2167 lines
No EOL
93 KiB
JSON
2167 lines
No EOL
93 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5aa43c06-fbdc-4a8f-b607-406402de0b81",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:34:44.000Z",
|
|
"modified": "2018-03-10T20:34:44.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5aa43c06-fbdc-4a8f-b607-406402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:34:44.000Z",
|
|
"modified": "2018-03-10T20:34:44.000Z",
|
|
"name": "OSINT - New traces of Hacking Team in the wild",
|
|
"published": "2018-03-10T20:35:14Z",
|
|
"object_refs": [
|
|
"observed-data--5aa43c14-ebf4-403b-8c58-492d02de0b81",
|
|
"url--5aa43c14-ebf4-403b-8c58-492d02de0b81",
|
|
"x-misp-attribute--5aa43c26-c0ac-46b7-b67b-421902de0b81",
|
|
"x-misp-attribute--5aa43c7b-6758-4fec-8cd1-4a6102de0b81",
|
|
"x-misp-attribute--5aa43c7b-b740-446e-903c-421302de0b81",
|
|
"x-misp-attribute--5aa43c7b-b9d0-4e61-bcc1-4b8102de0b81",
|
|
"x-misp-attribute--5aa43c7b-c2a0-4b08-98e8-464302de0b81",
|
|
"x-misp-attribute--5aa43c7b-ce90-4a4e-b761-4c1802de0b81",
|
|
"x-misp-attribute--5aa43c7b-d378-4585-b20f-455202de0b81",
|
|
"x-misp-attribute--5aa43c7c-5390-409f-9ac2-435202de0b81",
|
|
"x-misp-attribute--5aa43c7c-b2b4-4dfb-97f3-475502de0b81",
|
|
"x-misp-attribute--5aa43c7c-1430-45b3-8489-469402de0b81",
|
|
"indicator--5aa43c95-e3e0-4d94-9481-4afe02de0b81",
|
|
"indicator--5aa43c96-2cb8-4b0f-9be4-40b702de0b81",
|
|
"indicator--5aa43c96-0988-4e47-9025-4d5502de0b81",
|
|
"indicator--5aa43c96-df04-4c30-9a8e-476302de0b81",
|
|
"indicator--5aa43c97-4e58-463c-980a-4dcc02de0b81",
|
|
"indicator--5aa43c97-a97c-4c31-af16-4f1602de0b81",
|
|
"indicator--5aa43c98-a020-47ff-94f3-4fa902de0b81",
|
|
"indicator--5aa43c98-1808-4f2c-ada6-474b02de0b81",
|
|
"indicator--5aa43c98-48a4-4608-a83d-460902de0b81",
|
|
"indicator--5aa43c99-02d0-49f0-92e3-4b2202de0b81",
|
|
"indicator--5aa43ca4-6a18-40e4-8fe6-49a702de0b81",
|
|
"indicator--5aa43ca4-2720-4611-b256-4d7b02de0b81",
|
|
"indicator--5aa43ca4-ff80-4124-ba0f-474002de0b81",
|
|
"indicator--5aa43ca4-dc2c-4b74-925c-4e7202de0b81",
|
|
"indicator--5aa43ca4-7138-42aa-b450-4ee902de0b81",
|
|
"indicator--5aa43ca4-ed44-4129-bb6c-410402de0b81",
|
|
"indicator--5aa43cb2-12dc-4d85-8cc9-4da102de0b81",
|
|
"indicator--5aa43cb2-f574-4a31-b58a-4d6802de0b81",
|
|
"indicator--5aa43cb3-a204-40db-aa2c-42b702de0b81",
|
|
"indicator--5aa43cb3-7e68-44ce-8f20-449702de0b81",
|
|
"indicator--5aa43cc7-d4c8-40c9-8d51-412b02de0b81",
|
|
"indicator--5aa43cc7-b114-4aca-81a6-4f8202de0b81",
|
|
"indicator--5aa43cc8-4b84-4fb2-a247-4abb02de0b81",
|
|
"indicator--5aa43cc8-b824-448e-ab9c-4fae02de0b81",
|
|
"indicator--5aa43cd5-0af4-4fd8-a42f-423402de0b81",
|
|
"indicator--5aa43cd5-034c-4fdb-95d7-4b0902de0b81",
|
|
"indicator--5aa43cd6-12ec-4347-91d9-40af02de0b81",
|
|
"indicator--5aa43cf3-0308-4a5a-bb37-475702de0b81",
|
|
"indicator--5aa43d02-80a4-4797-b7e3-430302de0b81",
|
|
"indicator--5aa43d03-0550-478f-9a06-482702de0b81",
|
|
"indicator--5aa43d03-0610-46a7-9d62-44b602de0b81",
|
|
"indicator--5aa43d04-8054-43df-8749-474f02de0b81",
|
|
"indicator--5aa43d04-bc10-4a18-a457-4a5c02de0b81",
|
|
"indicator--5aa43d05-62e4-43b5-8403-43bf02de0b81",
|
|
"indicator--5aa43d05-3020-4b87-9fd7-4b5002de0b81",
|
|
"indicator--5aa43d11-f3c0-47a4-87fe-45d702de0b81",
|
|
"indicator--5aa43d23-659c-4cbf-8ddd-406402de0b81",
|
|
"indicator--5aa43d23-a85c-41bc-86c5-467602de0b81",
|
|
"indicator--5aa43d24-d1b8-4d3e-b0f1-453c02de0b81",
|
|
"indicator--5aa43d24-5b14-496a-b6d6-487b02de0b81",
|
|
"indicator--5aa43d24-1560-40df-9ce7-439602de0b81",
|
|
"indicator--5aa43d25-77f8-4f1a-b051-422e02de0b81",
|
|
"indicator--5aa43d25-cde4-410b-9218-4a2d02de0b81",
|
|
"indicator--5aa43d26-d6e4-41b1-9308-467d02de0b81",
|
|
"indicator--5aa43d26-d448-4bd3-a55b-4d9d02de0b81",
|
|
"indicator--5aa43d34-bb64-459d-acc8-4b8302de0b81",
|
|
"indicator--5aa43d34-e254-4c60-aa40-4fa502de0b81",
|
|
"indicator--5aa43d42-ce14-4bf1-9e81-4e9802de0b81",
|
|
"indicator--5aa43d42-9420-42b2-aeca-4c0e02de0b81",
|
|
"indicator--5aa43d43-648c-4922-9c6b-451502de0b81",
|
|
"indicator--5aa43d43-cb8c-4185-bde5-434e02de0b81",
|
|
"observed-data--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"network-traffic--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"ipv4-addr--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"indicator--8f1ac29d-1dac-4bb8-b8cd-d43918109c56",
|
|
"x-misp-object--6ffffa16-5287-41a8-b0bc-1011a2f90542",
|
|
"indicator--c514a618-21cc-4848-8b7d-b32d3c2590f4",
|
|
"x-misp-object--00dc0efd-2673-4a9a-8e63-4016fae10397",
|
|
"indicator--0cf3262b-d9cd-4511-bc13-399ac4e64747",
|
|
"x-misp-object--9c7a5201-6887-49ed-8980-1b5a9e474827",
|
|
"indicator--23ae982a-dca9-4fca-944b-124be14c0c9f",
|
|
"x-misp-object--7422e526-4992-4cb4-b1b5-8d1545afa39e",
|
|
"indicator--af2d44db-3090-4ba3-b8a7-ee2d0d4258fc",
|
|
"x-misp-object--73679752-9aec-4797-b143-16fb695da756",
|
|
"indicator--4d5a2ae4-7ffb-44e5-90e0-30adb5a8f2d0",
|
|
"x-misp-object--8bce23ef-625e-4fa0-a04f-d6ea5143db09",
|
|
"indicator--a684e0aa-5fde-4266-8526-e2e4e1534034",
|
|
"x-misp-object--8d39fa5f-4b17-4163-b1c7-5d0927e8a66d",
|
|
"indicator--73a783a2-4a26-45d7-8a48-4891b2074c3e",
|
|
"x-misp-object--e37bb3f3-dff5-4ad1-baed-1dfe0cda7d7c",
|
|
"indicator--74749933-0413-4182-aa63-26f29f66d794",
|
|
"x-misp-object--e9d32494-70d3-498d-b857-0f882c3d7a90",
|
|
"relationship--e338d320-535c-44b9-96eb-4a61b258faee",
|
|
"relationship--549e4c73-4551-4532-a42e-4bda39c9bedc",
|
|
"relationship--0b3a0b68-bc5b-4dff-ac5d-7e96f597267f",
|
|
"relationship--c9ee4201-3dfe-4cff-9f24-a0f59f0f3dd4",
|
|
"relationship--87b7e9c9-5876-47ed-99e9-24b8bcc231ea",
|
|
"relationship--2401804f-4516-4847-bab2-066ef50f4f47",
|
|
"relationship--1d9249cb-b6ef-45ea-91d1-ff49486b46d4",
|
|
"relationship--43cb339c-b5b6-4d0d-88cf-b9593e511c5f",
|
|
"relationship--b94aadc8-5e23-4c09-8589-33538b7422ef"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"collaborative-intelligence:request=\"sample\"",
|
|
"estimative-language:likelihood-probability=\"very-likely\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5aa43c14-ebf4-403b-8c58-492d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:34:04.000Z",
|
|
"modified": "2018-03-10T20:34:04.000Z",
|
|
"first_observed": "2018-03-10T20:34:04Z",
|
|
"last_observed": "2018-03-10T20:34:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5aa43c14-ebf4-403b-8c58-492d02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5aa43c14-ebf4-403b-8c58-492d02de0b81",
|
|
"value": "https://www.welivesecurity.com/2018/03/09/new-traces-hacking-team-wild/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c26-c0ac-46b7-b67b-421902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:34:05.000Z",
|
|
"modified": "2018-03-10T20:34:05.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\"",
|
|
"osint:source-type=\"blog-post\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Previously unreported samples of Hacking Team\u00e2\u20ac\u2122s infamous surveillance tool \u00e2\u20ac\u201c the Remote Control System (RCS) \u00e2\u20ac\u201c are in the wild, and have been detected by ESET systems in fourteen countries.\r\n\r\nOur analysis of the samples reveals evidence suggesting that Hacking Team\u00e2\u20ac\u2122s developers themselves are actively continuing the development of this spyware.\r\nFrom Hacking Team to Hacked Team to\u00e2\u20ac\u00a6?\r\n\r\nSince being founded in 2003, the Italian spyware vendor Hacking Team gained notoriety for selling surveillance tools to governments and their agencies across the world.\r\n\r\nThe capabilities of its flagship product, the Remote Control System (RCS), include extracting files from a targeted device, intercepting emails and instant messaging, as well as remotely activating a device\u00e2\u20ac\u2122s webcam and microphone. The company has been criticized for selling these capabilities to authoritarian governments \u00e2\u20ac\u201c an allegation it has consistently denied.\r\n\r\nWhen the tables turned in July 2015, with Hacking Team itself suffering a damaging hack, the reported use of RCS by oppressive regimes was confirmed. With 400GB of internal data \u00e2\u20ac\u201c including the once-secret list of customers, internal communications, and spyware source code \u00e2\u20ac\u201c leaked online, Hacking Team was forced to request its customers to suspend all use of RCS, and was left facing an uncertain future.\r\n\r\nFollowing the hack, the security community has been keeping a close eye on the company\u00e2\u20ac\u2122s efforts to get back on its feet. The first reports suggesting Hacking Team\u00e2\u20ac\u2122s resumed operations came six months later \u00e2\u20ac\u201c a new sample of Hacking Team\u00e2\u20ac\u2122s Mac spyware was apparently in the wild. A year after the breach, an investment by a company named Tablem Limited brought changes to Hacking Team\u00e2\u20ac\u2122s shareholder structure, with Tablem Limited taking 20% of Hacking Team\u00e2\u20ac\u2122s shareholding. Tablem Limited is officially based in Cyprus; however, recent news suggests it has ties to Saudi Arabia.\r\n\r\nHaving just concluded our research into another commercial spyware product, FinFisher, two interesting events involving Hacking Team occurred in close succession \u00e2\u20ac\u201c the report about Hacking Team\u00e2\u20ac\u2122s apparent financial recovery and our discovery of a new RCS variant in the wild with a valid digital certificate."
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7b-6758-4fec-8cd1-4a6102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:00.000Z",
|
|
"modified": "2018-03-10T20:19:00.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/CrisisHT.F"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7b-b740-446e-903c-421302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:01.000Z",
|
|
"modified": "2018-03-10T20:19:01.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/CrisisHT.H"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7b-b9d0-4e61-bcc1-4b8102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:01.000Z",
|
|
"modified": "2018-03-10T20:19:01.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/CrisisHT.E"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7b-c2a0-4b08-98e8-464302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:02.000Z",
|
|
"modified": "2018-03-10T20:19:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/CrisisHT.L"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7b-ce90-4a4e-b761-4c1802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:02.000Z",
|
|
"modified": "2018-03-10T20:19:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/CrisisHT.J"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7b-d378-4585-b20f-455202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:02.000Z",
|
|
"modified": "2018-03-10T20:19:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/Agent.ZMW"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7c-5390-409f-9ac2-435202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:03.000Z",
|
|
"modified": "2018-03-10T20:19:03.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/Agent.ZMX"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7c-b2b4-4dfb-97f3-475502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:03.000Z",
|
|
"modified": "2018-03-10T20:19:03.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/Agent.ZMY"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5aa43c7c-1430-45b3-8489-469402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:04.000Z",
|
|
"modified": "2018-03-10T20:19:04.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Antivirus detection\""
|
|
],
|
|
"x_misp_category": "Antivirus detection",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Trojan.Win32/Agent.ZMZ"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c95-e3e0-4d94-9481-4afe02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:13.000Z",
|
|
"modified": "2018-03-10T20:14:13.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '2eebf9d864bef5e08e2e8abd93561322de2ab33b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c96-2cb8-4b0f-9be4-40b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:14.000Z",
|
|
"modified": "2018-03-10T20:14:14.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '51506ed3392b9e59243312b0f798c898804913db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c96-0988-4e47-9025-4d5502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:14.000Z",
|
|
"modified": "2018-03-10T20:14:14.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '61eda4847845f49689ae582391cd1e6a216a8fa3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c96-df04-4c30-9a8e-476302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:14.000Z",
|
|
"modified": "2018-03-10T20:14:14.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '68ffd64b7534843ac2c66ed68f8b82a6ec81b3e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c97-4e58-463c-980a-4dcc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:15.000Z",
|
|
"modified": "2018-03-10T20:14:15.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '6fd86649c6ca3d2a0653fd0da724bada9b6a6540']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c97-a97c-4c31-af16-4f1602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:15.000Z",
|
|
"modified": "2018-03-10T20:14:15.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '92439f659f14dac5b353b1684a4a4b848ecc70ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c98-a020-47ff-94f3-4fa902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:16.000Z",
|
|
"modified": "2018-03-10T20:14:16.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'a10ca5d8832bc2085592782bd140eb03cb31173a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c98-1808-4f2c-ada6-474b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:16.000Z",
|
|
"modified": "2018-03-10T20:14:16.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'a1c41f3dad59c9a1a126324a4612628fa174c45a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c98-48a4-4608-a83d-460902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:16.000Z",
|
|
"modified": "2018-03-10T20:14:16.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'b7229303d71b500157fa668cece7411628d196e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43c99-02d0-49f0-92e3-4b2202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:17.000Z",
|
|
"modified": "2018-03-10T20:14:17.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'eede2e3fa512a0b1ac8230156256fc7d4386eb24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43ca4-6a18-40e4-8fe6-49a702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:28.000Z",
|
|
"modified": "2018-03-10T20:14:28.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.154.153.223']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43ca4-2720-4611-b256-4d7b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:05.000Z",
|
|
"modified": "2018-03-10T20:19:05.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.243.101.125']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43ca4-ff80-4124-ba0f-474002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:05.000Z",
|
|
"modified": "2018-03-10T20:19:05.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.235.133.23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43ca4-dc2c-4b74-925c-4e7202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:06.000Z",
|
|
"modified": "2018-03-10T20:19:06.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.243.101.124']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43ca4-7138-42aa-b450-4ee902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:06.000Z",
|
|
"modified": "2018-03-10T20:19:06.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.110.167.74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43ca4-ed44-4129-bb6c-410402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:28.000Z",
|
|
"modified": "2018-03-10T20:14:28.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.154.153.223']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cb2-12dc-4d85-8cc9-4da102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:42.000Z",
|
|
"modified": "2018-03-10T20:14:42.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '341dbcb6d17a3bc7fa813367414b023309eb69c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cb2-f574-4a31-b58a-4d6802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:42.000Z",
|
|
"modified": "2018-03-10T20:14:42.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '86fad7c362a45097823220b77dcc30fb5671d6d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cb3-a204-40db-aa2c-42b702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:43.000Z",
|
|
"modified": "2018-03-10T20:14:43.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '9dfc7e78892a9f18d2d15adbfa52cda379ddd963']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cb3-7e68-44ce-8f20-449702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:14:43.000Z",
|
|
"modified": "2018-03-10T20:14:43.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'e8f6b7d10b90ad64f976c3bfb4c822cb1a3c34b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:14:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cc7-d4c8-40c9-8d51-412b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:07.000Z",
|
|
"modified": "2018-03-10T20:19:07.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.166.244.225']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cc7-b114-4aca-81a6-4f8202de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:07.000Z",
|
|
"modified": "2018-03-10T20:19:07.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.33.108.172']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cc8-4b84-4fb2-a247-4abb02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:08.000Z",
|
|
"modified": "2018-03-10T20:19:08.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.79.186.40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cc8-b824-448e-ab9c-4fae02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:08.000Z",
|
|
"modified": "2018-03-10T20:19:08.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.236.149.166']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cd5-0af4-4fd8-a42f-423402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:15:17.000Z",
|
|
"modified": "2018-03-10T20:15:17.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '27f4287e1a5348714a308e9175fb9486d95815a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:15:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cd5-034c-4fdb-95d7-4b0902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:15:17.000Z",
|
|
"modified": "2018-03-10T20:15:17.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '71a68c6140d066ca016efa9087d71f141e9e2806']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:15:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cd6-12ec-4347-91d9-40af02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:15:18.000Z",
|
|
"modified": "2018-03-10T20:15:18.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'dc817f86c1282382a1c21f64700b79fcd064ae5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:15:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43cf3-0308-4a5a-bb37-475702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:09.000Z",
|
|
"modified": "2018-03-10T20:19:09.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.226.170.222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d02-80a4-4797-b7e3-430302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:02.000Z",
|
|
"modified": "2018-03-10T20:16:02.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '508f935344d95ffe9e7aedff726264a9b500b854']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d03-0550-478f-9a06-482702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:03.000Z",
|
|
"modified": "2018-03-10T20:16:03.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '7cc213a26f8df47ddd252365fadbb9cca611be20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d03-0610-46a7-9d62-44b602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:03.000Z",
|
|
"modified": "2018-03-10T20:16:03.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '98a98bbb488b6a6737b12344b7db1acf0b92932a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d04-8054-43df-8749-474f02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:04.000Z",
|
|
"modified": "2018-03-10T20:16:04.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'cd29b37272f8222e19089205975ac7798aac7487']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d04-bc10-4a18-a457-4a5c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:04.000Z",
|
|
"modified": "2018-03-10T20:16:04.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'd21fe0171f662268ca87d4e142aedfbe6026680b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d05-62e4-43b5-8403-43bf02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:05.000Z",
|
|
"modified": "2018-03-10T20:16:05.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '5bf1742d540f08a187b571c3bf2aeb64f141c4ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d05-3020-4b87-9fd7-4b5002de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:05.000Z",
|
|
"modified": "2018-03-10T20:16:05.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '854600b2e42bd45acea9a9114747864be002bf0b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d11-f3c0-47a4-87fe-45d702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:10.000Z",
|
|
"modified": "2018-03-10T20:19:10.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.165.236.62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d23-659c-4cbf-8ddd-406402de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:35.000Z",
|
|
"modified": "2018-03-10T20:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '4ac42c9a479b34302e1199762459b5e775eec037']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d23-a85c-41bc-86c5-467602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:35.000Z",
|
|
"modified": "2018-03-10T20:16:35.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '2059e2a90744611c7764c3b1c7dcf673bb36f7ab']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d24-d1b8-4d3e-b0f1-453c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:36.000Z",
|
|
"modified": "2018-03-10T20:16:36.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'b5fb3147b43b5fe66da4c50463037c638e99fb41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d24-5b14-496a-b6d6-487b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:36.000Z",
|
|
"modified": "2018-03-10T20:16:36.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '9cd2ff4157e4028c58cef9372d3bb99b8f2077ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d24-1560-40df-9ce7-439602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:36.000Z",
|
|
"modified": "2018-03-10T20:16:36.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'b23046f40fbc931b364888a7bc426b56b186d60e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d25-77f8-4f1a-b051-422e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:37.000Z",
|
|
"modified": "2018-03-10T20:16:37.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'cc209f9456f0a2c5a17e2823bdb1654789fcadc8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d25-cde4-410b-9218-4a2d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:37.000Z",
|
|
"modified": "2018-03-10T20:16:37.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '99c978219fe49e55441e11db0d1df4bda932e021']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d26-d6e4-41b1-9308-467d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:38.000Z",
|
|
"modified": "2018-03-10T20:16:38.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'e85c2eab4c9eea8d0c99e58199f313ca4e1d1735']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d26-d448-4bd3-a55b-4d9d02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:16:38.000Z",
|
|
"modified": "2018-03-10T20:16:38.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '141d126d41f1a779dca69dd09640aa125afed15a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:16:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d34-bb64-459d-acc8-4b8302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:10.000Z",
|
|
"modified": "2018-03-10T20:19:10.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.175.54.209']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d34-e254-4c60-aa40-4fa502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:11.000Z",
|
|
"modified": "2018-03-10T20:19:11.000Z",
|
|
"description": "C&C",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.175.54.228']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d42-ce14-4bf1-9e81-4e9802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:17:06.000Z",
|
|
"modified": "2018-03-10T20:17:06.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'baa53ddba627f2c38b26298d348ca2e1a31be52e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:17:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d42-9420-42b2-aeca-4c0e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:17:06.000Z",
|
|
"modified": "2018-03-10T20:17:06.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '5690a51384661602cd796e53229872ff87ab8aa4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:17:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d43-648c-4922-9c6b-451502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:17:07.000Z",
|
|
"modified": "2018-03-10T20:17:07.000Z",
|
|
"pattern": "[file:hashes.SHA1 = 'aa2a408fcaa5c86d2972150fc8dd3ad3422f807a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:17:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5aa43d43-cb8c-4185-bde5-434e02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:17:07.000Z",
|
|
"modified": "2018-03-10T20:17:07.000Z",
|
|
"pattern": "[file:hashes.SHA1 = '83503513a76f82c8718fad763f63fcd349b8b7fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:17:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:11.000Z",
|
|
"modified": "2018-03-10T20:19:11.000Z",
|
|
"first_observed": "2018-03-10T20:19:11Z",
|
|
"last_observed": "2018-03-10T20:19:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"ipv4-addr--5aa43d53-26e0-455d-80aa-4bb802de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"dst_ref": "ipv4-addr--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5aa43d53-26e0-455d-80aa-4bb802de0b81",
|
|
"value": "172.16.1.206"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--8f1ac29d-1dac-4bb8-b8cd-d43918109c56",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:15.000Z",
|
|
"modified": "2018-03-10T20:19:15.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e56c0bb65c68e89921b4a8348976a0e9' AND file:hashes.SHA1 = 'cd29b37272f8222e19089205975ac7798aac7487' AND file:hashes.SHA256 = '23bd1bd8124b07092e4ff894af2c7a892ea5c05a89daf4d9d39e18be7d098b3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--6ffffa16-5287-41a8-b0bc-1011a2f90542",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:13.000Z",
|
|
"modified": "2018-03-10T20:19:13.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/23bd1bd8124b07092e4ff894af2c7a892ea5c05a89daf4d9d39e18be7d098b3f/analysis/1520698055/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dc1-c88c-4353-8bdb-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "27/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc2-e724-4f6d-bd9b-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:07:35",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc2-c94c-48d5-8ee2-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--c514a618-21cc-4848-8b7d-b32d3c2590f4",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:17.000Z",
|
|
"modified": "2018-03-10T20:19:17.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f3001d31503a2c610a6c490c24e87aba' AND file:hashes.SHA1 = 'aa2a408fcaa5c86d2972150fc8dd3ad3422f807a' AND file:hashes.SHA256 = 'de4906e8e68e5b74dad0bcfa8b9950f64adea9c38b4d0f122bdf2c561cd080f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--00dc0efd-2673-4a9a-8e63-4016fae10397",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:15.000Z",
|
|
"modified": "2018-03-10T20:19:15.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/de4906e8e68e5b74dad0bcfa8b9950f64adea9c38b4d0f122bdf2c561cd080f8/analysis/1520698380/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dc4-0a24-4cdc-a716-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "18/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc4-aa2c-40f2-965e-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:13:00",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc4-89e0-4b9d-a7a2-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--0cf3262b-d9cd-4511-bc13-399ac4e64747",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:19.000Z",
|
|
"modified": "2018-03-10T20:19:19.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c0618556e9ef16b35b042bc29aeb9291' AND file:hashes.SHA1 = '61eda4847845f49689ae582391cd1e6a216a8fa3' AND file:hashes.SHA256 = 'd485eaaed66a97822fd8b3317d2d61df50c1e1647ad37d6f42805b11eac37746']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--9c7a5201-6887-49ed-8980-1b5a9e474827",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:18.000Z",
|
|
"modified": "2018-03-10T20:19:18.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d485eaaed66a97822fd8b3317d2d61df50c1e1647ad37d6f42805b11eac37746/analysis/1520697613/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dc6-37ec-420a-bc0e-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "15/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc6-a180-4d4d-ae82-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:00:13",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc6-f194-4f02-b168-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--23ae982a-dca9-4fca-944b-124be14c0c9f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:22.000Z",
|
|
"modified": "2018-03-10T20:19:22.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2612c832ffebbdb7dab7e5b8d1905390' AND file:hashes.SHA1 = '5690a51384661602cd796e53229872ff87ab8aa4' AND file:hashes.SHA256 = '60a3fb6c7e520bd27a218feda00d45383bf937eb43de823b0c3247cd1959e2ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--7422e526-4992-4cb4-b1b5-8d1545afa39e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:20.000Z",
|
|
"modified": "2018-03-10T20:19:20.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/60a3fb6c7e520bd27a218feda00d45383bf937eb43de823b0c3247cd1959e2ee/analysis/1520698295/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dc8-c858-4bcb-93dc-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "21/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc9-31dc-4708-85d0-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:11:35",
|
|
"category": "Other",
|
|
"uuid": "5aa43dc9-7948-419f-b795-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--af2d44db-3090-4ba3-b8a7-ee2d0d4258fc",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:25.000Z",
|
|
"modified": "2018-03-10T20:19:25.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8f56458f3fb710c4c1d103e7e9951703' AND file:hashes.SHA1 = 'baa53ddba627f2c38b26298d348ca2e1a31be52e' AND file:hashes.SHA256 = 'd632340e513002dce71b8427dc5cb3c2bda0432ca0a64112b023545bc33fcfc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--73679752-9aec-4797-b143-16fb695da756",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:23.000Z",
|
|
"modified": "2018-03-10T20:19:23.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d632340e513002dce71b8427dc5cb3c2bda0432ca0a64112b023545bc33fcfc0/analysis/1520698270/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dcb-12f0-41e5-9a7a-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dcc-b1b0-4e41-8e7f-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:11:10",
|
|
"category": "Other",
|
|
"uuid": "5aa43dcc-b1dc-4d6b-a745-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--4d5a2ae4-7ffb-44e5-90e0-30adb5a8f2d0",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:27.000Z",
|
|
"modified": "2018-03-10T20:19:27.000Z",
|
|
"pattern": "[file:hashes.MD5 = '80eab4d4b117ef420fe9cdd63d6a9b99' AND file:hashes.SHA1 = 'e85c2eab4c9eea8d0c99e58199f313ca4e1d1735' AND file:hashes.SHA256 = '7ad11df43e76e61bde4ef6b7357cf0ce51363fda911e7504a5b3e45051249dd7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8bce23ef-625e-4fa0-a04f-d6ea5143db09",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:26.000Z",
|
|
"modified": "2018-03-10T20:19:26.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/7ad11df43e76e61bde4ef6b7357cf0ce51363fda911e7504a5b3e45051249dd7/analysis/1520698195/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dce-4538-4ac9-9e50-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "37/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dce-5434-4583-9e21-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:09:55",
|
|
"category": "Other",
|
|
"uuid": "5aa43dce-1ea8-40e5-b94e-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--a684e0aa-5fde-4266-8526-e2e4e1534034",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:30.000Z",
|
|
"modified": "2018-03-10T20:19:30.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd6ca39fef03cf67f8ddc2a560874d80d' AND file:hashes.SHA1 = '71a68c6140d066ca016efa9087d71f141e9e2806' AND file:hashes.SHA256 = '2d839ea7a0e0b371b40401c521d9253a9bc969855c36a1a0275bff599d683123']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--8d39fa5f-4b17-4163-b1c7-5d0927e8a66d",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:28.000Z",
|
|
"modified": "2018-03-10T20:19:28.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/2d839ea7a0e0b371b40401c521d9253a9bc969855c36a1a0275bff599d683123/analysis/1520697957/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dd0-b910-48fe-ab56-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "40/64",
|
|
"category": "Other",
|
|
"uuid": "5aa43dd0-bc10-4b59-8555-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:05:57",
|
|
"category": "Other",
|
|
"uuid": "5aa43dd1-9870-4cae-bee5-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--73a783a2-4a26-45d7-8a48-4891b2074c3e",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:32.000Z",
|
|
"modified": "2018-03-10T20:19:32.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6f5c89473c9e6baf741629549ec52fe1' AND file:hashes.SHA1 = '99c978219fe49e55441e11db0d1df4bda932e021' AND file:hashes.SHA256 = 'd828682e72ea7953a3b62d2a7d97f69b6087595b82fb8df1e75ef66ddbd52bb9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e37bb3f3-dff5-4ad1-baed-1dfe0cda7d7c",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:30.000Z",
|
|
"modified": "2018-03-10T20:19:30.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/d828682e72ea7953a3b62d2a7d97f69b6087595b82fb8df1e75ef66ddbd52bb9/analysis/1520698181/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dd2-4aa8-4857-bb26-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "38/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dd3-e060-4efe-b6f3-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T16:09:41",
|
|
"category": "Other",
|
|
"uuid": "5aa43dd3-4a78-4345-8f53-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--74749933-0413-4182-aa63-26f29f66d794",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7f1f9fa306c2e71ecb96daefafadc6e3' AND file:hashes.SHA1 = '83503513a76f82c8718fad763f63fcd349b8b7fc' AND file:hashes.SHA256 = 'e785eac2917af3f1a5bdd8c3a2210588c7ac4ab3cd0c168938f526cbd823aa27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2018-03-10T20:19:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "file"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:name=\"file\"",
|
|
"misp:meta-category=\"file\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-object",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-object--e9d32494-70d3-498d-b857-0f882c3d7a90",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2018-03-10T20:19:32.000Z",
|
|
"modified": "2018-03-10T20:19:32.000Z",
|
|
"labels": [
|
|
"misp:name=\"virustotal-report\"",
|
|
"misp:meta-category=\"misc\""
|
|
],
|
|
"x_misp_attributes": [
|
|
{
|
|
"type": "link",
|
|
"object_relation": "permalink",
|
|
"value": "https://www.virustotal.com/file/e785eac2917af3f1a5bdd8c3a2210588c7ac4ab3cd0c168938f526cbd823aa27/analysis/1520701204/",
|
|
"category": "External analysis",
|
|
"uuid": "5aa43dd5-3738-43f3-856a-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "text",
|
|
"object_relation": "detection-ratio",
|
|
"value": "19/67",
|
|
"category": "Other",
|
|
"uuid": "5aa43dd5-d4ec-426a-8ec9-5a3902de0b81"
|
|
},
|
|
{
|
|
"type": "datetime",
|
|
"object_relation": "last-submission",
|
|
"value": "2018-03-10T17:00:04",
|
|
"category": "Other",
|
|
"uuid": "5aa43dd5-2360-45ea-b7ec-5a3902de0b81"
|
|
}
|
|
],
|
|
"x_misp_meta_category": "misc",
|
|
"x_misp_name": "virustotal-report"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--e338d320-535c-44b9-96eb-4a61b258faee",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--8f1ac29d-1dac-4bb8-b8cd-d43918109c56",
|
|
"target_ref": "x-misp-object--6ffffa16-5287-41a8-b0bc-1011a2f90542"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--549e4c73-4551-4532-a42e-4bda39c9bedc",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--c514a618-21cc-4848-8b7d-b32d3c2590f4",
|
|
"target_ref": "x-misp-object--00dc0efd-2673-4a9a-8e63-4016fae10397"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--0b3a0b68-bc5b-4dff-ac5d-7e96f597267f",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--0cf3262b-d9cd-4511-bc13-399ac4e64747",
|
|
"target_ref": "x-misp-object--9c7a5201-6887-49ed-8980-1b5a9e474827"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--c9ee4201-3dfe-4cff-9f24-a0f59f0f3dd4",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--23ae982a-dca9-4fca-944b-124be14c0c9f",
|
|
"target_ref": "x-misp-object--7422e526-4992-4cb4-b1b5-8d1545afa39e"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--87b7e9c9-5876-47ed-99e9-24b8bcc231ea",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--af2d44db-3090-4ba3-b8a7-ee2d0d4258fc",
|
|
"target_ref": "x-misp-object--73679752-9aec-4797-b143-16fb695da756"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--2401804f-4516-4847-bab2-066ef50f4f47",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--4d5a2ae4-7ffb-44e5-90e0-30adb5a8f2d0",
|
|
"target_ref": "x-misp-object--8bce23ef-625e-4fa0-a04f-d6ea5143db09"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--1d9249cb-b6ef-45ea-91d1-ff49486b46d4",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--a684e0aa-5fde-4266-8526-e2e4e1534034",
|
|
"target_ref": "x-misp-object--8d39fa5f-4b17-4163-b1c7-5d0927e8a66d"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--43cb339c-b5b6-4d0d-88cf-b9593e511c5f",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--73a783a2-4a26-45d7-8a48-4891b2074c3e",
|
|
"target_ref": "x-misp-object--e37bb3f3-dff5-4ad1-baed-1dfe0cda7d7c"
|
|
},
|
|
{
|
|
"type": "relationship",
|
|
"spec_version": "2.1",
|
|
"id": "relationship--b94aadc8-5e23-4c09-8589-33538b7422ef",
|
|
"created": "2018-03-10T20:19:34.000Z",
|
|
"modified": "2018-03-10T20:19:34.000Z",
|
|
"relationship_type": "analysed-with",
|
|
"source_ref": "indicator--74749933-0413-4182-aa63-26f29f66d794",
|
|
"target_ref": "x-misp-object--e9d32494-70d3-498d-b857-0f882c3d7a90"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |