3557 lines
No EOL
143 KiB
JSON
3557 lines
No EOL
143 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--558401d3-130c-44db-a49a-42fa950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:58.000Z",
|
|
"modified": "2015-06-19T11:54:58.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--558401d3-130c-44db-a49a-42fa950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:58.000Z",
|
|
"modified": "2015-06-19T11:54:58.000Z",
|
|
"name": "OSINT Poseidon And Backoff Pos \u00e2\u20ac\u201c The Links And Similarities by Team Cymru",
|
|
"published": "2016-03-01T22:03:55Z",
|
|
"object_refs": [
|
|
"observed-data--558401ed-4b28-4d86-86ff-777a950d210b",
|
|
"url--558401ed-4b28-4d86-86ff-777a950d210b",
|
|
"x-misp-attribute--558401f8-2f10-4f02-b885-3c43950d210b",
|
|
"x-misp-attribute--558401f8-59f0-41e3-a865-3c43950d210b",
|
|
"indicator--55840233-f934-48c2-b1bc-418f950d210b",
|
|
"indicator--55840233-e038-46fd-8df4-404b950d210b",
|
|
"indicator--55840234-7bc0-4b67-b901-4a45950d210b",
|
|
"indicator--55840234-1358-4c99-a842-4f9b950d210b",
|
|
"indicator--55840234-f108-43ea-9e28-4d61950d210b",
|
|
"indicator--55840234-3488-41b1-9207-47d1950d210b",
|
|
"indicator--55840234-f124-4476-b097-4dd9950d210b",
|
|
"indicator--55840234-e688-4c41-8f8a-45ea950d210b",
|
|
"indicator--55840234-6350-474b-a5e6-4399950d210b",
|
|
"indicator--55840234-9ca8-471d-8a60-4470950d210b",
|
|
"indicator--55840235-b9fc-42d6-968f-4bf1950d210b",
|
|
"indicator--55840235-aeb8-459c-9104-4d3a950d210b",
|
|
"indicator--55840235-43a0-4f52-be8f-45b9950d210b",
|
|
"indicator--55840235-d998-4fcc-81c5-49de950d210b",
|
|
"indicator--55840235-ac40-4f29-8cbe-4c91950d210b",
|
|
"indicator--55840235-d234-42d3-ac82-4344950d210b",
|
|
"indicator--55840235-61bc-42fd-8468-4a3b950d210b",
|
|
"indicator--55840236-ff84-4bd9-a899-45a3950d210b",
|
|
"indicator--55840236-2874-4cd4-99ed-42c3950d210b",
|
|
"indicator--55840236-7ea8-4805-995e-408e950d210b",
|
|
"indicator--55840236-6c4c-4c83-b91d-474a950d210b",
|
|
"indicator--55840236-f280-4ffc-9658-44df950d210b",
|
|
"indicator--55840236-53cc-42fb-9de6-4fa5950d210b",
|
|
"indicator--55840236-7dfc-4387-8151-4cdf950d210b",
|
|
"indicator--55840236-1c9c-48e9-990b-4d99950d210b",
|
|
"indicator--55840237-3634-40de-b3b1-4dbf950d210b",
|
|
"indicator--55840237-707c-4fa2-abbc-4e50950d210b",
|
|
"indicator--55840237-93dc-4fae-8365-47a4950d210b",
|
|
"indicator--5584024e-1a98-491e-97ab-44e7950d210b",
|
|
"indicator--5584024e-3334-48a1-a34d-40b0950d210b",
|
|
"indicator--5584024e-8f88-4b9f-b3eb-42be950d210b",
|
|
"indicator--5584024f-0b64-4c18-8939-491a950d210b",
|
|
"indicator--5584024f-6b54-4a87-9a68-464b950d210b",
|
|
"indicator--5584024f-7224-4143-bcb6-4601950d210b",
|
|
"indicator--5584024f-c364-4d74-9e3d-4371950d210b",
|
|
"indicator--5584024f-fa88-4095-bac0-47fa950d210b",
|
|
"indicator--5584024f-80b0-495a-a48f-41b7950d210b",
|
|
"indicator--5584024f-de54-42d4-8047-4da7950d210b",
|
|
"indicator--5584024f-024c-4d70-ade5-4df3950d210b",
|
|
"indicator--5584027b-fb88-48cd-8089-4d30950d210b",
|
|
"indicator--5584027b-5e68-4ea8-8e64-4285950d210b",
|
|
"indicator--5584027b-8b00-4fc9-a7c8-4d58950d210b",
|
|
"indicator--5584027b-dfb0-4708-803d-4ee1950d210b",
|
|
"indicator--5584027b-d49c-4a3d-a853-432f950d210b",
|
|
"indicator--5584027b-a2d8-44d6-abbc-4d7d950d210b",
|
|
"indicator--5584027c-01d4-48a6-aa02-4d65950d210b",
|
|
"indicator--5584027c-83e8-42f7-bb2d-4197950d210b",
|
|
"indicator--5584027c-8150-4c6d-89a1-4495950d210b",
|
|
"indicator--5584027c-8c38-4201-9162-4ef5950d210b",
|
|
"indicator--5584027c-9164-4af3-8ae7-40b6950d210b",
|
|
"indicator--5584027c-83a8-45f8-a635-498e950d210b",
|
|
"indicator--5584027c-63d8-4bda-8638-424f950d210b",
|
|
"indicator--5584027d-ab24-410f-a38c-4559950d210b",
|
|
"indicator--5584027d-ee40-4d99-baf1-4803950d210b",
|
|
"indicator--5584027d-aa6c-4ee8-9dbc-4b40950d210b",
|
|
"indicator--5584027d-364c-4099-acb3-4b68950d210b",
|
|
"indicator--5584027d-47f0-441e-845d-4e2e950d210b",
|
|
"indicator--5584027d-14e8-4706-ba4b-49d6950d210b",
|
|
"indicator--5584027d-f864-402c-94d2-43e9950d210b",
|
|
"indicator--5584027d-a188-4a70-b151-4239950d210b",
|
|
"indicator--5584027e-86b4-4ca7-8159-4e07950d210b",
|
|
"indicator--5584027e-aad0-453f-a08b-4f0d950d210b",
|
|
"indicator--5584027e-3edc-4f37-b415-46cd950d210b",
|
|
"indicator--558402bd-5260-4854-be21-3c43950d210b",
|
|
"indicator--558402bd-f788-458f-b534-3c43950d210b",
|
|
"indicator--558402bd-caa4-4a7b-8967-3c43950d210b",
|
|
"indicator--558402bd-3034-4b0a-98f6-3c43950d210b",
|
|
"indicator--558402be-1650-40a4-b2f3-3c43950d210b",
|
|
"indicator--558402be-ef7c-4275-af7f-3c43950d210b",
|
|
"indicator--558402be-b3c0-429a-a0fa-3c43950d210b",
|
|
"indicator--558402be-6ca8-4ef2-b9bd-3c43950d210b",
|
|
"indicator--558402be-ba80-4838-bb51-3c43950d210b",
|
|
"indicator--558402be-5dc8-4fdf-8ea9-3c43950d210b",
|
|
"indicator--558402be-6b98-4a9d-9c18-3c43950d210b",
|
|
"indicator--558402be-c43c-4e18-8fb1-3c43950d210b",
|
|
"indicator--558402bf-5710-406f-8961-3c43950d210b",
|
|
"indicator--558402bf-cbe4-420a-9a81-3c43950d210b",
|
|
"indicator--558402bf-c034-4e5f-bdbf-3c43950d210b",
|
|
"indicator--558402bf-5b6c-42ef-bb00-3c43950d210b",
|
|
"indicator--558402bf-af80-4867-85f7-3c43950d210b",
|
|
"indicator--558402bf-e4e8-478d-9a78-3c43950d210b",
|
|
"indicator--558402bf-c878-4e46-b3a5-3c43950d210b",
|
|
"indicator--558402bf-eb84-409a-a91f-3c43950d210b",
|
|
"indicator--558402c0-f4ac-4853-b9f2-3c43950d210b",
|
|
"indicator--558402c0-c8c8-4146-8d67-3c43950d210b",
|
|
"indicator--558402d1-1168-4081-9764-40cb950d210b",
|
|
"indicator--558402d1-8728-4c63-b666-4bb0950d210b",
|
|
"indicator--558402d1-5db0-450a-8238-4531950d210b",
|
|
"indicator--558402d2-7fa4-45b2-9092-40c4950d210b",
|
|
"indicator--558402e6-46b8-4b66-bd40-48ae950d210b",
|
|
"indicator--558402e6-fdc8-488e-bada-4215950d210b",
|
|
"indicator--558402e6-352c-4410-a787-44ee950d210b",
|
|
"indicator--558402e6-bc9c-4373-8e9a-4407950d210b",
|
|
"indicator--558402e6-2ef8-4a02-a503-4467950d210b",
|
|
"indicator--558402e6-6e9c-4dc1-8ef3-4471950d210b",
|
|
"indicator--558402e6-9574-4658-b57d-4262950d210b",
|
|
"indicator--558402e7-c3b0-4ced-817d-4d96950d210b",
|
|
"indicator--558402e7-87f8-4af2-b84d-4c0e950d210b",
|
|
"indicator--558402e7-0cd0-4cd3-ac41-473c950d210b",
|
|
"indicator--558402e7-1678-44f1-88ea-40ac950d210b",
|
|
"indicator--558402e7-04fc-4d68-9e38-4d62950d210b",
|
|
"indicator--558402e7-9d04-4d47-9b85-403c950d210b",
|
|
"indicator--558402e7-827c-4c6d-9806-46d6950d210b",
|
|
"indicator--558402e7-d76c-4921-920f-4ab9950d210b",
|
|
"indicator--558402e8-5a50-4277-a1a2-4059950d210b",
|
|
"indicator--558402e8-b1a8-4cfd-8d44-4f66950d210b",
|
|
"indicator--558402e8-3efc-49c1-a9da-4a3b950d210b",
|
|
"indicator--558402e8-70e0-43c3-af50-43bf950d210b",
|
|
"indicator--558402e8-2c18-488a-abbb-49b4950d210b",
|
|
"indicator--558402e8-996c-4d8b-b376-4e3f950d210b",
|
|
"indicator--558402e8-1eb4-4376-90de-48bc950d210b",
|
|
"indicator--558402e8-1780-4e73-bb89-44c4950d210b",
|
|
"indicator--558402e9-fe50-472d-a268-4e02950d210b",
|
|
"indicator--558402e9-2420-473f-822f-424d950d210b",
|
|
"indicator--558402e9-ac18-4393-9718-4612950d210b",
|
|
"indicator--558402e9-c654-4d94-af7e-4635950d210b",
|
|
"indicator--558402e9-a140-4462-bf4c-4991950d210b",
|
|
"indicator--558402e9-8e94-483b-8749-4228950d210b",
|
|
"indicator--558402e9-39d8-4577-a33b-48a7950d210b",
|
|
"indicator--558402ea-9524-4d8e-b5fc-41a8950d210b",
|
|
"indicator--558402ea-6e68-432a-8130-4e27950d210b",
|
|
"indicator--558402ea-fb74-4582-9e2f-4509950d210b",
|
|
"indicator--558402ea-04b8-4e3d-a598-4092950d210b",
|
|
"indicator--558402ea-95ac-4808-ad14-4b71950d210b",
|
|
"indicator--558402ea-e4f8-4d3d-952d-48e2950d210b",
|
|
"indicator--558402ea-a16c-445e-aa00-4c90950d210b",
|
|
"indicator--558402ea-dc28-4a1c-a58d-47f4950d210b",
|
|
"indicator--558402eb-fe08-43bf-8c64-4e9b950d210b",
|
|
"indicator--558402eb-36dc-46c3-9955-4c7c950d210b",
|
|
"observed-data--55840312-18e0-404b-a13e-40bf950d210b",
|
|
"url--55840312-18e0-404b-a13e-40bf950d210b",
|
|
"observed-data--55840312-5738-459a-b098-4c47950d210b",
|
|
"url--55840312-5738-459a-b098-4c47950d210b",
|
|
"observed-data--55840312-c6b0-4b62-a413-43c5950d210b",
|
|
"url--55840312-c6b0-4b62-a413-43c5950d210b",
|
|
"indicator--56c65f4d-5d64-4d16-86ac-59a0950d210f",
|
|
"indicator--56c65f52-0110-4e54-ade3-42d6950d210f",
|
|
"indicator--56c65f55-2930-47fa-9f20-59a4950d210f",
|
|
"indicator--56c65f4e-e92c-431e-a309-40f2950d210f",
|
|
"indicator--56c65f52-bfa4-4fee-a945-4083950d210f",
|
|
"indicator--56c65f56-c348-471c-a9b9-475b950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--558401ed-4b28-4d86-86ff-777a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:41.000Z",
|
|
"modified": "2015-06-19T11:54:41.000Z",
|
|
"first_observed": "2015-06-19T11:54:41Z",
|
|
"last_observed": "2015-06-19T11:54:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--558401ed-4b28-4d86-86ff-777a950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--558401ed-4b28-4d86-86ff-777a950d210b",
|
|
"value": "https://blog.team-cymru.org/2015/06/poseidon-and-the-backoff-pos-link/"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--558401f8-2f10-4f02-b885-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:50:16.000Z",
|
|
"modified": "2015-06-19T11:50:16.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Poseidon"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--558401f8-59f0-41e3-a865-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:50:16.000Z",
|
|
"modified": "2015-06-19T11:50:16.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Backoff"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840233-f934-48c2-b1bc-418f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:15.000Z",
|
|
"modified": "2015-06-19T11:51:15.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://Askyourspace.com/ldl01aef/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840233-e038-46fd-8df4-404b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:15.000Z",
|
|
"modified": "2015-06-19T11:51:15.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://firstcupworlds.com/ldl01zeg/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-7bc0-4b67-b901-4a45950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://followhell.ru/ldl01z/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-1358-4c99-a842-4f9b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://gorestforus.ru/ldl01987/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-f108-43ea-9e28-4d61950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://lacdileftre.ru/pes2/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-3488-41b1-9207-47d1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://linturefa.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-f124-4476-b097-4dd9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://linturefa.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-e688-4c41-8f8a-45ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://mehanistran.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-6350-474b-a5e6-4399950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://mifastubiv.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840234-9ca8-471d-8a60-4470950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:16.000Z",
|
|
"modified": "2015-06-19T11:51:16.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://petronasconn.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840235-b9fc-42d6-968f-4bf1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:17.000Z",
|
|
"modified": "2015-06-19T11:51:17.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://queryforworld.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840235-aeb8-459c-9104-4d3a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:17.000Z",
|
|
"modified": "2015-06-19T11:51:17.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://restavratormira.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840235-43a0-4f52-be8f-45b9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:17.000Z",
|
|
"modified": "2015-06-19T11:51:17.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://serfilefnom.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840235-d998-4fcc-81c5-49de950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:17.000Z",
|
|
"modified": "2015-06-19T11:51:17.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://serppoglandam.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840235-ac40-4f29-8cbe-4c91950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:17.000Z",
|
|
"modified": "2015-06-19T11:51:17.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://servelatmiru.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840235-d234-42d3-ac82-4344950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:17.000Z",
|
|
"modified": "2015-06-19T11:51:17.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://spartanwore.com/ldl01srf/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840235-61bc-42fd-8468-4a3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:17.000Z",
|
|
"modified": "2015-06-19T11:51:17.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://srachechno.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-ff84-4bd9-a899-45a3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://switlawert.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-2874-4cd4-99ed-42c3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://tabidzuwek.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-7ea8-4805-995e-408e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://tabidzuwek.ru/ldl01/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-6c4c-4c83-b91d-474a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://tabidzuwek.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-f280-4ffc-9658-44df950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://vesnarusural.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-53cc-42fb-9de6-4fa5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://weksrubaz.ru/ldl01/index.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-7dfc-4387-8151-4cdf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://weksrubaz.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840236-1c9c-48e9-990b-4d99950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:18.000Z",
|
|
"modified": "2015-06-19T11:51:18.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://wertstumbahn.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840237-3634-40de-b3b1-4dbf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:19.000Z",
|
|
"modified": "2015-06-19T11:51:19.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://xablopefgr.com/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840237-707c-4fa2-abbc-4e50950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:19.000Z",
|
|
"modified": "2015-06-19T11:51:19.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = 'https://xablopefgr.ru/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--55840237-93dc-4fae-8365-47a4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:19.000Z",
|
|
"modified": "2015-06-19T11:51:19.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[url:value = '/ldl01/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024e-1a98-491e-97ab-44e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:42.000Z",
|
|
"modified": "2015-06-19T11:51:42.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.30.41.159']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024e-3334-48a1-a34d-40b0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:42.000Z",
|
|
"modified": "2015-06-19T11:51:42.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.166.168.106']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024e-8f88-4b9f-b3eb-42be950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:42.000Z",
|
|
"modified": "2015-06-19T11:51:42.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.148']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-0b64-4c18-8939-491a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.149']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-6b54-4a87-9a68-464b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-7224-4143-bcb6-4601950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.171.202.168']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-c364-4d74-9e3d-4371950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.120.110.104']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-fa88-4095-bac0-47fa950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.244.32.164']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-80b0-495a-a48f-41b7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.62.208.238']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-de54-42d4-8047-4da7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.230.220.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584024f-024c-4d70-ade5-4df3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:51:43.000Z",
|
|
"modified": "2015-06-19T11:51:43.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.246.98.85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:51:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027b-fb88-48cd-8089-4d30950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:27.000Z",
|
|
"modified": "2015-06-19T11:52:27.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '164af045a08d718372dd6ecd34b746e7032127b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027b-5e68-4ea8-8e64-4285950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:27.000Z",
|
|
"modified": "2015-06-19T11:52:27.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = 'd5ac494c02f47d79742b55bb9826363f1c5a656c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027b-8b00-4fc9-a7c8-4d58950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:27.000Z",
|
|
"modified": "2015-06-19T11:52:27.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '05b124b5f33a65ebb7489cdbcb55eee1692049f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027b-dfb0-4708-803d-4ee1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:27.000Z",
|
|
"modified": "2015-06-19T11:52:27.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '5e70840747264adee10bb298262207c8c25cff40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027b-d49c-4a3d-a853-432f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:27.000Z",
|
|
"modified": "2015-06-19T11:52:27.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '3de607115b6f0372ad9d4d68c27a118eca463a11']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027b-a2d8-44d6-abbc-4d7d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:27.000Z",
|
|
"modified": "2015-06-19T11:52:27.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '4959d2bdb93f2a75fd92ebbb1de391e3ed72ac55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027c-01d4-48a6-aa02-4d65950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:28.000Z",
|
|
"modified": "2015-06-19T11:52:28.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = 'b542f06b600e4caf2c3089a1ebb3a68d9d0a8003']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027c-83e8-42f7-bb2d-4197950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:28.000Z",
|
|
"modified": "2015-06-19T11:52:28.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '8cfbfa37d31bcdeba00f0cab1509f93feec43e37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027c-8150-4c6d-89a1-4495950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:28.000Z",
|
|
"modified": "2015-06-19T11:52:28.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '0d9a8b1c179e705f589f84a4ee3d635fe4ecf4f6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027c-8c38-4201-9162-4ef5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:28.000Z",
|
|
"modified": "2015-06-19T11:52:28.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '1be1781de69d6d6e8e749538c28dd0a5bff9a2bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027c-9164-4af3-8ae7-40b6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:28.000Z",
|
|
"modified": "2015-06-19T11:52:28.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '2b53394dad68bfc2a22d710259cb922d44799282']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027c-83a8-45f8-a635-498e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:28.000Z",
|
|
"modified": "2015-06-19T11:52:28.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '8b83112e29b4c51ad5e63c4e7c4dc3cd6065e6d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027c-63d8-4bda-8638-424f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:28.000Z",
|
|
"modified": "2015-06-19T11:52:28.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '1a7f93af47c4ddd9e9c52e39d6b388ce6bc86a7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-ab24-410f-a38c-4559950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '6e45ba4be815ee0f2f8954a05b3f79ffa52bbce2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-ee40-4d99-baf1-4803950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '8b2455854fdd9907c601a4b00703f9aa6ec62408']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-aa6c-4ee8-9dbc-4b40950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '47430cf79c6d01abe6630e4c08d3fc821040069e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-364c-4099-acb3-4b68950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '7dd0e3ae8bd7a69789d6117fb3e64926e4baad53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-47f0-441e-845d-4e2e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '82189618784f98846bac2139ebe3d3839fe855e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-14e8-4706-ba4b-49d6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '11b3a6866c153c0ed266b5d6e151217299fba3ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-f864-402c-94d2-43e9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '837ac1eaea0ae07fda97e659d55996d09d8485da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027d-a188-4a70-b151-4239950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:29.000Z",
|
|
"modified": "2015-06-19T11:52:29.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '1770d90d828b01a46ab4e39257db28f0a00f2cd8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027e-86b4-4ca7-8159-4e07950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:30.000Z",
|
|
"modified": "2015-06-19T11:52:30.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '02a39351450616c624a7d06ae2e91fbad2515bfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027e-aad0-453f-a08b-4f0d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:30.000Z",
|
|
"modified": "2015-06-19T11:52:30.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = '415132ffccbb95856db3acb3c3648244864a0586']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5584027e-3edc-4f37-b415-46cd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:52:30.000Z",
|
|
"modified": "2015-06-19T11:52:30.000Z",
|
|
"description": "Loader",
|
|
"pattern": "[file:hashes.SHA1 = 'bc244f41938cbdc419590b34f74b8f4a88a73104']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:52:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bd-5260-4854-be21-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:33.000Z",
|
|
"modified": "2015-06-19T11:53:33.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://apporistale.com/pes18/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bd-f788-458f-b534-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:33.000Z",
|
|
"modified": "2015-06-19T11:53:33.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://dingdownmahedt.ru/pes18/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bd-caa4-4a7b-8967-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:33.000Z",
|
|
"modified": "2015-06-19T11:53:33.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://dinghareun.ru/pes18/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bd-3034-4b0a-98f6-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:33.000Z",
|
|
"modified": "2015-06-19T11:53:33.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://dreplicag.ru/pes13/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-1650-40a4-b2f3-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://ferepritdi.ru/pes18/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-ef7c-4275-af7f-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://fimzusoln.ru/pes13/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-b3c0-429a-a0fa-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://horticartf.com/pes13/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-6ca8-4ef2-b9bd-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://howthatficy.ru/pes19/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-ba80-4838-bb51-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://kilaxuntf.ru/pes13/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-5dc8-4fdf-8ea9-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://lasttrainforest.com/pes19/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-6b98-4a9d-9c18-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://newdomainreservenow.ru/pes9/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402be-c43c-4e18-8fb1-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:34.000Z",
|
|
"modified": "2015-06-19T11:53:34.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://p9yhenm.ru/pes9/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-5710-406f-8961-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://quartlet.com/pes13/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-cbe4-420a-9a81-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://rabbutdownlitt.ru/pes19/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-c034-4e5f-bdbf-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://refherssuce.ru/pes19/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-5b6c-42ef-bb00-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://reswahatce.ru/pes19/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-af80-4867-85f7-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://terethaundv.ru/pes18/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-e4e8-478d-9a78-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://wetguqan.ru/pes13/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-c878-4e46-b3a5-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = 'http://xoftunhbyirf.tk/pes18/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402bf-eb84-409a-a91f-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:35.000Z",
|
|
"modified": "2015-06-19T11:53:35.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = '/pes18/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402c0-f4ac-4853-b9f2-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:36.000Z",
|
|
"modified": "2015-06-19T11:53:36.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = '/pes13/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402c0-c8c8-4146-8d67-3c43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:36.000Z",
|
|
"modified": "2015-06-19T11:53:36.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[url:value = '/pes19/viewtopic.php']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402d1-1168-4081-9764-40cb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:53.000Z",
|
|
"modified": "2015-06-19T11:53:53.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.161.40.106']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402d1-8728-4c63-b666-4bb0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:53.000Z",
|
|
"modified": "2015-06-19T11:53:53.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.2.151']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402d1-5db0-450a-8238-4531950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:53.000Z",
|
|
"modified": "2015-06-19T11:53:53.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.220.131.182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402d2-7fa4-45b2-9092-40c4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:53:54.000Z",
|
|
"modified": "2015-06-19T11:53:54.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.199.73.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:53:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e6-46b8-4b66-bd40-48ae950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:14.000Z",
|
|
"modified": "2015-06-19T11:54:14.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '16cc234cdd9b180801e79d0b4beb0d88462911c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e6-fdc8-488e-bada-4215950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:14.000Z",
|
|
"modified": "2015-06-19T11:54:14.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '0417922ec0503730297c167abcefcb4bdadcf8d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e6-352c-4410-a787-44ee950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:14.000Z",
|
|
"modified": "2015-06-19T11:54:14.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '5531d79887f9fd8491596c4ac39a46e2df3e3b19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e6-bc9c-4373-8e9a-4407950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:14.000Z",
|
|
"modified": "2015-06-19T11:54:14.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'f3420cb99c4689bd613f8195571f5dcb417e6d22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e6-2ef8-4a02-a503-4467950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:14.000Z",
|
|
"modified": "2015-06-19T11:54:14.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '0e8827796ea18b18891a2015bc000776664ebff4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e6-6e9c-4dc1-8ef3-4471950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:14.000Z",
|
|
"modified": "2015-06-19T11:54:14.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '17a2c61bf5c49d465a527625cd3e73c60afc07a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e6-9574-4658-b57d-4262950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:14.000Z",
|
|
"modified": "2015-06-19T11:54:14.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '1c22a10c198257316a41e3f7d6f8ad4c40f05e5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-c3b0-4ced-817d-4d96950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '21ef25799050ca8360cb6f8679fc90bd9af8a9de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-87f8-4af2-b84d-4c0e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '24ddc01f6446f3970fb1b895cb7fced9d9ab6328']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-0cd0-4cd3-ac41-473c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '26495828c9a7bb33328b54f772fb1bbd06f6106e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-1678-44f1-88ea-40ac950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '29c29b4d3b81d054dc1d4adea63d606e04663c95']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-04fc-4d68-9e38-4d62950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '2d29baaebaf719d284a9ee4eb0192934ae0f91ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-9d04-4d47-9b85-403c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '303ced5245f0efe080a945d269ec94b2972cbee6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-827c-4c6d-9806-46d6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '31a7ae4d92cf742f447396a197a5ba722e672f05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e7-d76c-4921-920f-4ab9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:15.000Z",
|
|
"modified": "2015-06-19T11:54:15.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '3a800f25408c679f337b6899dca137db66fead66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-5a50-4277-a1a2-4059950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '3c97379ea625a584b91c63b8d9286d6182d61ea2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-b1a8-4cfd-8d44-4f66950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '40eb76aa1c1cd58db621cf21d27b26b33cce5f8a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-3efc-49c1-a9da-4a3b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '41a1c644af30dc4caae59a22dc94bed18e8736de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-70e0-43c3-af50-43bf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '47eda908dd3757d66409e6f3a6225ca1cd03fa2c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-2c18-488a-abbb-49b4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '66244a0d24231839333e8ce970b6ab1b3ad469b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-996c-4d8b-b376-4e3f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '6f6dc9f09c593a57cf9ef658d2447da9c56fbbb4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-1eb4-4376-90de-48bc950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '723af5e6d126021aa0d8032a4cc45da5bedbe946']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e8-1780-4e73-bb89-44c4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:16.000Z",
|
|
"modified": "2015-06-19T11:54:16.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '7915d8736770d4ead4c10304bd54ad72a1120afe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e9-fe50-472d-a268-4e02950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:17.000Z",
|
|
"modified": "2015-06-19T11:54:17.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '884f02ea7e0da210a3d62a347a43c0079cb5218a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e9-2420-473f-822f-424d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:17.000Z",
|
|
"modified": "2015-06-19T11:54:17.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '8ab3bd0c323ef967245bd7756070733f3386eb45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e9-ac18-4393-9718-4612950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:17.000Z",
|
|
"modified": "2015-06-19T11:54:17.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '8f57a662898f5eec84b9fd06da21354184c67f5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e9-c654-4d94-af7e-4635950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:17.000Z",
|
|
"modified": "2015-06-19T11:54:17.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = '9391c66dd409a2908c54f573c975d1a2053f5b8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e9-a140-4462-bf4c-4991950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:17.000Z",
|
|
"modified": "2015-06-19T11:54:17.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'aa90a93833cb1171e9e213ba73928d32c546c1fd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e9-8e94-483b-8749-4228950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:17.000Z",
|
|
"modified": "2015-06-19T11:54:17.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'aded4e686227c932c77fe158ec18251aad4d7097']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402e9-39d8-4577-a33b-48a7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:17.000Z",
|
|
"modified": "2015-06-19T11:54:17.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'ba983efd45dc4a21c34a9be4273fd82d27768267']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-9524-4d8e-b5fc-41a8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'bad699af3fc8fda8e8cd271aac8a018c5faa3748']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-6e68-432a-8130-4e27950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'c0c6fd8b23e627188814cd36ea7a6a5d9f1391e8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-fb74-4582-9e2f-4509950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'c3120212263c7d272b5664fbd33291d46f5357ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-04b8-4e3d-a598-4092950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'c78130f95c4c4db31585521ce4668f962b7385df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-95ac-4808-ad14-4b71950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'd28c053075b2636e8b217f439f15565abe26f569']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-e4f8-4d3d-952d-48e2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'e0158ac0ced198dad89220c2063bbfed515f60fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-a16c-445e-aa00-4c90950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'e51ac9b4180ed0045e690dd09bfe3a69af3b8a0c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402ea-dc28-4a1c-a58d-47f4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:18.000Z",
|
|
"modified": "2015-06-19T11:54:18.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'edb3a9ab30702d1750a3ec5cfd37893af329e788']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402eb-fe08-43bf-8c64-4e9b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:19.000Z",
|
|
"modified": "2015-06-19T11:54:19.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'f1dca78808b7f32ef817bd36e2b250e9c7d736b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--558402eb-36dc-46c3-9955-4c7c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:19.000Z",
|
|
"modified": "2015-06-19T11:54:19.000Z",
|
|
"description": "Exfiltration",
|
|
"pattern": "[file:hashes.SHA1 = 'f562eaed7ddbfb1eee7e95417b54556cabd55c36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-06-19T11:54:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55840312-18e0-404b-a13e-40bf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:58.000Z",
|
|
"modified": "2015-06-19T11:54:58.000Z",
|
|
"first_observed": "2015-06-19T11:54:58Z",
|
|
"last_observed": "2015-06-19T11:54:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55840312-18e0-404b-a13e-40bf950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55840312-18e0-404b-a13e-40bf950d210b",
|
|
"value": "http://blogs.cisco.com/security/talos/poseidon"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55840312-5738-459a-b098-4c47950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:58.000Z",
|
|
"modified": "2015-06-19T11:54:58.000Z",
|
|
"first_observed": "2015-06-19T11:54:58Z",
|
|
"last_observed": "2015-06-19T11:54:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55840312-5738-459a-b098-4c47950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55840312-5738-459a-b098-4c47950d210b",
|
|
"value": "https://blogs.rsa.com/attacking-a-pos-supply-chain-part-1/"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--55840312-c6b0-4b62-a413-43c5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-06-19T11:54:58.000Z",
|
|
"modified": "2015-06-19T11:54:58.000Z",
|
|
"first_observed": "2015-06-19T11:54:58Z",
|
|
"last_observed": "2015-06-19T11:54:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--55840312-c6b0-4b62-a413-43c5950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--55840312-c6b0-4b62-a413-43c5950d210b",
|
|
"value": "https://live.paloaltonetworks.com/community/kb/blog/2015/03/25/findpos-new-pos-malware-family-discovered"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c65f4d-5d64-4d16-86ac-59a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T00:18:21.000Z",
|
|
"modified": "2016-02-19T00:18:21.000Z",
|
|
"description": "Automatically added (via 8cfbfa37d31bcdeba00f0cab1509f93feec43e37)",
|
|
"pattern": "[file:hashes.MD5 = 'f4a4e8d2c64e0b739c9c0d2ad8c974fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T00:18:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c65f52-0110-4e54-ade3-42d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T00:18:26.000Z",
|
|
"modified": "2016-02-19T00:18:26.000Z",
|
|
"description": "Automatically added (via 16cc234cdd9b180801e79d0b4beb0d88462911c0)",
|
|
"pattern": "[file:hashes.MD5 = '84f001ad1d9d54b4c4a841ea325fb709']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T00:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c65f55-2930-47fa-9f20-59a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T00:18:29.000Z",
|
|
"modified": "2016-02-19T00:18:29.000Z",
|
|
"description": "Automatically added (via 723af5e6d126021aa0d8032a4cc45da5bedbe946)",
|
|
"pattern": "[file:hashes.MD5 = '657151a09c4c7de7df5b646f82458359']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T00:18:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c65f4e-e92c-431e-a309-40f2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T00:18:22.000Z",
|
|
"modified": "2016-02-19T00:18:22.000Z",
|
|
"description": "Automatically added (via 8cfbfa37d31bcdeba00f0cab1509f93feec43e37)",
|
|
"pattern": "[file:hashes.SHA256 = 'fd248aea67c258190bfd1a7b7c2921a41ecb54658ec61c36b74225bb45718dae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T00:18:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c65f52-bfa4-4fee-a945-4083950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T00:18:26.000Z",
|
|
"modified": "2016-02-19T00:18:26.000Z",
|
|
"description": "Automatically added (via 16cc234cdd9b180801e79d0b4beb0d88462911c0)",
|
|
"pattern": "[file:hashes.SHA256 = '28ca8bd8a86a3f7f3e501c4dcdf5476f9bda4bbfb91143958d5b168fc15eb391']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T00:18:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c65f56-c348-471c-a9b9-475b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-19T00:18:30.000Z",
|
|
"modified": "2016-02-19T00:18:30.000Z",
|
|
"description": "Automatically added (via 723af5e6d126021aa0d8032a4cc45da5bedbe946)",
|
|
"pattern": "[file:hashes.SHA256 = '7fc34118034db941a4aaeaecc3bf0bbdb415a070b2fcedd225adc11f970c7037']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-19T00:18:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |