19T12:35:40.000Z",
|
|
"description": "NetWire RAT",
|
|
"pattern": "[file:hashes.MD5 = '362b8ff281b373698823f01ec5de316e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:35:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d41d-c8e0-485a-96c9-086e0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:35:41.000Z",
|
|
"modified": "2016-12-19T12:35:41.000Z",
|
|
"description": "NetWire RAT",
|
|
"pattern": "[file:hashes.MD5 = 'b4161aeec2eee9f16b4f7bf53017b593']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:35:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d47c-c624-43cd-9c39-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:16.000Z",
|
|
"modified": "2016-12-19T12:37:16.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '6ed4cb68167e3413d9987b0f40733ded']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d47d-c078-4b3a-90c5-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:17.000Z",
|
|
"modified": "2016-12-19T12:37:17.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '763eff9455c998456f017d375ebbe334']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d47d-7b40-4cb6-93a5-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:17.000Z",
|
|
"modified": "2016-12-19T12:37:17.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = 'acb19c9d138687d8b77b9a16318f7897']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d47e-14b8-4b69-9c84-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:18.000Z",
|
|
"modified": "2016-12-19T12:37:18.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '0828d80567c200832804ab58b9653f40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d47e-ecc4-4406-a471-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:18.000Z",
|
|
"modified": "2016-12-19T12:37:18.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '1c55c4e93c5b59c5497817c2d75eeb82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d47f-7164-48d5-b4eb-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:19.000Z",
|
|
"modified": "2016-12-19T12:37:19.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '20bca6c0ce7aa1c1eec53bde21162f05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d47f-4060-4409-bc0d-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:19.000Z",
|
|
"modified": "2016-12-19T12:37:19.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '41875543ce8f9fc1c3c823e783fc3799']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d480-fef4-4a09-8e68-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:20.000Z",
|
|
"modified": "2016-12-19T12:37:20.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '59ea190027969a9395556a1879b8fa1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d480-8368-49bc-92af-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:20.000Z",
|
|
"modified": "2016-12-19T12:37:20.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = '926a5b3a83da4947dc45b83a564e5de4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d481-a8dc-4d33-b52d-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:21.000Z",
|
|
"modified": "2016-12-19T12:37:21.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = 'cb6b3071cf743fa0e62af0e29a269301']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d481-0788-48ba-8063-08720a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:37:21.000Z",
|
|
"modified": "2016-12-19T12:37:21.000Z",
|
|
"description": "Zeus Atmos",
|
|
"pattern": "[file:hashes.MD5 = 'f7f79d8821abd3035a3c77b4d1319334']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:37:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d5-97b0-432b-a8ab-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:41.000Z",
|
|
"modified": "2016-12-19T12:21:41.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'b26502694ec0f977510045e4805e3c5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d5-c9a0-4fde-a750-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:41.000Z",
|
|
"modified": "2016-12-19T12:21:41.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '312feecdc77cb3e29151734ec9939cfb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d6-0768-489a-b11a-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:42.000Z",
|
|
"modified": "2016-12-19T12:21:42.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '23965eaaece7160f5f4f38a2b2ae557a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d6-b4c4-44da-a738-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:42.000Z",
|
|
"modified": "2016-12-19T12:21:42.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '36db408c729e4eec4b67593dbe6e21cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d7-11d0-4f67-8131-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:43.000Z",
|
|
"modified": "2016-12-19T12:21:43.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '94083460473c6ccf96060c3f35bda8f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d7-4c98-44af-b34f-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:43.000Z",
|
|
"modified": "2016-12-19T12:21:43.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '4e06d7730397f84761222ceb22578e59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d8-5688-4c13-96f6-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:44.000Z",
|
|
"modified": "2016-12-19T12:21:44.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'fff1ccdebd953a89168fa545cca2d78a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d8-e7e4-4630-9d96-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:44.000Z",
|
|
"modified": "2016-12-19T12:21:44.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '5497251394bca97e1cbe2008740ead6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d9-2d3c-40ab-914d-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:45.000Z",
|
|
"modified": "2016-12-19T12:21:45.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'ead4bbedddba4cd1d0b31a82987ffce4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0d9-14ac-4d46-9b78-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:45.000Z",
|
|
"modified": "2016-12-19T12:21:45.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'd04c3b2fe025c183ffcf85d334b2dfc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0da-c948-409f-8733-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:46.000Z",
|
|
"modified": "2016-12-19T12:21:46.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'f402e0747de2f70a43dcb0ef5cb1bb12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0da-8450-4a3f-9b17-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:46.000Z",
|
|
"modified": "2016-12-19T12:21:46.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '262c692bec80d7d7af77026d03a9277d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0db-0568-4ac7-b8e0-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:47.000Z",
|
|
"modified": "2016-12-19T12:21:47.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'd0c3b85e2459e85fd0d00b5ac88782d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0db-4390-4ce0-8b5a-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:47.000Z",
|
|
"modified": "2016-12-19T12:21:47.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '0899d80a6e4168e760321009d28b4a25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0dc-d1b0-4e75-85b8-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:48.000Z",
|
|
"modified": "2016-12-19T12:21:48.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '7ba5b2b942587afad892d14c29186881']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0dc-0ea8-4029-95c7-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:48.000Z",
|
|
"modified": "2016-12-19T12:21:48.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'f328c9cef3df7dbbafdabe102f2dd489']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0dd-7b90-4b29-a25e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:49.000Z",
|
|
"modified": "2016-12-19T12:21:49.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '513d4413be0c6756b0aec628fb8f5398']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0dd-3868-4a95-ab01-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:49.000Z",
|
|
"modified": "2016-12-19T12:21:49.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'a1709a3f4952c2928e5f7e4ba552bef6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0de-ff0c-4043-b450-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:50.000Z",
|
|
"modified": "2016-12-19T12:21:50.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'a598c6964f7f9aef6e6ad21c630e744a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0de-3914-451d-8858-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:50.000Z",
|
|
"modified": "2016-12-19T12:21:50.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'bcd6efb7ba13404999640cbf4a8300ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0df-91fc-4c2d-b625-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:51.000Z",
|
|
"modified": "2016-12-19T12:21:51.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '7210fa489bfb83715529f1ec3b55922b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0df-1744-4479-9652-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:51.000Z",
|
|
"modified": "2016-12-19T12:21:51.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '2cab3363d8bb5601948f528add75c5e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e0-bb6c-43da-b61a-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:52.000Z",
|
|
"modified": "2016-12-19T12:21:52.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'abaaba5109c19f658f9eaf56551c0996']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e0-0084-4199-b01a-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:52.000Z",
|
|
"modified": "2016-12-19T12:21:52.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '53b9d168f0776c99518a8a125459b94c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e1-0e08-47e6-8df0-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:53.000Z",
|
|
"modified": "2016-12-19T12:21:53.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '1c000371cda75156c5af004ca4b08e08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e1-f074-4a7f-b871-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:53.000Z",
|
|
"modified": "2016-12-19T12:21:53.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '5c78e6d84ef59b06e918c55d9fd8de8c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e2-efbc-4175-8f45-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:54.000Z",
|
|
"modified": "2016-12-19T12:21:54.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '1e692a3e7f16b8bc9949eba72158a773']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e2-bd98-41f8-bd81-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:54.000Z",
|
|
"modified": "2016-12-19T12:21:54.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'e9d3d83bec1d897538af8aebffd03ad1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e3-d59c-4063-9a92-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:55.000Z",
|
|
"modified": "2016-12-19T12:21:55.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'c5674b866e3362bc09dfab0385b44bec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e3-0590-4103-a67c-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:55.000Z",
|
|
"modified": "2016-12-19T12:21:55.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'dfae40a4e4a1b60322fd180f8cfa1c33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e4-92b8-459c-acf1-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:56.000Z",
|
|
"modified": "2016-12-19T12:21:56.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '0b7f872d098ef8f1dd0e52f6d5c5a92e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e4-1d24-424c-baa0-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:56.000Z",
|
|
"modified": "2016-12-19T12:21:56.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = 'e2ab25321e1bb1d56d8bca11fe0cc764']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e5-e110-4e01-98c1-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:57.000Z",
|
|
"modified": "2016-12-19T12:21:57.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '96f1794733e30fb2df9e5e894f4e1cfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e5-54b0-4fd0-a69e-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:57.000Z",
|
|
"modified": "2016-12-19T12:21:57.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '63b1d969270cccd998279477a687407c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e6-2cdc-4178-b498-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:58.000Z",
|
|
"modified": "2016-12-19T12:21:58.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '9e7318168e76fdd5414fe00d8daaf21e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5857d0e6-72a4-4136-807a-0b7a0a950b0c",
|
|
"created_by_ref": "identity--5697b0c4-9474-4336-b675-28140a950b0b",
|
|
"created": "2016-12-19T12:21:58.000Z",
|
|
"modified": "2016-12-19T12:21:58.000Z",
|
|
"description": "FareIT/Pony 2.0",
|
|
"pattern": "[file:hashes.MD5 = '57da8a2813c9b1cb6598609e10faf1b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-12-19T12:21:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |