1007 lines
No EOL
40 KiB
JSON
1007 lines
No EOL
40 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--54e1a3f3-be8c-4840-88ce-f2d9950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:17:55.000Z",
|
|
"modified": "2015-02-16T08:17:55.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--54e1a3f3-be8c-4840-88ce-f2d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:17:55.000Z",
|
|
"modified": "2015-02-16T08:17:55.000Z",
|
|
"name": "OSINT MSRT February update from Microsoft",
|
|
"published": "2015-02-16T09:26:16Z",
|
|
"object_refs": [
|
|
"observed-data--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
|
|
"url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
|
|
"indicator--54e1a42f-d028-4fda-ab40-4a72950d210b",
|
|
"indicator--54e1a42f-8168-4254-ac41-4968950d210b",
|
|
"indicator--54e1a42f-d668-4806-9d14-4f42950d210b",
|
|
"indicator--54e1a42f-fbe0-41f8-a0c8-439b950d210b",
|
|
"indicator--54e1a42f-88c8-490f-b24f-4cd5950d210b",
|
|
"indicator--54e1a42f-d918-4c44-b106-4a5c950d210b",
|
|
"indicator--54e1a430-5cf0-4c2f-959b-4d51950d210b",
|
|
"indicator--54e1a430-7e34-4f23-bda3-425c950d210b",
|
|
"x-misp-attribute--54e1a472-d4f8-43eb-89af-20b7950d210b",
|
|
"x-misp-attribute--54e1a472-ec94-484f-9bea-20b7950d210b",
|
|
"observed-data--54e1a49e-d43c-4564-9b46-f2d9950d210b",
|
|
"url--54e1a49e-d43c-4564-9b46-f2d9950d210b",
|
|
"observed-data--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
|
|
"url--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
|
|
"indicator--54e1a4d1-4284-43c9-a77a-fae5950d210b",
|
|
"indicator--54e1a4d1-48d4-49d8-864a-fae5950d210b",
|
|
"indicator--54e1a4d1-ad7c-4595-a65c-fae5950d210b",
|
|
"indicator--54e1a4d1-9748-4092-978b-fae5950d210b",
|
|
"indicator--54e1a4d1-21c0-404f-b2d2-fae5950d210b",
|
|
"indicator--54e1a4d2-9554-44d8-9496-fae5950d210b",
|
|
"indicator--54e1a4d2-d004-4aef-b376-fae5950d210b",
|
|
"indicator--54e1a4d2-42d0-4147-b45a-fae5950d210b",
|
|
"indicator--54e1a4d2-56bc-4405-9c3e-fae5950d210b",
|
|
"indicator--54e1a4d2-1998-4bee-abae-fae5950d210b",
|
|
"x-misp-attribute--54e1a5d3-e2b4-498d-ac48-40c3950d210b",
|
|
"x-misp-attribute--54e1a5df-cfdc-4928-af6f-fae5950d210b",
|
|
"indicator--54e1a66d-d5bc-4f3b-afad-dadf950d210b",
|
|
"indicator--54e1a66d-5a08-45f2-8d7e-dadf950d210b",
|
|
"indicator--54e1a66d-6da8-4100-956c-dadf950d210b",
|
|
"indicator--54e1a66d-a538-40a0-9882-dadf950d210b",
|
|
"x-misp-attribute--54e1a67b-cf10-473d-803a-4753950d210b",
|
|
"indicator--54e1a6aa-88b0-4aef-ad0b-430e950d210b",
|
|
"indicator--54e1a6aa-ea00-4864-9e3b-4b7a950d210b",
|
|
"indicator--54e1a6aa-06c8-4e4f-8d50-4e61950d210b",
|
|
"indicator--54e1a6ed-0db0-41ab-b75b-20b7950d210b",
|
|
"indicator--54e1a70f-2744-46bd-b771-426c950d210b",
|
|
"observed-data--54e1a73f-bafc-4cc7-8141-9107950d210b",
|
|
"url--54e1a73f-bafc-4cc7-8141-9107950d210b",
|
|
"observed-data--54e1a73f-1158-4659-901c-9107950d210b",
|
|
"url--54e1a73f-1158-4659-901c-9107950d210b",
|
|
"observed-data--54e1a73f-97fc-4ceb-8345-9107950d210b",
|
|
"url--54e1a73f-97fc-4ceb-8345-9107950d210b",
|
|
"indicator--54e1a7b3-bc64-4713-be9c-4c95950d210b",
|
|
"indicator--54e1a7b3-7460-4a04-afb5-45eb950d210b"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:04:19.000Z",
|
|
"modified": "2015-02-16T08:04:19.000Z",
|
|
"first_observed": "2015-02-16T08:04:19Z",
|
|
"last_observed": "2015-02-16T08:04:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54e1a3fb-87a8-4d4c-87e7-f2d9950d210b",
|
|
"value": "http://blogs.technet.com/b/mmpc/archive/2015/02/10/msrt-february-escad-and-nukesped.aspx"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a42f-d028-4fda-ab40-4a72950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'ansi.nls']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a42f-8168-4254-ac41-4968950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'dayipmr.tbl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a42f-d668-4806-9d14-4f42950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'netmonsvc.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a42f-fbe0-41f8-a0c8-439b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'pmsconfig.msi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a42f-88c8-490f-b24f-4cd5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'pmslog.msi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a42f-d918-4c44-b106-4a5c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'rdmgr.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a430-5cf0-4c2f-959b-4d51950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'remoteevtmanager.dll']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a430-7e34-4f23-bda3-425c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:03:49.000Z",
|
|
"modified": "2015-02-16T08:03:49.000Z",
|
|
"description": "Escad",
|
|
"pattern": "[file:name = 'tmscompg.msi']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:03:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54e1a472-d4f8-43eb-89af-20b7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:04:02.000Z",
|
|
"modified": "2015-02-16T08:04:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Escad"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54e1a472-ec94-484f-9bea-20b7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:04:02.000Z",
|
|
"modified": "2015-02-16T08:04:02.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Nukesped"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54e1a49e-d43c-4564-9b46-f2d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:04:46.000Z",
|
|
"modified": "2015-02-16T08:04:46.000Z",
|
|
"first_observed": "2015-02-16T08:04:46Z",
|
|
"last_observed": "2015-02-16T08:04:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54e1a49e-d43c-4564-9b46-f2d9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54e1a49e-d43c-4564-9b46-f2d9950d210b",
|
|
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/Jinupd"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:04:46.000Z",
|
|
"modified": "2015-02-16T08:04:46.000Z",
|
|
"first_observed": "2015-02-16T08:04:46Z",
|
|
"last_observed": "2015-02-16T08:04:46Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54e1a49e-04d8-4a50-b68a-f2d9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54e1a49e-04d8-4a50-b68a-f2d9950d210b",
|
|
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32/NukeSped"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d1-4284-43c9-a77a-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:37.000Z",
|
|
"modified": "2015-02-16T08:05:37.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'comon32.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d1-48d4-49d8-864a-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:37.000Z",
|
|
"modified": "2015-02-16T08:05:37.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'diskpartmg16.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d1-ad7c-4595-a65c-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:37.000Z",
|
|
"modified": "2015-02-16T08:05:37.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'dpnsvr16.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d1-9748-4092-978b-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:37.000Z",
|
|
"modified": "2015-02-16T08:05:37.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'expandmn32.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d1-21c0-404f-b2d2-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:37.000Z",
|
|
"modified": "2015-02-16T08:05:37.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'hwrcompsvc64.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d2-9554-44d8-9496-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:38.000Z",
|
|
"modified": "2015-02-16T08:05:38.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'mobsynclm64.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d2-d004-4aef-b376-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:38.000Z",
|
|
"modified": "2015-02-16T08:05:38.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'rdpshellex32.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d2-42d0-4147-b45a-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:38.000Z",
|
|
"modified": "2015-02-16T08:05:38.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'recdiscm32.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d2-56bc-4405-9c3e-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:38.000Z",
|
|
"modified": "2015-02-16T08:05:38.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'taskchg16.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a4d2-1998-4bee-abae-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:05:38.000Z",
|
|
"modified": "2015-02-16T08:05:38.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'taskhosts64.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:05:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54e1a5d3-e2b4-498d-ac48-40c3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:09:55.000Z",
|
|
"modified": "2015-02-16T08:09:55.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Seems to be related to Sony hack based on the screenshots on the february update page"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54e1a5df-cfdc-4928-af6f-fae5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:10:07.000Z",
|
|
"modified": "2015-02-16T08:10:07.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a66d-d5bc-4f3b-afad-dadf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:12:29.000Z",
|
|
"modified": "2015-02-16T08:12:29.000Z",
|
|
"description": "Jinupd",
|
|
"pattern": "[domain-name:value = 'dailygiftclub.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:12:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a66d-5a08-45f2-8d7e-dadf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:12:29.000Z",
|
|
"modified": "2015-02-16T08:12:29.000Z",
|
|
"description": "Jinupd",
|
|
"pattern": "[domain-name:value = 'dailygiftclub1.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:12:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a66d-6da8-4100-956c-dadf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:12:29.000Z",
|
|
"modified": "2015-02-16T08:12:29.000Z",
|
|
"description": "Jinupd",
|
|
"pattern": "[domain-name:value = 'priv8darkshop.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:12:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a66d-a538-40a0-9882-dadf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:12:29.000Z",
|
|
"modified": "2015-02-16T08:12:29.000Z",
|
|
"description": "Jinupd",
|
|
"pattern": "[domain-name:value = 'sopvps.hk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:12:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--54e1a67b-cf10-473d-803a-4753950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:12:43.000Z",
|
|
"modified": "2015-02-16T08:12:43.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Jinupd"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a6aa-88b0-4aef-ad0b-430e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:13:51.000Z",
|
|
"modified": "2015-02-16T08:13:51.000Z",
|
|
"description": "Jinupd",
|
|
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\java se platform updater\\\\jusched.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:13:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a6aa-ea00-4864-9e3b-4b7a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:13:51.000Z",
|
|
"modified": "2015-02-16T08:13:51.000Z",
|
|
"description": "Jinupd",
|
|
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\java platform updater\\\\jusched.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:13:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a6aa-06c8-4e4f-8d50-4e61950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:13:51.000Z",
|
|
"modified": "2015-02-16T08:13:51.000Z",
|
|
"description": "Jinupd",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\%\\\\svchost.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:13:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a6ed-0db0-41ab-b75b-20b7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:14:37.000Z",
|
|
"modified": "2015-02-16T08:14:37.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = '\\\\%TEMP\\\\% \\\\usbdrv3.sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:14:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a70f-2744-46bd-b771-426c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:15:11.000Z",
|
|
"modified": "2015-02-16T08:15:11.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = '\\\\%windir\\\\% \\\\iissvr.exe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:15:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54e1a73f-bafc-4cc7-8141-9107950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:15:59.000Z",
|
|
"modified": "2015-02-16T08:15:59.000Z",
|
|
"first_observed": "2015-02-16T08:15:59Z",
|
|
"last_observed": "2015-02-16T08:15:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54e1a73f-bafc-4cc7-8141-9107950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54e1a73f-bafc-4cc7-8141-9107950d210b",
|
|
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.C!dha"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54e1a73f-1158-4659-901c-9107950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:15:59.000Z",
|
|
"modified": "2015-02-16T08:15:59.000Z",
|
|
"first_observed": "2015-02-16T08:15:59Z",
|
|
"last_observed": "2015-02-16T08:15:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54e1a73f-1158-4659-901c-9107950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54e1a73f-1158-4659-901c-9107950d210b",
|
|
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.B!dha"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--54e1a73f-97fc-4ceb-8345-9107950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:15:59.000Z",
|
|
"modified": "2015-02-16T08:15:59.000Z",
|
|
"first_observed": "2015-02-16T08:15:59Z",
|
|
"last_observed": "2015-02-16T08:15:59Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--54e1a73f-97fc-4ceb-8345-9107950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--54e1a73f-97fc-4ceb-8345-9107950d210b",
|
|
"value": "http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan:Win32/NukeSped.A!dha"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a7b3-bc64-4713-be9c-4c95950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:17:55.000Z",
|
|
"modified": "2015-02-16T08:17:55.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'usbdrv3_32bit.sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--54e1a7b3-7460-4a04-afb5-45eb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-02-16T08:17:55.000Z",
|
|
"modified": "2015-02-16T08:17:55.000Z",
|
|
"description": "NukeSped",
|
|
"pattern": "[file:name = 'usbdrv3_64bit.sys']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-02-16T08:17:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"filename\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:GREEN",
|
|
"definition": {
|
|
"tlp": "green"
|
|
}
|
|
}
|
|
]
|
|
} |