adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/55014406-fd90-4fc1-a814-4638950d210b.json

1105 lines
No EOL
44 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--55014406-fd90-4fc1-a814-4638950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:04:34.000Z",
"modified": "2015-03-12T08:04:34.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--55014406-fd90-4fc1-a814-4638950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:04:34.000Z",
"modified": "2015-03-12T08:04:34.000Z",
"name": "OSINT Tibetan Uprising Day Malware Attacks by Citizen Labs",
"published": "2015-03-12T08:30:18Z",
"object_refs": [
"observed-data--55014411-d4cc-4047-bc11-4dd5950d210b",
"url--55014411-d4cc-4047-bc11-4dd5950d210b",
"indicator--5501442f-79a8-4594-a548-310e950d210b",
"vulnerability--55014445-9d54-4f18-a108-4f7f950d210b",
"indicator--5501445e-a540-44d5-801d-4c2c950d210b",
"indicator--55014472-b0d8-48fe-800e-ca98950d210b",
"indicator--55014472-1174-4e76-838f-ca98950d210b",
"indicator--5501448d-2ed8-43ef-8476-492b950d210b",
"indicator--550144a0-0f58-4165-94d0-48f2950d210b",
"x-misp-attribute--550144aa-d8d4-43f4-b4cc-45f2950d210b",
"indicator--550144c6-705c-4176-a9aa-9778950d210b",
"observed-data--550144d5-fc14-4bf8-a9af-4fe8950d210b",
"url--550144d5-fc14-4bf8-a9af-4fe8950d210b",
"indicator--550145af-46c8-4980-8fab-ca98950d210b",
"indicator--550145af-1cd8-4470-bddc-ca98950d210b",
"indicator--550145af-1448-4610-9e15-ca98950d210b",
"x-misp-attribute--550145c6-f97c-4ba4-aa09-9778950d210b",
"indicator--550145ec-ddf8-4a02-b69f-49fb950d210b",
"indicator--550145ed-a194-4be4-ae2d-49c2950d210b",
"indicator--550145ed-4940-425d-8b3d-4532950d210b",
"indicator--55014604-fde8-40d8-a01a-9778950d210b",
"indicator--5501461f-b418-4dc1-a388-ca98950d210b",
"observed-data--55014634-3e34-4ce2-94d9-4d15950d210b",
"autonomous-system--55014634-3e34-4ce2-94d9-4d15950d210b",
"x-misp-attribute--55014660-9d28-4cca-98bc-4cb7950d210b",
"indicator--5501466b-005c-467a-9862-47c4950d210b",
"indicator--5501468b-374c-4fec-a0d3-4a94950d210b",
"indicator--5501468b-2338-4833-bb8e-456d950d210b",
"indicator--5501468b-4f98-4f19-a158-435a950d210b",
"indicator--550146d0-f174-4578-a83d-ca98950d210b",
"indicator--5501471c-d41c-4568-91e3-41ad950d210b",
"indicator--5501471c-4798-4566-a48c-48ad950d210b",
"indicator--5501471c-1f40-458f-8f17-40f5950d210b",
"indicator--5501471c-58e8-47c0-9fe2-48dc950d210b",
"indicator--5501471c-f594-446e-9879-4b61950d210b",
"indicator--5501471c-51cc-4abf-b1d9-4f6e950d210b",
"indicator--55014746-35d0-487a-9f31-4410950d210b",
"indicator--55014746-0bb8-43fe-98a9-4058950d210b",
"indicator--55014746-1458-4bcd-aabf-4688950d210b",
"indicator--5501479d-ffe8-4bdf-b1ba-0959950d210b",
"indicator--5501479d-07b8-45b9-aaf3-0959950d210b",
"indicator--550147c2-aeb8-44cc-84eb-4c8f950d210b",
"indicator--550147c2-ef78-4730-9051-4e54950d210b",
"indicator--550147c2-f8e0-49e2-ac9f-4140950d210b",
"indicator--550147f4-84c0-4e82-bc24-0955950d210b",
"indicator--550147f5-6850-4f1d-9a7f-0955950d210b",
"indicator--550147f5-3fa4-48f9-ac44-0955950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55014411-d4cc-4047-bc11-4dd5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:45:21.000Z",
"modified": "2015-03-12T07:45:21.000Z",
"first_observed": "2015-03-12T07:45:21Z",
"last_observed": "2015-03-12T07:45:21Z",
"number_observed": 1,
"object_refs": [
"url--55014411-d4cc-4047-bc11-4dd5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55014411-d4cc-4047-bc11-4dd5950d210b",
"value": "https://citizenlab.org/2015/03/tibetan-uprising-day-malware-attacks/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501442f-79a8-4594-a548-310e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:45:51.000Z",
"modified": "2015-03-12T07:45:51.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = '10th March.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:45:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--55014445-9d54-4f18-a108-4f7f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:46:13.000Z",
"modified": "2015-03-12T07:46:13.000Z",
"name": "CVE-2012-0158",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2012-0158"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501445e-a540-44d5-801d-4c2c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:59:57.000Z",
"modified": "2015-03-12T07:59:57.000Z",
"description": "MsAttacker",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.117.152']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014472-b0d8-48fe-800e-ca98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:46:58.000Z",
"modified": "2015-03-12T07:46:58.000Z",
"pattern": "[url:value = 'http://122.10.117.152/download/ms/MiniJs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:46:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014472-1174-4e76-838f-ca98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:46:58.000Z",
"modified": "2015-03-12T07:46:58.000Z",
"pattern": "[url:value = '/download/ms/MiniJs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:46:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501448d-2ed8-43ef-8476-492b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:47:25.000Z",
"modified": "2015-03-12T07:47:25.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\system32\\\\teamviewsvc.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:47:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550144a0-0f58-4165-94d0-48f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:59:57.000Z",
"modified": "2015-03-12T07:59:57.000Z",
"description": "MsAttacker",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.27.127.200']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:59:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--550144aa-d8d4-43f4-b4cc-45f2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:47:54.000Z",
"modified": "2015-03-12T07:47:54.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "MsAttacker"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550144c6-705c-4176-a9aa-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:48:22.000Z",
"modified": "2015-03-12T07:48:22.000Z",
"pattern": "[email-message:body_multipart[*].body_raw_ref.name = 'WTO. non-market status China _1_.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:48:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-attachment\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--550144d5-fc14-4bf8-a9af-4fe8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:48:37.000Z",
"modified": "2015-03-12T07:48:37.000Z",
"first_observed": "2015-03-12T07:48:37Z",
"last_observed": "2015-03-12T07:48:37Z",
"number_observed": 1,
"object_refs": [
"url--550144d5-fc14-4bf8-a9af-4fe8950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--550144d5-fc14-4bf8-a9af-4fe8950d210b",
"value": "https://malwr.com/analysis/MDE4MDMzNGQ0MjY2NDY1OWE5ZTVhMDRmZjQzNTlkYWM/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550145af-46c8-4980-8fab-ca98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:52:15.000Z",
"modified": "2015-03-12T07:52:15.000Z",
"description": "MiniJS.dll",
"pattern": "[file:hashes.MD5 = '2782c233ddde25040fb1febf9b13611e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:52:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550145af-1cd8-4470-bddc-ca98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:52:15.000Z",
"modified": "2015-03-12T07:52:15.000Z",
"description": "MiniJS.dll",
"pattern": "[file:hashes.SHA1 = 'be50ef6c94f3b630886e1b337e89f4ea9d6e7649']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:52:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550145af-1448-4610-9e15-ca98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:52:15.000Z",
"modified": "2015-03-12T07:52:15.000Z",
"description": "MiniJS.dll",
"pattern": "[file:hashes.SHA256 = '50aebd2a1e3b8917d6c2b5e88c2e2999b2368fca550c548d0836aa57e35c463f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:52:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--550145c6-f97c-4ba4-aa09-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:52:38.000Z",
"modified": "2015-03-12T07:52:38.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "ShadowNet"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550145ec-ddf8-4a02-b69f-49fb950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:53:16.000Z",
"modified": "2015-03-12T07:53:16.000Z",
"pattern": "[url:value = 'http://johnsmith152.typepad.com/blog/rss.xml']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:53:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550145ed-a194-4be4-ae2d-49c2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:53:17.000Z",
"modified": "2015-03-12T07:53:17.000Z",
"pattern": "[url:value = 'http://mynewshemm.wordpress.com/feed/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:53:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550145ed-4940-425d-8b3d-4532950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:53:17.000Z",
"modified": "2015-03-12T07:53:17.000Z",
"pattern": "[url:value = 'http://johnsmith5382.thoughts.com/feed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:53:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014604-fde8-40d8-a01a-9778950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:53:40.000Z",
"modified": "2015-03-12T07:53:40.000Z",
"pattern": "[url:value = 'http://www.semamail.info/firex/test.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:53:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501461f-b418-4dc1-a388-ca98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:54:07.000Z",
"modified": "2015-03-12T07:54:07.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.117.5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:54:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55014634-3e34-4ce2-94d9-4d15950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:54:28.000Z",
"modified": "2015-03-12T07:54:28.000Z",
"first_observed": "2015-03-12T07:54:28Z",
"last_observed": "2015-03-12T07:54:28Z",
"number_observed": 1,
"object_refs": [
"autonomous-system--55014634-3e34-4ce2-94d9-4d15950d210b"
],
"labels": [
"misp:type=\"AS\"",
"misp:category=\"Network activity\""
]
},
{
"type": "autonomous-system",
"spec_version": "2.1",
"id": "autonomous-system--55014634-3e34-4ce2-94d9-4d15950d210b",
"number": 24544
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55014660-9d28-4cca-98bc-4cb7950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:55:12.000Z",
"modified": "2015-03-12T07:55:12.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrant of semamail.info",
"x_misp_type": "text",
"x_misp_value": "mike.fly@email.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501466b-005c-467a-9862-47c4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:55:23.000Z",
"modified": "2015-03-12T07:55:23.000Z",
"pattern": "[domain-name:value = 'semamail.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:55:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501468b-374c-4fec-a0d3-4a94950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:56:26.000Z",
"modified": "2015-03-12T07:56:26.000Z",
"description": "Same registrant as semamail.info",
"pattern": "[domain-name:value = 'conamail.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501468b-2338-4833-bb8e-456d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:56:26.000Z",
"modified": "2015-03-12T07:56:26.000Z",
"description": "Same registrant as semamail.info",
"pattern": "[domain-name:value = 'convmail.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501468b-4f98-4f19-a158-435a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:56:26.000Z",
"modified": "2015-03-12T07:56:26.000Z",
"description": "Same registrant as semamail.info",
"pattern": "[domain-name:value = 'fifamp3.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550146d0-f174-4578-a83d-ca98950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:57:04.000Z",
"modified": "2015-03-12T07:57:04.000Z",
"description": "Also resolved to 122.10.117.35",
"pattern": "[domain-name:value = 'rukiyeangel.dyndns.pro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:57:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501471c-d41c-4568-91e3-41ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:58:20.000Z",
"modified": "2015-03-12T07:58:20.000Z",
"description": "MsAttacker Stage 0",
"pattern": "[file:hashes.MD5 = '8346b50c3954b5c25bf13fcd281eb11a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501471c-4798-4566-a48c-48ad950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:58:20.000Z",
"modified": "2015-03-12T07:58:20.000Z",
"description": "MsAttacker Stage 0",
"pattern": "[file:hashes.SHA1 = 'd9a74528bb56a841cea1fe5fa3e0c777a8e96402']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501471c-1f40-458f-8f17-40f5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:58:20.000Z",
"modified": "2015-03-12T07:58:20.000Z",
"description": "MsAttacker Stage 0",
"pattern": "[file:hashes.SHA256 = 'de7058700f06c5310c26944b28203bc82035f9ff74021649db39a24470517fd1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501471c-58e8-47c0-9fe2-48dc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:58:20.000Z",
"modified": "2015-03-12T07:58:20.000Z",
"description": "MsAttacker Stage 0",
"pattern": "[file:hashes.MD5 = '6fc909a57650daff9a8b9264f38444a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501471c-f594-446e-9879-4b61950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:58:20.000Z",
"modified": "2015-03-12T07:58:20.000Z",
"description": "MsAttacker Stage 0",
"pattern": "[file:hashes.SHA1 = '2a2a1fae6be0468d388aa2c721a0edd93fb37649']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501471c-51cc-4abf-b1d9-4f6e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:58:20.000Z",
"modified": "2015-03-12T07:58:20.000Z",
"description": "MsAttacker Stage 0",
"pattern": "[file:hashes.SHA256 = 'a264cec4096a04c47013d41dcddab9f99482f8f83d61e13be4bcf4614f79b7a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:58:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014746-35d0-487a-9f31-4410950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:59:02.000Z",
"modified": "2015-03-12T07:59:02.000Z",
"description": "MsAttacker Stage 1",
"pattern": "[file:hashes.MD5 = '69a0f490de6ae9fdde0ad9cc35305a7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:59:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014746-0bb8-43fe-98a9-4058950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:59:02.000Z",
"modified": "2015-03-12T07:59:02.000Z",
"description": "MsAttacker Stage 1",
"pattern": "[file:hashes.SHA1 = 'e3532fc890f659fb6afb9115b388e0024565888c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:59:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55014746-1458-4bcd-aabf-4688950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T07:59:02.000Z",
"modified": "2015-03-12T07:59:02.000Z",
"description": "MsAttacker Stage 1",
"pattern": "[file:hashes.SHA256 = '3de8fb09d79166f10f4a10aef1202c2cb45849943f224dc6c61df8d18435e064']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T07:59:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501479d-ffe8-4bdf-b1ba-0959950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:00:29.000Z",
"modified": "2015-03-12T08:00:29.000Z",
"pattern": "[url:value = 'http://122.10.117.152/download/ms/CryptBase.32.cab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:00:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5501479d-07b8-45b9-aaf3-0959950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:00:29.000Z",
"modified": "2015-03-12T08:00:29.000Z",
"pattern": "[url:value = 'http://122.10.117.152/download/ms/CryptBase.64.cab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:00:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550147c2-aeb8-44cc-84eb-4c8f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:01:06.000Z",
"modified": "2015-03-12T08:01:06.000Z",
"description": "ShadowNet Stage 0",
"pattern": "[file:hashes.MD5 = '72707089512762fce576e29a0472eb16']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550147c2-ef78-4730-9051-4e54950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:01:06.000Z",
"modified": "2015-03-12T08:01:06.000Z",
"description": "ShadowNet Stage 0",
"pattern": "[file:hashes.SHA1 = '4ab039da14acf7d80fbb11034ef9ccc861c5ed24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550147c2-f8e0-49e2-ac9f-4140950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:01:06.000Z",
"modified": "2015-03-12T08:01:06.000Z",
"description": "ShadowNet Stage 0",
"pattern": "[file:hashes.SHA256 = 'ddfa44ebb181282e815e965a1c531c7e145128aa7306b508a563e10d5f9f03fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550147f4-84c0-4e82-bc24-0955950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:01:56.000Z",
"modified": "2015-03-12T08:01:56.000Z",
"description": "ShadowNet Stage 1",
"pattern": "[file:hashes.MD5 = 'd8ae44cd65f97654f066edbcb501d999']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550147f5-6850-4f1d-9a7f-0955950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:01:57.000Z",
"modified": "2015-03-12T08:01:57.000Z",
"description": "ShadowNet Stage 1",
"pattern": "[file:hashes.SHA1 = '602a762dca46f7639210e60c59f89a6e7a16391b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--550147f5-3fa4-48f9-ac44-0955950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-03-12T08:01:57.000Z",
"modified": "2015-03-12T08:01:57.000Z",
"description": "ShadowNet Stage 1",
"pattern": "[file:hashes.SHA256 = 'e8f36317e29206d48bd0e6dd6570872122be44f82ca1de01aef373b3cdb2c0e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-12T08:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}
Reference in a new issue View git blame Copy permalink