1714 lines
No EOL
73 KiB
JSON
1714 lines
No EOL
73 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5a3c2fcd-8328-42bb-a95e-4f4402de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:25.000Z",
|
|
"modified": "2017-12-22T13:17:25.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--5a3c2fcd-8328-42bb-a95e-4f4402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:25.000Z",
|
|
"modified": "2017-12-22T13:17:25.000Z",
|
|
"name": "OSINT - Sednit update: How Fancy Bear Spent the Year",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"observed-data--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"url--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"x-misp-attribute--5a3c2fee-7c8c-438a-8f7f-465402de0b81",
|
|
"indicator--5a3c3045-ab0c-4d38-8efe-459002de0b81",
|
|
"indicator--5a3c3045-61dc-495c-ae8a-471e02de0b81",
|
|
"indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
|
"indicator--5a3c3045-968c-4572-9f64-491502de0b81",
|
|
"indicator--5a3c3045-eb44-433f-a13a-44b902de0b81",
|
|
"indicator--5a3c3045-6a88-479d-b799-4d3d02de0b81",
|
|
"indicator--5a3c3045-7480-4831-a5c4-48c802de0b81",
|
|
"indicator--5a3cd5b6-9568-4342-b2ab-4c62950d210f",
|
|
"indicator--5a3cd604-e11c-4de5-bbbf-c170950d210f",
|
|
"indicator--5a3cd693-fd9c-4fcf-b69a-439c950d210f",
|
|
"indicator--5a3cd6c2-d290-4787-910f-4e6d950d210f",
|
|
"indicator--5a3cd74e-1504-40ff-9a28-4501950d210f",
|
|
"indicator--5a3cd775-e4cc-44bb-89b6-4c5a950d210f",
|
|
"indicator--5a3cd82f-2788-4561-bbeb-5165950d210f",
|
|
"indicator--5a3cd847-b5a0-42f7-ac4b-5165950d210f",
|
|
"indicator--5a3cd861-65c0-4b69-9429-4f37950d210f",
|
|
"indicator--5a3cd87d-f514-4071-a5f7-4ec2950d210f",
|
|
"indicator--5a3cd896-f6cc-4e52-bcb2-442c950d210f",
|
|
"indicator--5a3cd8ae-54d0-46bb-adbb-4c5a950d210f",
|
|
"indicator--5a3cd8bb-a704-4f1d-a235-444e950d210f",
|
|
"indicator--5a3cd8c9-6568-406a-853c-4862950d210f",
|
|
"indicator--5a3cd8db-2838-4466-a986-4afb950d210f",
|
|
"indicator--5a3cd8fb-cd14-4b00-9710-430c950d210f",
|
|
"indicator--5a3cd90e-538c-4b7e-95dc-5276950d210f",
|
|
"indicator--5a3cd927-e410-489c-abfc-4b63950d210f",
|
|
"indicator--5a3cd93c-716c-4918-a00f-4671950d210f",
|
|
"indicator--5a3cda96-85c4-45a1-82ea-c5ed950d210f",
|
|
"indicator--5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
|
|
"indicator--5a3cdbf6-f814-491f-9f93-4c59950d210f",
|
|
"indicator--5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
|
|
"indicator--5a3cdc21-856c-48bd-a757-4f4b950d210f",
|
|
"indicator--5a3cdc37-89e8-4a2d-823a-4af8950d210f",
|
|
"indicator--5a3cdc48-b9a0-4775-a03f-5156950d210f",
|
|
"indicator--5a3cdc5a-8760-4efa-949a-4c5a950d210f",
|
|
"indicator--5a3cdc72-1538-4c66-af46-427b950d210f",
|
|
"indicator--5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
|
|
"indicator--5a3ce3c3-34b4-4e1f-b238-4399950d210f",
|
|
"indicator--5a3ce3d4-07bc-4af3-90fc-4798950d210f",
|
|
"indicator--5a3ce3ea-580c-477c-9b73-4e57950d210f",
|
|
"indicator--5a3ce404-efc0-4f15-864e-55ea950d210f",
|
|
"indicator--5a3ce417-7cd4-4c36-8a73-55ea950d210f",
|
|
"indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"indicator--5a3ce43a-5478-4f65-95b2-4e1e950d210f",
|
|
"indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"indicator--5a3ce58a-3198-4cb8-9d51-44e5950d210f",
|
|
"indicator--5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
|
|
"indicator--5a3ce60a-6db8-4212-b194-4339950d210f",
|
|
"indicator--5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
|
|
"indicator--5a3ce63e-0240-46f5-b9ed-4759950d210f",
|
|
"indicator--5a3ce64e-8bf8-4dc6-be49-437f950d210f",
|
|
"indicator--5a3ce65c-fc40-4585-817e-4ca3950d210f",
|
|
"indicator--5a3ce66e-70b4-47e7-b965-46f6950d210f",
|
|
"indicator--5a3ce680-90d4-478d-95db-48a6950d210f",
|
|
"indicator--5a3ce68d-1940-4ea6-becd-44fe950d210f",
|
|
"indicator--5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
|
|
"indicator--5a3ce6ae-98d8-4270-b88f-47f2950d210f",
|
|
"relationship--bdc9fc98-959c-4542-b110-a5c8ea2cefca",
|
|
"relationship--c51a7839-acd7-4ad9-9d68-889e8cb7701a",
|
|
"relationship--c06cb1d7-2937-425c-a75c-04733aa38037",
|
|
"relationship--a35a0bb5-d8b9-42a2-a7ac-22a6e9470529",
|
|
"relationship--a105c098-df2b-47dd-9f9e-fb9db20520e4",
|
|
"relationship--a21be670-34af-4ca2-b0ab-0e725b6da199",
|
|
"relationship--745600c5-edf3-4f96-9954-f40b8cb0aefc",
|
|
"relationship--a61130bf-9f33-4a54-8208-fee324f85476",
|
|
"relationship--f6a69805-3793-40cc-9ec1-05d7ed7afeb2",
|
|
"relationship--08bae9be-725d-4ae6-81e3-487bb877f7b2",
|
|
"relationship--4819a979-7ef5-49e2-9c9f-c8baace93df1",
|
|
"relationship--749fa6af-43f4-4162-ab6c-199a1ec91b25",
|
|
"relationship--83db27c5-d9e8-4932-b6e6-82994d5e1a03",
|
|
"relationship--72e97dd8-ae19-4db8-9286-c9b755f77dce",
|
|
"relationship--7596b5f6-74b3-44f0-9465-4f29bd54445d",
|
|
"relationship--3fb9ea8a-4098-420a-bbad-48565ff7ff57",
|
|
"relationship--9e8b010a-c6ff-4790-ab47-8083bde905bc",
|
|
"relationship--2fc7d5d7-42ee-4217-8463-e05a56492f8e",
|
|
"relationship--83c85d2a-229a-417c-aca2-5ee32a9aa4cd",
|
|
"relationship--41920095-cb91-4237-85e9-3faac4ddc8d1"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"workflow:state=\"incomplete\"",
|
|
"workflow:todo=\"create-missing-misp-galaxy-cluster-values\"",
|
|
"workflow:todo=\"create-missing-misp-galaxy-cluster\"",
|
|
"misp-galaxy:threat-actor=\"Sofacy\"",
|
|
"misp-galaxy:exploit-kit=\"Sednit EK\"",
|
|
"misp-galaxy:tool=\"GAMEFISH\"",
|
|
"misp-galaxy:mitre-malware=\"JHUHUGIT\"",
|
|
"misp-galaxy:tool=\"X-Tunnel\"",
|
|
"misp-galaxy:mitre-malware=\"XTunnel\"",
|
|
"misp-galaxy:mitre-malware=\"ADVSTORESHELL\"",
|
|
"misp-galaxy:tool=\"EVILTOSS\"",
|
|
"misp-galaxy:mitre-malware=\"USBStealer\"",
|
|
"misp-galaxy:tool=\"X-Agent\"",
|
|
"misp-galaxy:mitre-malware=\"XAgentOSX\"",
|
|
"misp-galaxy:mitre-malware=\"CHOPSTICK\"",
|
|
"misp-galaxy:exploit-kit=\"DealersChoice\"",
|
|
"misp-galaxy:mitre-malware=\"Downdelph\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:21.000Z",
|
|
"modified": "2017-12-21T22:05:21.000Z",
|
|
"first_observed": "2017-12-21T22:05:21Z",
|
|
"last_observed": "2017-12-21T22:05:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5a3c2fda-78f4-44b7-8366-46da02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:certainty=\"93\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5a3c2fda-78f4-44b7-8366-46da02de0b81",
|
|
"value": "https://www.welivesecurity.com/2017/12/21/sednit-update-fancy-bear-spent-year/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5a3c2fee-7c8c-438a-8f7f-465402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:21.000Z",
|
|
"modified": "2017-12-21T22:05:21.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\"",
|
|
"osint:certainty=\"93\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "The Sednit group \u2014 also known as Strontium, APT28, Fancy Bear or Sofacy\u2009\u2014\u2009is a group of attackers operating since 2004, if not earlier, and whose main objective is to steal confidential information from specific targets.\r\n\r\nThis article is a follow-up to ESET\u2019s presentation at BlueHat in November 2017. Late in 2016 we published a white paper covering Sednit activity between 2014 and 2016. Since then, we have continued to actively track Sednit\u2019s operations, and today we are publishing a brief overview of what our tracking uncovered in terms of the group\u2019s activities and updates to their toolset. The first section covers the update of their attack methodology: namely, the ways in which this group tries to compromise their targets systems. The second section covers the evolution of their tools, with a particular emphasis on a detailed analysis of a new version of their flagship malware: Xagent."
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-ab0c-4d38-8efe-459002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'movieultimate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-61dc-495c-ae8a-471e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'meteost.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'faststoragefiles.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-968c-4572-9f64-491502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'nethostnet.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-eb44-433f-a13a-44b902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'fsportal.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-6a88-479d-b799-4d3d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'fastdataexchange.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3c3045-7480-4831-a5c4-48c802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-21T22:05:57.000Z",
|
|
"modified": "2017-12-21T22:05:57.000Z",
|
|
"description": "Xagent Samples",
|
|
"pattern": "[domain-name:value = 'newfilmts.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-21T22:05:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd5b6-9568-4342-b2ab-4c62950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:51:50.000Z",
|
|
"modified": "2017-12-22T09:51:50.000Z",
|
|
"description": "Win32/Sednit.AX",
|
|
"pattern": "[file:hashes.SHA1 = '68064fc152e23d56e541714af52651cb4ba81aaf' AND file:name = 'Bulletin.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:51:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd604-e11c-4de5-bbbf-c170950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:53:08.000Z",
|
|
"modified": "2017-12-22T09:53:08.000Z",
|
|
"description": "Win32/Exploit.CVE-2016-4117.A",
|
|
"pattern": "[file:hashes.SHA1 = 'f3805382ae2e23ff1147301d131a06e00e4ff75f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:53:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd693-fd9c-4fcf-b69a-439c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:55:31.000Z",
|
|
"modified": "2017-12-22T09:55:31.000Z",
|
|
"description": "Win32/Exploit.Agent.NUB",
|
|
"pattern": "[file:hashes.SHA1 = '512bdfe937314ac3f195c462c395feeb36932971' AND file:name = 'OC_PSO_2017.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:55:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd6c2-d290-4787-910f-4e6d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:56:18.000Z",
|
|
"modified": "2017-12-22T09:56:18.000Z",
|
|
"description": "Win32/Exploit.Agent.NTR",
|
|
"pattern": "[file:hashes.SHA1 = '30b3e8c0f3f3cf200daa21c267ffab3cad64e68b' AND file:name = 'NASAMS.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:56:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd74e-1504-40ff-9a28-4501950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:58:38.000Z",
|
|
"modified": "2017-12-22T09:58:38.000Z",
|
|
"description": "Win32/Exploit.Agent.NTO",
|
|
"pattern": "[file:hashes.SHA1 = '4173b29a251cd9c1cab135f67cb60acab4ace0c5' AND file:name = 'Programm_Details.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:58:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd775-e4cc-44bb-89b6-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T09:59:17.000Z",
|
|
"modified": "2017-12-22T09:59:17.000Z",
|
|
"description": "Win32/Exploit.Agent.NTR",
|
|
"pattern": "[file:hashes.SHA1 = '12a37cfdd3f3671074dd5b0f354269cec028fb52' AND file:name = 'Operation_in_Mosul.rtf' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T09:59:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd82f-2788-4561-bbeb-5165950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:02:23.000Z",
|
|
"modified": "2017-12-22T10:02:23.000Z",
|
|
"description": "SWF/Agent.L",
|
|
"pattern": "[file:hashes.SHA1 = '15201766bd964b7c405aeb11db81457220c31e46' AND file:name = 'ARM-NATO_ENGLISH_30_NOV_2016.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:02:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd847-b5a0-42f7-ac4b-5165950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:02:47.000Z",
|
|
"modified": "2017-12-22T10:02:47.000Z",
|
|
"description": "Win32/Exploit.Agent.BL",
|
|
"pattern": "[file:hashes.SHA1 = '8078e411fbe33864dfd8f87ad5105cc1fd26d62e' AND file:name = 'Olympic-Agenda-2020-20-20-Recommendations.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:02:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd861-65c0-4b69-9429-4f37950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:03:13.000Z",
|
|
"modified": "2017-12-22T10:03:13.000Z",
|
|
"description": "Win32/Exploit.Agent.NUG",
|
|
"pattern": "[file:hashes.SHA1 = '33447383379ca99083442b852589111296f0c603' AND file:name = 'Merry_Christmas!.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:03:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd87d-f514-4071-a5f7-4ec2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:03:41.000Z",
|
|
"modified": "2017-12-22T10:03:41.000Z",
|
|
"description": "Win32/Exploit.Agent.NWZ",
|
|
"pattern": "[file:hashes.SHA1 = 'd5235d136cfcadbef431eea7253d80bde414db9d' AND file:name = 'Trump\u2019s_Attack_on_Syria_English.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:03:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd896-f6cc-4e52-bcb2-442c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:06.000Z",
|
|
"modified": "2017-12-22T10:04:06.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'f293a2bfb728060c54efeeb03c5323893b5c80df' AND file:name = 'Hotel_Reservation_Form.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8ae-54d0-46bb-adbb-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:30.000Z",
|
|
"modified": "2017-12-22T10:04:30.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'bb10ed5d59672fbc6178e35d0feac0562513e9f0' AND file:name = 'SB_Doc_2017-3_Implementation_of_Key_Taskings_and_Next_Steps.doc' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8bb-a704-4f1d-a235-444e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:43.000Z",
|
|
"modified": "2017-12-22T10:04:43.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '4873bafe44cff06845faa0ce7c270c4ce3c9f7b9' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8c9-6568-406a-853c-4862950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:04:57.000Z",
|
|
"modified": "2017-12-22T10:04:57.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '169c8f3e3d22e192c108bc95164d362ce5437465' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:04:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8db-2838-4466-a986-4afb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:05:15.000Z",
|
|
"modified": "2017-12-22T10:05:15.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'cc7607015cd7a1a4452acd3d87adabdd7e005bd7' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:05:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd8fb-cd14-4b00-9710-430c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:05:47.000Z",
|
|
"modified": "2017-12-22T10:05:47.000Z",
|
|
"description": "Win32/Exploit.Agent.NTM",
|
|
"pattern": "[file:hashes.SHA1 = '5d2c7d87995cc5b8184baba2c7a1900a48b2f42d' AND file:name = 'Caucasian_Eagle_ENG.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:05:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd90e-538c-4b7e-95dc-5276950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:06:06.000Z",
|
|
"modified": "2017-12-22T10:06:06.000Z",
|
|
"description": "SWF/Exploit.CVE-2017-11292.A",
|
|
"pattern": "[file:hashes.SHA1 = '7aada8bcc0d1ab8ffb1f0fae4757789c6f5546a3' AND file:name = 'World War3.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:06:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd927-e410-489c-abfc-4b63950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:06:31.000Z",
|
|
"modified": "2017-12-22T10:06:31.000Z",
|
|
"description": "VBA/DDE.E",
|
|
"pattern": "[file:hashes.SHA1 = '68c2809560c7623d2307d8797691abf3eafe319a' AND file:name = 'SaberGuardian2017.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:06:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cd93c-716c-4918-a00f-4671950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:06:52.000Z",
|
|
"modified": "2017-12-22T10:06:52.000Z",
|
|
"description": "VBA/DDE.L",
|
|
"pattern": "[file:hashes.SHA1 = '1c6c700ceebfbe799e115582665105caa03c5c9e' AND file:name = 'IsisAttackInNewYork.docx' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:06:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cda96-85c4-45a1-82ea-c5ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:17:09.000Z",
|
|
"modified": "2017-12-22T10:17:09.000Z",
|
|
"description": "Win64/Sednit.Z",
|
|
"pattern": "[file:hashes.SHA1 = '6f0fc0ebba3e4c8b26a69cdf519edf8d1aa2f4bb' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:21:34.000Z",
|
|
"modified": "2017-12-22T10:21:34.000Z",
|
|
"description": "Win64/Sednit.Z",
|
|
"pattern": "[file:hashes.SHA1 = 'e19f753e514f6adec8f81bcdefb9117979e69627' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:21:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdbf6-f814-491f-9f93-4c59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:23:33.000Z",
|
|
"modified": "2017-12-22T10:23:33.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = '961468ddd3d0fa25beb8210c81ba620f9170ed30' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:23:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:22:52.000Z",
|
|
"modified": "2017-12-22T10:22:52.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = 'a0719b50265505c8432616c0a4e14ed206981e95' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:22:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc21-856c-48bd-a757-4f4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:23:49.000Z",
|
|
"modified": "2017-12-22T10:23:49.000Z",
|
|
"description": "Win64/Sednit.Y",
|
|
"pattern": "[file:hashes.SHA1 = '2cf6436b99d11d9d1e0c488af518e35162ecbc9c' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:23:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc37-89e8-4a2d-823a-4af8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:23:13.000Z",
|
|
"modified": "2017-12-22T10:23:13.000Z",
|
|
"description": "Win64/Sednit.Y",
|
|
"pattern": "[file:hashes.SHA1 = 'fec29b4f4dccc59770c65c128dfe4564d7c13d33' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:23:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc48-b9a0-4775-a03f-5156950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:22:12.000Z",
|
|
"modified": "2017-12-22T10:22:12.000Z",
|
|
"description": "Win64/Sednit.Z",
|
|
"pattern": "[file:hashes.SHA1 = '57d7f3d31c491f8aef4665ca4dd905c3c8a98795' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:22:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc5a-8760-4efa-949a-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:24:43.000Z",
|
|
"modified": "2017-12-22T10:24:43.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = 'a3bf5b5cf5a5ef438a198a6f61f7225c0a4a7138' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:24:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3cdc72-1538-4c66-af46-427b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:24:27.000Z",
|
|
"modified": "2017-12-22T10:24:27.000Z",
|
|
"description": "Win32/Sednit.BO",
|
|
"pattern": "[file:hashes.SHA1 = '1958e722afd0dba266576922abc98aa505cf5f9a' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:24:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:25.000Z",
|
|
"modified": "2017-12-22T13:17:25.000Z",
|
|
"description": "Win32/Sednit.AX\t",
|
|
"pattern": "[file:hashes.SHA1 = '9f6bed7d7f4728490117cbc85819c2e6c494251b' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:17:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3c3-34b4-4e1f-b238-4399950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:15:38.000Z",
|
|
"modified": "2017-12-22T13:15:38.000Z",
|
|
"description": "Win32/Sednit.BS",
|
|
"pattern": "[file:hashes.SHA1 = '4bc722a9b0492a50bd86a1341f02c74c0d773db7' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3d4-07bc-4af3-90fc-4798950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:16:40.000Z",
|
|
"modified": "2017-12-22T13:16:40.000Z",
|
|
"description": "Win32/Sednit.BS",
|
|
"pattern": "[file:hashes.SHA1 = 'ab354807e687993fbeb1b325eb6e4ab38d428a1e' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:16:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce3ea-580c-477c-9b73-4e57950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:17:09.000Z",
|
|
"modified": "2017-12-22T13:17:09.000Z",
|
|
"description": "Win32/Sednit.BR",
|
|
"pattern": "[file:hashes.SHA1 = '9c47ca3883196b3a84d67676a804ff50e22b0a9f' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:17:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce404-efc0-4f15-864e-55ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:07:56.000Z",
|
|
"modified": "2017-12-22T13:07:56.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = '8a68f26d01372114f660e32ac4c9117e5d0577f1' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:07:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce417-7cd4-4c36-8a73-55ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:15:01.000Z",
|
|
"modified": "2017-12-22T13:15:01.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = '476fc1d31722ac26b46154cbf0c631d60268b28a' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:15:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:08:51.000Z",
|
|
"modified": "2017-12-22T13:08:51.000Z",
|
|
"description": "Win32/Sednit.BN",
|
|
"pattern": "[file:hashes.SHA1 = 'f9fd3f1d8da4ffd6a494228b934549d09e3c59d1' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:08:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce43a-5478-4f65-95b2-4e1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T13:12:22.000Z",
|
|
"modified": "2017-12-22T13:12:22.000Z",
|
|
"description": "Win32/Sednit.BG",
|
|
"pattern": "[file:hashes.SHA1 = 'e338d49c270baf64363879e5eecb8fa6bdde8ad9' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T13:12:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:05:56.000Z",
|
|
"modified": "2017-12-22T11:05:56.000Z",
|
|
"description": "Win32/Sednit.BG",
|
|
"pattern": "[file:hashes.SHA1 = '6e167da3c5d887fa2e58da848a2245d11b6c5ad6' AND file:x_misp_state = 'Malicious']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:05:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce58a-3198-4cb8-9d51-44e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T10:59:22.000Z",
|
|
"modified": "2017-12-22T10:59:22.000Z",
|
|
"pattern": "[domain-name:value = 'servicecdp.com' AND domain-name:resolves_to_refs[*].value = '87.236.211.182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T10:59:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce5f8-3418-4f7b-ae41-4bca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:01:12.000Z",
|
|
"modified": "2017-12-22T11:01:12.000Z",
|
|
"pattern": "[domain-name:value = 'wmdmediacodecs.com' AND domain-name:resolves_to_refs[*].value = '95.215.45.43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:01:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce60a-6db8-4212-b194-4339950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:01:30.000Z",
|
|
"modified": "2017-12-22T11:01:30.000Z",
|
|
"pattern": "[domain-name:value = 'mvband.net' AND domain-name:resolves_to_refs[*].value = '89.45.67.144']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:01:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce61a-c1f0-4c7c-b815-4fa9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:01:46.000Z",
|
|
"modified": "2017-12-22T11:01:46.000Z",
|
|
"pattern": "[domain-name:value = 'mvtband.net' AND domain-name:resolves_to_refs[*].value = '89.33.246.117']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:01:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce63e-0240-46f5-b9ed-4759950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:02:22.000Z",
|
|
"modified": "2017-12-22T11:02:22.000Z",
|
|
"pattern": "[domain-name:value = 'servicecdp.com' AND domain-name:resolves_to_refs[*].value = '87.236.211.182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:02:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce64e-8bf8-4dc6-be49-437f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:02:38.000Z",
|
|
"modified": "2017-12-22T11:02:38.000Z",
|
|
"pattern": "[domain-name:value = 'runvercheck.com' AND domain-name:resolves_to_refs[*].value = '185.156.173.70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:02:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce65c-fc40-4585-817e-4ca3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:02:52.000Z",
|
|
"modified": "2017-12-22T11:02:52.000Z",
|
|
"pattern": "[domain-name:value = 'remsupport.org' AND domain-name:resolves_to_refs[*].value = '191.101.31.96']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:02:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce66e-70b4-47e7-b965-46f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:03:10.000Z",
|
|
"modified": "2017-12-22T11:03:10.000Z",
|
|
"pattern": "[domain-name:value = 'viters.org' AND domain-name:resolves_to_refs[*].value = '89.187.150.44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:03:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce680-90d4-478d-95db-48a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:03:28.000Z",
|
|
"modified": "2017-12-22T11:03:28.000Z",
|
|
"pattern": "[domain-name:value = 'myinvestgroup.com' AND domain-name:resolves_to_refs[*].value = '146.185.253.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:03:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce68d-1940-4ea6-becd-44fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:03:41.000Z",
|
|
"modified": "2017-12-22T11:03:41.000Z",
|
|
"pattern": "[domain-name:value = 'space-delivery.com' AND domain-name:resolves_to_refs[*].value = '86.106.131.141']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:03:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce6a1-3f1c-4d5d-bac7-406d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:04:01.000Z",
|
|
"modified": "2017-12-22T11:04:01.000Z",
|
|
"pattern": "[domain-name:value = 'satellitedeluxpanorama.com' AND domain-name:resolves_to_refs[*].value = '89.34.111.160']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:04:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5a3ce6ae-98d8-4270-b88f-47f2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-12-22T11:04:14.000Z",
|
|
"modified": "2017-12-22T11:04:14.000Z",
|
|
"pattern": "[domain-name:value = 'webviewres.net' AND domain-name:resolves_to_refs[*].value = '185.216.35.26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-12-22T11:04:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "network"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"domain-ip\"",
|
|
"misp:meta-category=\"network\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--bdc9fc98-959c-4542-b110-a5c8ea2cefca",
|
|
"created": "2017-12-22T10:17:06.000Z",
|
|
"modified": "2017-12-22T10:17:06.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cda96-85c4-45a1-82ea-c5ed950d210f",
|
|
"target_ref": "indicator--5a3c3045-ab0c-4d38-8efe-459002de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c51a7839-acd7-4ad9-9d68-889e8cb7701a",
|
|
"created": "2017-12-22T10:21:31.000Z",
|
|
"modified": "2017-12-22T10:21:31.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdbc7-dbec-4b8c-8ba3-4c5a950d210f",
|
|
"target_ref": "indicator--5a3c3045-61dc-495c-ae8a-471e02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c06cb1d7-2937-425c-a75c-04733aa38037",
|
|
"created": "2017-12-22T10:23:30.000Z",
|
|
"modified": "2017-12-22T10:23:30.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdbf6-f814-491f-9f93-4c59950d210f",
|
|
"target_ref": "indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a35a0bb5-d8b9-42a2-a7ac-22a6e9470529",
|
|
"created": "2017-12-22T10:22:49.000Z",
|
|
"modified": "2017-12-22T10:22:49.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc09-6fbc-4ca1-bfaa-c5ed950d210f",
|
|
"target_ref": "indicator--5a3c3045-968c-4572-9f64-491502de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a105c098-df2b-47dd-9f9e-fb9db20520e4",
|
|
"created": "2017-12-22T10:23:46.000Z",
|
|
"modified": "2017-12-22T10:23:46.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc21-856c-48bd-a757-4f4b950d210f",
|
|
"target_ref": "indicator--5a3c3045-e354-4978-a6b4-49ad02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a21be670-34af-4ca2-b0ab-0e725b6da199",
|
|
"created": "2017-12-22T10:23:09.000Z",
|
|
"modified": "2017-12-22T10:23:09.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc37-89e8-4a2d-823a-4af8950d210f",
|
|
"target_ref": "indicator--5a3c3045-eb44-433f-a13a-44b902de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--745600c5-edf3-4f96-9954-f40b8cb0aefc",
|
|
"created": "2017-12-22T10:22:09.000Z",
|
|
"modified": "2017-12-22T10:22:09.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc48-b9a0-4775-a03f-5156950d210f",
|
|
"target_ref": "indicator--5a3c3045-6a88-479d-b799-4d3d02de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--a61130bf-9f33-4a54-8208-fee324f85476",
|
|
"created": "2017-12-22T10:24:40.000Z",
|
|
"modified": "2017-12-22T10:24:40.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc5a-8760-4efa-949a-4c5a950d210f",
|
|
"target_ref": "indicator--5a3c3045-7480-4831-a5c4-48c802de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--f6a69805-3793-40cc-9ec1-05d7ed7afeb2",
|
|
"created": "2017-12-22T10:24:24.000Z",
|
|
"modified": "2017-12-22T10:24:24.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3cdc72-1538-4c66-af46-427b950d210f",
|
|
"target_ref": "indicator--5a3c3045-7480-4831-a5c4-48c802de0b81"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--08bae9be-725d-4ae6-81e3-487bb877f7b2",
|
|
"created": "2017-12-22T12:57:39.000Z",
|
|
"modified": "2017-12-22T12:57:39.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3a9-f070-4403-a1f6-4b8c950d210f",
|
|
"target_ref": "indicator--5a3ce58a-3198-4cb8-9d51-44e5950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--4819a979-7ef5-49e2-9c9f-c8baace93df1",
|
|
"created": "2017-12-22T13:15:18.000Z",
|
|
"modified": "2017-12-22T13:15:18.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3c3-34b4-4e1f-b238-4399950d210f",
|
|
"target_ref": "indicator--5a3ce6ae-98d8-4270-b88f-47f2950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--749fa6af-43f4-4162-ab6c-199a1ec91b25",
|
|
"created": "2017-12-22T13:15:28.000Z",
|
|
"modified": "2017-12-22T13:15:28.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3d4-07bc-4af3-90fc-4798950d210f",
|
|
"target_ref": "indicator--5a3ce6a1-3f1c-4d5d-bac7-406d950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--83db27c5-d9e8-4932-b6e6-82994d5e1a03",
|
|
"created": "2017-12-22T13:16:54.000Z",
|
|
"modified": "2017-12-22T13:16:54.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce3ea-580c-477c-9b73-4e57950d210f",
|
|
"target_ref": "indicator--5a3ce68d-1940-4ea6-becd-44fe950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--72e97dd8-ae19-4db8-9286-c9b755f77dce",
|
|
"created": "2017-12-22T13:07:24.000Z",
|
|
"modified": "2017-12-22T13:07:24.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce404-efc0-4f15-864e-55ea950d210f",
|
|
"target_ref": "indicator--5a3ce680-90d4-478d-95db-48a6950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--7596b5f6-74b3-44f0-9465-4f29bd54445d",
|
|
"created": "2017-12-22T13:14:43.000Z",
|
|
"modified": "2017-12-22T13:14:43.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce417-7cd4-4c36-8a73-55ea950d210f",
|
|
"target_ref": "indicator--5a3ce66e-70b4-47e7-b965-46f6950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--3fb9ea8a-4098-420a-bbad-48565ff7ff57",
|
|
"created": "2017-12-22T13:08:26.000Z",
|
|
"modified": "2017-12-22T13:08:26.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"target_ref": "indicator--5a3ce60a-6db8-4212-b194-4339950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--9e8b010a-c6ff-4790-ab47-8083bde905bc",
|
|
"created": "2017-12-22T13:08:37.000Z",
|
|
"modified": "2017-12-22T13:08:37.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce42b-2e0c-4a26-b6c8-47a3950d210f",
|
|
"target_ref": "indicator--5a3ce61a-c1f0-4c7c-b815-4fa9950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2fc7d5d7-42ee-4217-8463-e05a56492f8e",
|
|
"created": "2017-12-22T13:12:00.000Z",
|
|
"modified": "2017-12-22T13:12:00.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce43a-5478-4f65-95b2-4e1e950d210f",
|
|
"target_ref": "indicator--5a3ce5f8-3418-4f7b-ae41-4bca950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--83c85d2a-229a-417c-aca2-5ee32a9aa4cd",
|
|
"created": "2017-12-22T11:05:34.000Z",
|
|
"modified": "2017-12-22T11:05:34.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"target_ref": "indicator--5a3ce64e-8bf8-4dc6-be49-437f950d210f"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--41920095-cb91-4237-85e9-3faac4ddc8d1",
|
|
"created": "2017-12-22T11:05:53.000Z",
|
|
"modified": "2017-12-22T11:05:53.000Z",
|
|
"relationship_type": "communicates-with",
|
|
"source_ref": "indicator--5a3ce44a-ce70-42b7-80b8-c328950d210f",
|
|
"target_ref": "indicator--5a3ce65c-fc40-4585-817e-4ca3950d210f"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |