56406 lines
No EOL
2.3 MiB
56406 lines
No EOL
2.3 MiB
{
|
|
"type": "bundle",
|
|
"id": "bundle--563b3ea6-b26c-401f-a68b-4d84950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:40:59.000Z",
|
|
"modified": "2020-08-03T06:40:59.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--563b3ea6-b26c-401f-a68b-4d84950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:40:59.000Z",
|
|
"modified": "2020-08-03T06:40:59.000Z",
|
|
"name": "OSINT Expansion on Systematic cyber attacks against Israeli and Palestinian targets going on for a year by Norman",
|
|
"published": "2020-08-03T06:41:13Z",
|
|
"object_refs": [
|
|
"indicator--563b3eb8-ed10-46d0-94dd-4d9a950d210b",
|
|
"indicator--563b3eb9-10e8-42cc-87af-4c19950d210b",
|
|
"indicator--563b3eb9-e598-464a-816e-4f00950d210b",
|
|
"indicator--563b3eb9-cbf8-40bf-b16f-49c7950d210b",
|
|
"indicator--563b3eba-bf7c-4701-9424-422d950d210b",
|
|
"indicator--563b3eba-21cc-471d-9e56-42e5950d210b",
|
|
"indicator--563b3ebb-fa08-4398-be17-4879950d210b",
|
|
"indicator--563b3ebb-87a8-4b8a-a694-4764950d210b",
|
|
"indicator--563b3ebb-cefc-473e-9db7-44fb950d210b",
|
|
"indicator--563b3ebc-85b8-422d-92d0-47a3950d210b",
|
|
"indicator--563b3ebc-3e18-45e9-8c64-4412950d210b",
|
|
"indicator--563b3ebd-e9a8-4a35-960a-4584950d210b",
|
|
"indicator--563b3ebd-a5d0-4b2f-86a3-472a950d210b",
|
|
"indicator--563b3ebd-24fc-4845-97e0-4d72950d210b",
|
|
"indicator--563b3ebe-1eb0-4eab-a1a0-4a40950d210b",
|
|
"indicator--563b3ebe-d2fc-4aa7-935f-452d950d210b",
|
|
"indicator--563b3ebf-99ac-4664-b952-4696950d210b",
|
|
"indicator--563b3ebf-8128-44fa-8f94-451c950d210b",
|
|
"indicator--563b3ebf-9304-41ba-ac8c-461b950d210b",
|
|
"indicator--563b3ec0-f988-40e0-aac1-4729950d210b",
|
|
"indicator--563b3ec0-a224-421a-b9c9-4bdc950d210b",
|
|
"indicator--563b3ec1-26cc-4f70-89ac-4258950d210b",
|
|
"indicator--563b3ec1-5138-48e8-a4a9-41c7950d210b",
|
|
"indicator--563b3ec1-b32c-4e5d-972d-45ea950d210b",
|
|
"indicator--563b3ec2-0cd0-48ae-94e8-40a9950d210b",
|
|
"indicator--563b3ec2-57c0-4420-8b47-4123950d210b",
|
|
"indicator--563b3ec3-c460-4699-b0b8-4a91950d210b",
|
|
"indicator--563b3ec3-e69c-4213-bf48-4ac6950d210b",
|
|
"indicator--563b3ec3-938c-4d98-8bf2-43fc950d210b",
|
|
"indicator--563b3ec4-d790-4f33-98f2-44e1950d210b",
|
|
"indicator--563b3ec4-f8ac-4add-9142-430a950d210b",
|
|
"indicator--563b3ec5-28d4-4189-ab11-4e13950d210b",
|
|
"indicator--563b3ec5-3174-462d-99d2-4510950d210b",
|
|
"indicator--563b3ec5-4950-4473-a322-48ab950d210b",
|
|
"indicator--563b3ec6-8274-4502-a772-4fa5950d210b",
|
|
"indicator--563b3ec6-2b20-4175-b67a-4d7f950d210b",
|
|
"indicator--563b3ec7-5750-4e00-b2cb-42a1950d210b",
|
|
"indicator--563b3ec7-0f80-4d5d-916f-4ce4950d210b",
|
|
"indicator--563b3ec7-466c-4544-b067-4700950d210b",
|
|
"indicator--563b3ec8-4f98-40cf-8372-490e950d210b",
|
|
"indicator--563b3ec8-3378-43c6-b92e-466c950d210b",
|
|
"indicator--563b3ec9-8374-4bcb-85aa-449e950d210b",
|
|
"indicator--563b3ec9-b854-463e-91a5-4c14950d210b",
|
|
"indicator--563b3ec9-d2a0-4fc0-89a3-45a4950d210b",
|
|
"indicator--563b3eca-c8f4-4cd5-a10c-426e950d210b",
|
|
"indicator--563b3eca-f2ec-4220-a49e-4292950d210b",
|
|
"indicator--563b3ecb-ceac-4941-ad72-4acd950d210b",
|
|
"indicator--563b3ecb-6bf0-458a-8f8c-4d37950d210b",
|
|
"indicator--563b3ecb-5d00-4296-9ca8-4536950d210b",
|
|
"indicator--563b3ecc-1f74-4ca4-8886-4c95950d210b",
|
|
"indicator--563b3ecc-ac94-4c30-9764-4186950d210b",
|
|
"indicator--563b3ecc-3908-42d3-96dc-4a69950d210b",
|
|
"indicator--563b3ecd-7de4-4e96-b16e-4914950d210b",
|
|
"indicator--563b3ecd-82c4-47a2-90ec-4bbe950d210b",
|
|
"indicator--563b3ece-0268-4589-8ecc-42ad950d210b",
|
|
"indicator--563b3ece-d724-4e78-b1ea-433d950d210b",
|
|
"indicator--563b3ece-2be0-445a-8aba-4319950d210b",
|
|
"indicator--563b3ecf-e618-43a0-bccc-4a3d950d210b",
|
|
"indicator--563b3ecf-9204-4891-9143-4dfb950d210b",
|
|
"indicator--563b3ed0-d198-4a2f-9b76-49ef950d210b",
|
|
"indicator--563b3ed0-b690-4615-90b4-40db950d210b",
|
|
"indicator--563b3ed1-e864-4613-bcac-449f950d210b",
|
|
"indicator--563b3ed1-9ca8-4330-9aaa-4fc9950d210b",
|
|
"indicator--563b3ed1-7f90-42cf-a1e0-4c38950d210b",
|
|
"indicator--563b3ed2-621c-4e8c-8187-47aa950d210b",
|
|
"indicator--563b3ed2-c080-4df0-afe1-41e7950d210b",
|
|
"indicator--563b3ed2-987c-4fc4-b4bb-49f9950d210b",
|
|
"indicator--563b3ed3-da38-4e29-8890-497f950d210b",
|
|
"indicator--563b3ed3-8820-4f6d-bbd2-4b48950d210b",
|
|
"indicator--563b3ed4-a008-4d22-b257-4538950d210b",
|
|
"indicator--563b3ed4-da10-4fe0-9617-4363950d210b",
|
|
"indicator--563b3ed4-35cc-41a8-a012-4be4950d210b",
|
|
"indicator--563b3ed5-1cb0-4617-948a-44cd950d210b",
|
|
"indicator--563b3ed6-6cbc-423f-857a-4b23950d210b",
|
|
"indicator--563b3ed6-a3b8-4994-a20a-44cb950d210b",
|
|
"indicator--563b3ed6-5200-4d9e-8cc1-4198950d210b",
|
|
"indicator--563b3ed7-a508-4305-b434-4a1e950d210b",
|
|
"indicator--563b3ed7-a5b8-4593-931f-4db3950d210b",
|
|
"indicator--563b3ed8-7cec-440b-9c7c-411e950d210b",
|
|
"indicator--563b3ed8-79f0-459c-873a-4133950d210b",
|
|
"indicator--563b3ed8-1ed4-460c-a564-4f29950d210b",
|
|
"indicator--563b3ed9-8104-4657-af75-4a29950d210b",
|
|
"indicator--563b3ed9-6734-40ea-93ce-4e90950d210b",
|
|
"indicator--563b3eda-211c-4620-b7bb-4370950d210b",
|
|
"indicator--563b3eda-fd48-45ce-9189-4d79950d210b",
|
|
"indicator--563b3eda-ab98-445d-8f31-483c950d210b",
|
|
"indicator--563b3edb-1ef4-4ca7-90f4-4e36950d210b",
|
|
"indicator--563b3edb-9828-4c7a-8827-49d8950d210b",
|
|
"indicator--563b3edc-c45c-404b-9187-4605950d210b",
|
|
"indicator--563b3edc-db1c-4a23-ad96-4bf9950d210b",
|
|
"indicator--563b3edc-f1b4-4cd1-b1e2-4342950d210b",
|
|
"indicator--563b3edd-ab50-46bd-ba24-4ebe950d210b",
|
|
"indicator--563b3edd-22b8-4c7f-b815-41f9950d210b",
|
|
"indicator--563b3ede-ff64-4cd3-9884-409d950d210b",
|
|
"indicator--563b3ede-64a4-49ec-a815-4fda950d210b",
|
|
"indicator--563b3ede-b618-49b4-973d-4463950d210b",
|
|
"indicator--563b3edf-f848-4f6a-a779-43c4950d210b",
|
|
"indicator--563b3edf-a874-4149-b6c9-4a27950d210b",
|
|
"indicator--563b3ee0-0060-4010-a1e4-4242950d210b",
|
|
"indicator--563b3ee0-f394-453d-985a-4d6f950d210b",
|
|
"indicator--563b3ee0-cd88-48d2-abee-4925950d210b",
|
|
"indicator--563b3ee1-aa88-47d5-b0cb-48a8950d210b",
|
|
"indicator--563b3ee1-d1a8-465b-aab3-4f29950d210b",
|
|
"indicator--563b3ee2-9dec-4409-a2db-485a950d210b",
|
|
"indicator--563b3ee2-10fc-495c-ad77-49c2950d210b",
|
|
"indicator--563b3ee2-d6d0-4777-a4fb-4666950d210b",
|
|
"indicator--563b3ee3-995c-4099-9ba6-49a7950d210b",
|
|
"indicator--563b3ee3-5ef0-4313-978f-445a950d210b",
|
|
"indicator--563b3ee4-bf74-4b7e-8cbf-447b950d210b",
|
|
"indicator--563b3ee4-46bc-4396-98c9-46f8950d210b",
|
|
"indicator--563b3ee4-4e00-4092-bdd0-4268950d210b",
|
|
"indicator--563b3ee5-1a04-4ae0-b908-4f71950d210b",
|
|
"indicator--563b3ee5-1894-4880-a362-4882950d210b",
|
|
"indicator--563b3ee6-abac-4823-9ac5-4fe5950d210b",
|
|
"indicator--563b3ee6-c090-469d-8a84-4654950d210b",
|
|
"indicator--563b3ee7-cf3c-490c-a810-46fd950d210b",
|
|
"indicator--563b3ee7-c67c-4865-b768-42be950d210b",
|
|
"indicator--563b3ee8-feac-40b9-9784-44d4950d210b",
|
|
"indicator--563b3ee8-aa8c-4425-931f-4a43950d210b",
|
|
"indicator--563b3ee8-1d30-4f5b-b00b-4bb3950d210b",
|
|
"indicator--563b3ee9-e988-4648-93dc-4550950d210b",
|
|
"indicator--563b3ee9-38d8-4ab5-b3a8-4ac2950d210b",
|
|
"indicator--563b3eea-1ed0-41c8-8149-4070950d210b",
|
|
"indicator--563b3eea-5e1c-4a06-999e-4085950d210b",
|
|
"indicator--563b3eea-92bc-4e67-a8d6-4eda950d210b",
|
|
"indicator--563b3eeb-ff28-45cc-8e1a-4ad2950d210b",
|
|
"indicator--563b3eeb-ae60-4f13-b4c5-4be4950d210b",
|
|
"indicator--563b3eec-8b4c-4497-ab8c-4fe2950d210b",
|
|
"indicator--563b3eec-6a48-4d95-b015-4f58950d210b",
|
|
"indicator--563b3eec-d7c4-42c2-b754-43f0950d210b",
|
|
"indicator--563b3eed-dfb8-43b6-b893-4bea950d210b",
|
|
"indicator--563b3eed-c0c0-4713-ae9e-42ca950d210b",
|
|
"indicator--563b3eee-0524-4e6e-a20d-4937950d210b",
|
|
"indicator--563b3eee-4674-4a41-a474-4c08950d210b",
|
|
"indicator--563b3eee-c81c-4cbd-b1c1-4ab7950d210b",
|
|
"indicator--563b3eef-d1e4-4861-bcce-4c62950d210b",
|
|
"indicator--563b3eef-07cc-4637-8518-41b6950d210b",
|
|
"indicator--563b3ef0-4828-42e0-835d-498e950d210b",
|
|
"indicator--563b3ef0-631c-46fe-8c14-4c1e950d210b",
|
|
"indicator--563b3ef0-da74-4f5f-a080-40de950d210b",
|
|
"indicator--563b3ef1-1ef0-4789-a71b-4b1c950d210b",
|
|
"indicator--563b3ef1-5d74-462a-92dd-475f950d210b",
|
|
"indicator--563b3ef2-f954-434b-a7df-4761950d210b",
|
|
"indicator--563b3ef2-1b98-451e-a78c-422a950d210b",
|
|
"indicator--563b3ef2-3bc8-487f-8ac0-44bf950d210b",
|
|
"indicator--563b3ef3-d0dc-4869-8fdb-41ec950d210b",
|
|
"indicator--563b3ef3-7e70-444d-9427-4a45950d210b",
|
|
"indicator--563b3ef4-4728-429f-85d6-4cdd950d210b",
|
|
"indicator--563b3ef4-17a4-4072-a48d-4852950d210b",
|
|
"observed-data--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"network-traffic--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"ipv4-addr--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"indicator--563b3ef5-a988-4b90-bbdc-431b950d210b",
|
|
"indicator--563b3ef5-fa64-4cfa-9b1e-414f950d210b",
|
|
"indicator--563b3ef6-e958-4570-81c5-4fab950d210b",
|
|
"indicator--563b3ef6-2410-4263-b19c-423b950d210b",
|
|
"indicator--563b3ef6-816c-492d-b332-4b6e950d210b",
|
|
"indicator--563b3ef7-51f0-4ffc-b948-4352950d210b",
|
|
"indicator--563b578f-339c-4951-9b82-44f9950d210b",
|
|
"indicator--563b578f-ad30-46b6-b2cd-40e7950d210b",
|
|
"indicator--563b5790-3bc4-45c3-8e63-481c950d210b",
|
|
"indicator--563b5790-41dc-444d-9240-4b6c950d210b",
|
|
"indicator--563b5790-d9e8-48d9-961b-4704950d210b",
|
|
"indicator--563b5791-1244-46d0-81a6-4117950d210b",
|
|
"indicator--563b5791-f0f0-4139-98a0-4b76950d210b",
|
|
"indicator--563b5792-abe8-4142-8917-4fb6950d210b",
|
|
"indicator--563b5792-5974-48f0-9cfd-489b950d210b",
|
|
"indicator--563b5792-339c-4d57-8866-423b950d210b",
|
|
"indicator--563b5793-98e0-47bf-87c7-4f2b950d210b",
|
|
"indicator--563b5794-f580-4eb3-8646-4555950d210b",
|
|
"indicator--563b5794-2ce8-4c5b-8a86-4d87950d210b",
|
|
"indicator--563b5794-4440-4b82-a444-407f950d210b",
|
|
"indicator--563b5795-451c-4f51-9bc3-42a0950d210b",
|
|
"indicator--563b5795-a024-40ef-bc80-4ea3950d210b",
|
|
"indicator--563b5796-2468-4d01-bdb1-4fbd950d210b",
|
|
"indicator--563b5796-fc10-472c-997b-4a89950d210b",
|
|
"indicator--563b5796-bbd4-4a84-a1cb-4e9c950d210b",
|
|
"indicator--563b5797-8c1c-451f-9a40-4f66950d210b",
|
|
"indicator--563b5797-086c-4690-ba8e-4c53950d210b",
|
|
"indicator--563b5798-de58-4967-89ab-484b950d210b",
|
|
"indicator--563b5798-cb48-481a-91ff-449c950d210b",
|
|
"indicator--563b5798-74a8-4085-a23f-4cd4950d210b",
|
|
"indicator--563b5799-84c0-4952-9aa8-43c1950d210b",
|
|
"indicator--563b5799-6fcc-4f3e-b5a6-48be950d210b",
|
|
"indicator--563b5799-6d78-4f19-97c2-497d950d210b",
|
|
"indicator--563b579a-ce10-4ba2-a85c-4703950d210b",
|
|
"indicator--563b579a-1d0c-450e-9299-4b6e950d210b",
|
|
"indicator--563b579b-3cb4-4576-b8a8-45cf950d210b",
|
|
"indicator--563b579b-d484-4a7d-a1e0-471e950d210b",
|
|
"indicator--563b57ef-5554-4f0b-a489-40a9950d210b",
|
|
"indicator--563b57f0-3800-43cb-a5d3-4f2f950d210b",
|
|
"indicator--563b57f1-bd44-402b-b183-4c04950d210b",
|
|
"indicator--563b58f8-9234-4a0c-a514-4f36950d210b",
|
|
"indicator--563b58f9-85f0-463a-ad3e-4927950d210b",
|
|
"indicator--563b58fa-d914-4116-8d9b-4b11950d210b",
|
|
"indicator--563b58fa-d050-4c14-821e-460f950d210b",
|
|
"indicator--563b58fb-b950-4539-b7d4-4c48950d210b",
|
|
"indicator--563b58fb-df6c-42dc-a48e-40c3950d210b",
|
|
"indicator--563b58fc-d51c-49c6-85a5-4760950d210b",
|
|
"indicator--563b58fc-6308-4c5e-9882-4895950d210b",
|
|
"indicator--563b58fc-0630-4825-ab60-48e2950d210b",
|
|
"indicator--563b58fd-26cc-4b2d-bd6d-42a2950d210b",
|
|
"indicator--563b58fd-7808-470b-b7ec-480b950d210b",
|
|
"indicator--563b58fe-39c0-42a0-9ec4-41f4950d210b",
|
|
"indicator--563b58fe-a7d8-42d6-8bc4-43ba950d210b",
|
|
"indicator--563b58fe-6660-4562-8ce9-412d950d210b",
|
|
"indicator--563b58ff-df8c-4340-99cd-42ed950d210b",
|
|
"indicator--563b58ff-c18c-4619-a686-498e950d210b",
|
|
"indicator--563b58ff-ff60-4628-a52c-41ba950d210b",
|
|
"indicator--563b5900-b628-4a28-906a-45a3950d210b",
|
|
"indicator--563b5901-d060-4521-be4c-412b950d210b",
|
|
"indicator--563b5901-b478-4d87-a52c-4a45950d210b",
|
|
"indicator--563b5901-de7c-483e-9288-4d3e950d210b",
|
|
"indicator--563b5902-0fe8-4213-ada2-46e2950d210b",
|
|
"indicator--563b5902-ca4c-4f4e-9ec0-4b3f950d210b",
|
|
"indicator--563b5903-7568-40c5-857c-4a5a950d210b",
|
|
"indicator--563b5903-20d8-4e96-af98-40d9950d210b",
|
|
"indicator--563b5903-b568-481a-8341-4b63950d210b",
|
|
"indicator--563b5904-b83c-4688-a4c6-43c7950d210b",
|
|
"indicator--563b5905-47c0-4f25-ba49-499a950d210b",
|
|
"indicator--563b5906-1cdc-4745-97df-4df9950d210b",
|
|
"indicator--563b5907-7694-4b7e-b39d-461b950d210b",
|
|
"indicator--563b5907-d51c-43f4-a56f-49b1950d210b",
|
|
"indicator--563b5908-9344-4564-8b8a-4bd4950d210b",
|
|
"indicator--563b5908-0acc-42f6-b60c-4f97950d210b",
|
|
"indicator--563b5909-e990-421f-8f04-45e0950d210b",
|
|
"indicator--563b5909-5594-4fc2-9677-4cf6950d210b",
|
|
"indicator--563b590a-2db8-4f36-acdb-4c87950d210b",
|
|
"indicator--563b590b-5bbc-4e86-8da0-4911950d210b",
|
|
"indicator--563b590b-d368-4126-a05e-4d18950d210b",
|
|
"indicator--563b590b-50c4-4fb0-aaff-4703950d210b",
|
|
"indicator--563b590c-7168-4638-861d-4407950d210b",
|
|
"indicator--563b590c-cee0-4bad-bec2-4bcb950d210b",
|
|
"indicator--563b590c-e454-4034-a3df-468e950d210b",
|
|
"indicator--563b590d-6c34-4526-8dc2-4cf8950d210b",
|
|
"indicator--563b590d-f500-42b8-811c-4070950d210b",
|
|
"indicator--563b590e-6dac-4dbf-8d21-4007950d210b",
|
|
"indicator--563b590e-e29c-498c-b509-4aeb950d210b",
|
|
"indicator--563b590e-4988-49b9-8899-4cbd950d210b",
|
|
"indicator--563b590f-0ddc-4975-92f2-44fb950d210b",
|
|
"indicator--563b590f-8f80-4319-9236-40b2950d210b",
|
|
"indicator--563b5910-8b54-4949-8a4d-495a950d210b",
|
|
"indicator--563b5910-afa4-4e2b-aab9-4266950d210b",
|
|
"indicator--563b5b68-97c4-4890-8aaf-3798950d210b",
|
|
"indicator--563b5b68-bd14-46c5-aaf6-3798950d210b",
|
|
"indicator--563b5b69-4f5c-4bb0-8366-3798950d210b",
|
|
"indicator--563b5b69-a644-4b9c-b7b1-3798950d210b",
|
|
"indicator--563b5b6a-6920-4f1a-becc-3798950d210b",
|
|
"indicator--563b5b6a-1ed4-4e56-9d7b-3798950d210b",
|
|
"indicator--563b5b6c-3434-4549-82f5-3798950d210b",
|
|
"indicator--563b5b6d-0590-4903-a514-3798950d210b",
|
|
"indicator--563b5b6d-e0bc-4b0a-b5ed-3798950d210b",
|
|
"indicator--563b5b6d-54bc-4318-96d3-3798950d210b",
|
|
"indicator--563b5b6e-8300-4b05-81c6-3798950d210b",
|
|
"indicator--563b5b6e-5044-44c5-94d9-3798950d210b",
|
|
"indicator--563b5b6f-2da4-430a-aa1e-3798950d210b",
|
|
"indicator--563b5b6f-bae0-4b6b-8a9c-3798950d210b",
|
|
"indicator--563b5b70-aed4-485c-9e47-3798950d210b",
|
|
"indicator--563b5b71-3938-459e-a391-3798950d210b",
|
|
"indicator--563b5b71-5a9c-40ea-bc7f-3798950d210b",
|
|
"indicator--563b5b72-da14-4745-a7c0-3798950d210b",
|
|
"indicator--563b5b72-2d84-43d7-b9a3-3798950d210b",
|
|
"indicator--563b5b72-25f0-4923-9a05-3798950d210b",
|
|
"indicator--563b5b73-ee74-4c4e-adf9-3798950d210b",
|
|
"indicator--563b5b73-ccb8-494d-82a7-3798950d210b",
|
|
"observed-data--563b5b74-48f4-4b4e-bd5d-3798950d210b",
|
|
"domain-name--563b5b74-48f4-4b4e-bd5d-3798950d210b",
|
|
"indicator--563b5b75-46a0-4a24-b9e5-3798950d210b",
|
|
"indicator--563b5b75-a6f4-4df1-8702-3798950d210b",
|
|
"indicator--563b5b76-1980-4755-ad84-3798950d210b",
|
|
"indicator--563b5b76-d920-40ce-9634-3798950d210b",
|
|
"indicator--563b5b77-68b4-40b9-92ff-3798950d210b",
|
|
"indicator--563b5b77-4f8c-4f9f-b4c2-3798950d210b",
|
|
"indicator--563b5b78-7ff8-4dcd-bd4a-3798950d210b",
|
|
"indicator--563b5b78-e96c-42e3-9ef8-3798950d210b",
|
|
"indicator--563b5b79-b1d0-4ba6-bcaa-3798950d210b",
|
|
"indicator--563b5b79-fb00-450c-8e8d-3798950d210b",
|
|
"indicator--563b5b7a-c298-4521-9548-3798950d210b",
|
|
"indicator--563b5b7a-2dec-4785-8fe6-3798950d210b",
|
|
"indicator--563b5b7a-0a70-4206-bc24-3798950d210b",
|
|
"indicator--563b5b7b-c604-4bdd-b67f-3798950d210b",
|
|
"indicator--563b5b7c-7664-4a05-bb6f-3798950d210b",
|
|
"indicator--563b5b7c-900c-4513-b3d5-3798950d210b",
|
|
"indicator--563b5b7d-9c34-453b-a4c9-3798950d210b",
|
|
"indicator--563b5b7e-bcc0-46e9-b159-3798950d210b",
|
|
"indicator--563b5b7e-fe38-4b31-aa0c-3798950d210b",
|
|
"indicator--563b5b7f-bde0-49d4-8bf2-3798950d210b",
|
|
"indicator--563b5b7f-63f8-48a6-b25a-3798950d210b",
|
|
"indicator--563b5b80-acbc-4d93-b7ff-3798950d210b",
|
|
"indicator--563b5b80-4428-4e4b-95a0-3798950d210b",
|
|
"indicator--563b5b81-b0f4-4aa3-9a45-3798950d210b",
|
|
"indicator--563b5b81-c6e4-4d99-85e1-3798950d210b",
|
|
"indicator--563b5b81-675c-4631-861e-3798950d210b",
|
|
"indicator--563b5b82-5fe8-480c-a415-3798950d210b",
|
|
"indicator--563b5b83-d958-4742-932e-3798950d210b",
|
|
"observed-data--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"network-traffic--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"ipv4-addr--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"indicator--563b5b86-d6f8-4420-8b88-3798950d210b",
|
|
"indicator--563b5b86-bff0-4e9a-9576-3798950d210b",
|
|
"indicator--563b5b87-7688-4307-b708-3798950d210b",
|
|
"indicator--563b5b87-2068-4862-9f9f-3798950d210b",
|
|
"indicator--563b5b88-b860-4894-a54a-3798950d210b",
|
|
"indicator--563b5b89-64a8-4a15-8ee4-3798950d210b",
|
|
"indicator--563b5b89-c5b0-40ad-a7b3-3798950d210b",
|
|
"indicator--563b5b8a-e67c-4fc9-853e-3798950d210b",
|
|
"indicator--563b5b8b-29e8-455e-8566-3798950d210b",
|
|
"indicator--563b5b8c-0cdc-4275-a76c-3798950d210b",
|
|
"indicator--563b5b8c-8124-4193-9958-3798950d210b",
|
|
"indicator--563b5b8d-be34-4db0-941d-3798950d210b",
|
|
"indicator--563b5b8d-ec14-4ef0-83c4-3798950d210b",
|
|
"indicator--563b5b8e-495c-4987-bf0c-3798950d210b",
|
|
"indicator--563b5b8e-0130-4003-89fe-3798950d210b",
|
|
"indicator--563b5b8f-e9b0-4a5d-9fc5-3798950d210b",
|
|
"indicator--563b5b8f-8390-4129-a4a4-3798950d210b",
|
|
"indicator--563b5b90-77a4-4d6e-8528-3798950d210b",
|
|
"indicator--563b5b90-fb50-4b21-85dc-3798950d210b",
|
|
"indicator--563b5b91-8ebc-4af5-8a8b-3798950d210b",
|
|
"indicator--563b5b91-4d18-484d-9d20-3798950d210b",
|
|
"indicator--563b5b94-dfc0-49f6-9bb0-3798950d210b",
|
|
"indicator--563b5b94-5f30-4436-a1be-3798950d210b",
|
|
"indicator--563b5b95-5918-454d-8107-3798950d210b",
|
|
"indicator--563b5b95-5230-40b6-8398-3798950d210b",
|
|
"indicator--563b5b95-d154-43cb-a179-3798950d210b",
|
|
"observed-data--563b5b96-4980-4416-89de-3798950d210b",
|
|
"domain-name--563b5b96-4980-4416-89de-3798950d210b",
|
|
"indicator--563b5b96-f578-4ccd-a526-3798950d210b",
|
|
"indicator--563b5b98-d3f8-45fb-8fd2-3798950d210b",
|
|
"indicator--563b5b98-9260-4e0e-96b1-3798950d210b",
|
|
"indicator--563b5b98-1d38-4232-a1c1-3798950d210b",
|
|
"indicator--563b5b99-473c-4b3d-bfba-3798950d210b",
|
|
"indicator--563b5b9a-a2ec-4c8f-8aa8-3798950d210b",
|
|
"observed-data--563b5b9a-3f68-461e-87c8-3798950d210b",
|
|
"domain-name--563b5b9a-3f68-461e-87c8-3798950d210b",
|
|
"observed-data--563b5b9b-c89c-48c7-ac29-3798950d210b",
|
|
"domain-name--563b5b9b-c89c-48c7-ac29-3798950d210b",
|
|
"indicator--563b5b9c-6764-4389-a1e3-3798950d210b",
|
|
"indicator--563b5b9c-ea9c-4ddb-96fc-3798950d210b",
|
|
"indicator--563b5b9c-6388-499e-ad9c-3798950d210b",
|
|
"indicator--563b5b9d-8740-4ba8-9e87-3798950d210b",
|
|
"indicator--563b5b9e-0be0-400a-b349-3798950d210b",
|
|
"indicator--563b5b9e-32a8-4856-9845-3798950d210b",
|
|
"indicator--563b5b9e-9354-496b-95cb-3798950d210b",
|
|
"indicator--563b5b9f-9e38-49bd-a608-3798950d210b",
|
|
"indicator--563b5b9f-3360-4a1b-8621-3798950d210b",
|
|
"indicator--563b5ba0-15f0-4e4b-9691-3798950d210b",
|
|
"indicator--563b5ba0-aa50-44ef-883d-3798950d210b",
|
|
"indicator--563b5ba1-27c0-48f2-b3e9-3798950d210b",
|
|
"indicator--563b5ba2-9e24-4e9a-8538-3798950d210b",
|
|
"indicator--563b5ba2-5694-41f3-bab5-3798950d210b",
|
|
"indicator--563b5ba3-2d94-4920-b44e-3798950d210b",
|
|
"indicator--563b5ba3-4294-4b1c-a60d-3798950d210b",
|
|
"indicator--563b5ba4-131c-43f2-90f2-3798950d210b",
|
|
"indicator--563b5ba4-71d4-498e-b83b-3798950d210b",
|
|
"indicator--563b5ba5-6664-40e3-b906-3798950d210b",
|
|
"indicator--563b5ba5-25e4-4fe2-928d-3798950d210b",
|
|
"indicator--563b5ba6-2268-4906-a92c-3798950d210b",
|
|
"indicator--563b5ba8-ad20-4821-bc80-3798950d210b",
|
|
"indicator--563b5ba8-ea40-4fdb-8644-3798950d210b",
|
|
"indicator--563b5ba9-0d9c-4f94-b183-3798950d210b",
|
|
"indicator--563b5ba9-0cfc-4aaa-a84f-3798950d210b",
|
|
"observed-data--563b5ba9-db10-41e8-be7b-3798950d210b",
|
|
"domain-name--563b5ba9-db10-41e8-be7b-3798950d210b",
|
|
"indicator--563b5baa-8490-4299-b73a-3798950d210b",
|
|
"indicator--563b5baa-b724-4ad9-abec-3798950d210b",
|
|
"indicator--563b5bab-4334-4a06-8402-3798950d210b",
|
|
"indicator--563b5bac-5a04-4bc6-a5ff-3798950d210b",
|
|
"indicator--563b5bad-93e8-4cef-90c6-3798950d210b",
|
|
"indicator--563b5bae-2380-45db-8921-3798950d210b",
|
|
"indicator--563b5bae-b530-4559-b43c-3798950d210b",
|
|
"indicator--563b5baf-07d8-404e-92ef-3798950d210b",
|
|
"indicator--563b5baf-883c-4555-8878-3798950d210b",
|
|
"indicator--563b5bb0-7524-4033-bc86-3798950d210b",
|
|
"indicator--563b5bb0-2ae0-4bbd-8064-3798950d210b",
|
|
"indicator--563b5bb1-249c-4baa-b661-3798950d210b",
|
|
"indicator--563b5bb2-757c-4802-a1ea-3798950d210b",
|
|
"indicator--563b5bb2-a190-45a5-a942-3798950d210b",
|
|
"indicator--563b5bb3-f18c-4a74-929f-3798950d210b",
|
|
"indicator--563b5bb3-d2b8-41ff-b661-3798950d210b",
|
|
"indicator--563b5bb5-2a9c-4f7b-a894-3798950d210b",
|
|
"indicator--563b5bb5-9740-4706-8e41-3798950d210b",
|
|
"indicator--563b5bb5-c024-4f8a-bf95-3798950d210b",
|
|
"indicator--563b5bb6-ba3c-40ae-b8bc-3798950d210b",
|
|
"indicator--563b5bb6-ad34-49ea-a70b-3798950d210b",
|
|
"indicator--563b5bb7-599c-4c8a-9a79-3798950d210b",
|
|
"indicator--563b5bb8-17c0-41b3-b489-3798950d210b",
|
|
"indicator--563b5bb8-e708-4a8a-a7ce-3798950d210b",
|
|
"indicator--563b5bb9-b7cc-44ec-8569-3798950d210b",
|
|
"indicator--563b5bba-88fc-4e3f-b596-3798950d210b",
|
|
"indicator--563b5bba-40d8-4bba-a282-3798950d210b",
|
|
"indicator--563b5bba-f0b4-43cb-a3ab-3798950d210b",
|
|
"indicator--563b5bbb-fe70-470d-aa60-3798950d210b",
|
|
"indicator--563b5bbb-bbb4-4f6e-a4cc-3798950d210b",
|
|
"indicator--563b5bbc-14f0-45e0-ba6f-3798950d210b",
|
|
"indicator--563b5bbd-7100-4866-9980-3798950d210b",
|
|
"indicator--563b5bbf-3ae8-49f3-9c2d-3798950d210b",
|
|
"indicator--563b5bbf-87d8-4cad-8988-3798950d210b",
|
|
"indicator--563b5bbf-eda4-4727-aa2c-3798950d210b",
|
|
"indicator--563b5bc0-8b34-4e1d-b65d-3798950d210b",
|
|
"indicator--563b5bc0-4100-4dc7-931e-3798950d210b",
|
|
"indicator--563b5bc1-b840-42f9-93c2-3798950d210b",
|
|
"indicator--563b5bc1-4b44-43e1-8803-3798950d210b",
|
|
"indicator--563b5bc2-2000-4302-98c0-3798950d210b",
|
|
"indicator--563b5bc2-40c4-477c-984f-3798950d210b",
|
|
"indicator--563b5bc2-9930-4060-a005-3798950d210b",
|
|
"indicator--563b5bc3-e32c-4730-bd93-3798950d210b",
|
|
"indicator--563b5bc3-f994-4ccc-95e3-3798950d210b",
|
|
"indicator--563b5bc4-ec84-427e-91b7-3798950d210b",
|
|
"indicator--563b5bc5-6b80-411a-881a-3798950d210b",
|
|
"indicator--563b5bc5-03ac-4df4-8274-3798950d210b",
|
|
"indicator--563b5bc6-cc20-485d-bf5b-3798950d210b",
|
|
"indicator--563b5bc6-0988-441b-b6cc-3798950d210b",
|
|
"indicator--563b5bc7-441c-4007-929b-3798950d210b",
|
|
"indicator--563b5bc7-550c-40de-857e-3798950d210b",
|
|
"indicator--563b5bc8-b9e0-48d0-bdf1-3798950d210b",
|
|
"indicator--563b5bc9-b6dc-4e8f-a413-3798950d210b",
|
|
"indicator--563b5bca-85dc-4fa3-b7f8-3798950d210b",
|
|
"indicator--563b5bca-55c4-408c-a114-3798950d210b",
|
|
"indicator--563b5bca-d2f0-4896-aa68-3798950d210b",
|
|
"indicator--563b5bcc-5234-45dd-a0d8-3798950d210b",
|
|
"indicator--563b5bcc-e1f4-4ed0-9236-3798950d210b",
|
|
"indicator--563b5bcd-c108-4b28-8073-3798950d210b",
|
|
"indicator--563b5bce-68e8-481f-bc8c-3798950d210b",
|
|
"indicator--563b5bce-8ce0-4581-8787-3798950d210b",
|
|
"indicator--563b5bce-3c6c-413a-94c9-3798950d210b",
|
|
"indicator--563b5bcf-880c-4fcb-b2f7-3798950d210b",
|
|
"indicator--563b5bcf-ba6c-4412-9fd4-3798950d210b",
|
|
"indicator--563b5bd0-c108-47f0-b2cf-3798950d210b",
|
|
"indicator--563b5bd2-db18-4fd3-a4e2-3798950d210b",
|
|
"indicator--563b5bd2-a280-4dee-89cd-3798950d210b",
|
|
"indicator--563b5bd3-3ac8-4d5f-b190-3798950d210b",
|
|
"indicator--563b5bd3-adc4-4788-a57b-3798950d210b",
|
|
"indicator--563b5bd3-7828-44de-84ec-3798950d210b",
|
|
"observed-data--563b5bd5-c58c-4ee8-b5e7-3798950d210b",
|
|
"domain-name--563b5bd5-c58c-4ee8-b5e7-3798950d210b",
|
|
"indicator--563b5bd5-466c-49f4-8660-3798950d210b",
|
|
"indicator--563b5bd5-e4d8-4a8d-b7c6-3798950d210b",
|
|
"indicator--563b5bd6-189c-4963-9dac-3798950d210b",
|
|
"indicator--563b5bd6-2bd0-4dce-9b57-3798950d210b",
|
|
"indicator--563b5bd7-b2b8-48f3-8b46-3798950d210b",
|
|
"indicator--563b5bd7-62ac-4ea2-9457-3798950d210b",
|
|
"indicator--563b5bd8-dc04-41c3-ae86-3798950d210b",
|
|
"indicator--563b5bd8-25f4-4fa6-bdb5-3798950d210b",
|
|
"indicator--563b5bd9-f5e4-4c88-bb98-3798950d210b",
|
|
"indicator--563b5bd9-9fdc-42f3-81dd-3798950d210b",
|
|
"indicator--563b5bda-ef98-4f8f-8d6a-3798950d210b",
|
|
"indicator--563b5bda-2f68-4f5d-ac24-3798950d210b",
|
|
"indicator--563b5bdb-14c0-4e31-9464-3798950d210b",
|
|
"indicator--563b5bdb-686c-452b-a3cb-3798950d210b",
|
|
"indicator--563b5bdc-27a8-4719-9b84-3798950d210b",
|
|
"indicator--563b5bdd-bee4-44ad-b08b-3798950d210b",
|
|
"indicator--563b5bdd-330c-4a78-bdf4-3798950d210b",
|
|
"indicator--563b5bdd-0b98-47bc-82aa-3798950d210b",
|
|
"indicator--563b5bde-daf4-4948-852b-3798950d210b",
|
|
"indicator--563b5bdf-1068-4275-af44-3798950d210b",
|
|
"indicator--563b5be0-88c0-4968-8d38-3798950d210b",
|
|
"indicator--563b5be1-a0e8-4af3-98df-3798950d210b",
|
|
"indicator--563b5be1-8634-4d51-9b77-3798950d210b",
|
|
"indicator--563b5be2-f824-4dcf-81e8-3798950d210b",
|
|
"indicator--563b5be3-9130-425e-8e11-3798950d210b",
|
|
"indicator--563b5be3-0a24-4f86-9a6c-3798950d210b",
|
|
"indicator--563b5be4-f1ac-437e-be8d-3798950d210b",
|
|
"indicator--563b5be4-8810-4fd2-a81d-3798950d210b",
|
|
"indicator--563b5be5-549c-4812-8a90-3798950d210b",
|
|
"indicator--563b5be5-9178-412d-ac13-3798950d210b",
|
|
"indicator--563b5be6-9610-4ff5-aa26-3798950d210b",
|
|
"indicator--563b5be6-8df8-40de-af32-3798950d210b",
|
|
"observed-data--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"network-traffic--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"ipv4-addr--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"indicator--563b5be7-97f0-4600-975e-3798950d210b",
|
|
"indicator--563b5be8-8574-4599-9556-3798950d210b",
|
|
"indicator--563b5be9-0afc-4332-950b-3798950d210b",
|
|
"observed-data--563b5be9-9464-4c31-b491-3798950d210b",
|
|
"domain-name--563b5be9-9464-4c31-b491-3798950d210b",
|
|
"indicator--563b5bea-e2c4-4aa4-b128-3798950d210b",
|
|
"indicator--563b5beb-f738-49dc-8fcd-3798950d210b",
|
|
"indicator--563b5bec-8224-4f28-aa7c-3798950d210b",
|
|
"indicator--563b5bec-e700-42d8-b94a-3798950d210b",
|
|
"indicator--563b5bed-96a8-4725-bf3b-3798950d210b",
|
|
"indicator--563b5bed-3160-4f2a-a856-3798950d210b",
|
|
"indicator--563b5bef-fa84-41c2-964e-3798950d210b",
|
|
"indicator--563b5bef-de1c-4c5a-9bba-3798950d210b",
|
|
"indicator--563b5bef-72b0-45be-88f9-3798950d210b",
|
|
"indicator--563b5bf0-da7c-476c-8628-3798950d210b",
|
|
"indicator--563b5bf0-2148-4f17-842f-3798950d210b",
|
|
"indicator--563b5bf1-fda4-4308-ba95-3798950d210b",
|
|
"indicator--563b5bf1-a404-4102-86cb-3798950d210b",
|
|
"indicator--563b5bf2-0440-488a-8255-3798950d210b",
|
|
"indicator--563b5bf2-cfc4-4f02-a4d7-3798950d210b",
|
|
"indicator--563b5bf3-2b8c-4005-b09d-3798950d210b",
|
|
"indicator--563b5bf3-ed10-4be0-a129-3798950d210b",
|
|
"indicator--563b5bf4-d95c-444b-b2c7-3798950d210b",
|
|
"observed-data--563b5bf4-7f28-4162-ac7f-3798950d210b",
|
|
"domain-name--563b5bf4-7f28-4162-ac7f-3798950d210b",
|
|
"indicator--563b5bf5-2ee0-4834-8200-3798950d210b",
|
|
"indicator--563b5bf5-c488-4364-83c1-3798950d210b",
|
|
"indicator--563b5bf6-4e48-4dd6-9a7e-3798950d210b",
|
|
"indicator--563b5bf6-8164-4cae-a825-3798950d210b",
|
|
"indicator--563b5bf6-a2f0-42ce-a077-3798950d210b",
|
|
"indicator--563b5bf7-e800-48ba-83d7-3798950d210b",
|
|
"indicator--563b5bf7-1570-4b52-afc3-3798950d210b",
|
|
"indicator--563b5bf9-baec-49f6-967f-3798950d210b",
|
|
"indicator--563b5bf9-38a8-4d03-abb9-3798950d210b",
|
|
"indicator--563b5bfa-f4c4-47e1-b0e1-3798950d210b",
|
|
"indicator--563b5bfa-0efc-4f95-93ff-3798950d210b",
|
|
"indicator--563b5bfb-3670-4997-8d88-3798950d210b",
|
|
"indicator--563b5bfb-0f50-4cdf-8a05-3798950d210b",
|
|
"indicator--563b5bfd-f12c-46c3-bce5-3798950d210b",
|
|
"indicator--563b5bfd-7298-491c-b6fa-3798950d210b",
|
|
"indicator--563b5bfd-9db4-4894-b8c6-3798950d210b",
|
|
"indicator--563b5bfe-a5c4-401c-8a60-3798950d210b",
|
|
"observed-data--563b5bff-6b38-42eb-a76f-3798950d210b",
|
|
"domain-name--563b5bff-6b38-42eb-a76f-3798950d210b",
|
|
"indicator--563b5bff-8194-4dc2-a34c-3798950d210b",
|
|
"indicator--563b5c00-5f48-4172-ba04-3798950d210b",
|
|
"indicator--563b5c00-a9d4-47fc-bd6c-3798950d210b",
|
|
"indicator--563b5c00-3d00-4c07-b15b-3798950d210b",
|
|
"indicator--563b5c01-ea94-43d1-bff9-3798950d210b",
|
|
"indicator--563b5c02-02b8-462d-a788-3798950d210b",
|
|
"indicator--563b5c03-3d14-459c-b8eb-3798950d210b",
|
|
"indicator--563b5c04-baa8-4fdd-806f-3798950d210b",
|
|
"indicator--563b5c07-d128-474b-a91e-3798950d210b",
|
|
"indicator--563b5c07-9d3c-4416-90ab-3798950d210b",
|
|
"indicator--563b5c08-11a4-42fb-b1f8-3798950d210b",
|
|
"indicator--563b5c09-1de8-4807-8a06-3798950d210b",
|
|
"indicator--563b5c09-eb08-4e9c-ac71-3798950d210b",
|
|
"indicator--563b5c09-6dcc-4388-b8e1-3798950d210b",
|
|
"indicator--563b5c0a-4abc-44f3-ae40-3798950d210b",
|
|
"indicator--563b5c0a-6e14-43e6-ae60-3798950d210b",
|
|
"indicator--563b5c0b-ff20-489b-94b3-3798950d210b",
|
|
"indicator--563b5c0b-aef0-4ee5-91dc-3798950d210b",
|
|
"indicator--563b5c0c-a90c-4d95-a6d0-3798950d210b",
|
|
"indicator--563b5c0d-efa0-44a7-a248-3798950d210b",
|
|
"indicator--563b5c0d-25fc-46e9-a968-3798950d210b",
|
|
"indicator--563b5c0e-b0bc-4604-920a-3798950d210b",
|
|
"indicator--563b5c0e-e4e8-4f8f-92d1-3798950d210b",
|
|
"indicator--563b5c0f-c1e8-4ae6-b9dc-3798950d210b",
|
|
"indicator--563b5c0f-c2f0-4f79-9682-3798950d210b",
|
|
"indicator--563b5c10-5c84-4c44-8bc6-3798950d210b",
|
|
"indicator--563b5c10-6cd8-4e9c-9578-3798950d210b",
|
|
"indicator--563b5c11-1d24-4b68-9f29-3798950d210b",
|
|
"indicator--563b5c12-fe04-4bb9-98e5-3798950d210b",
|
|
"indicator--563b5c12-8dd4-4a4f-8131-3798950d210b",
|
|
"indicator--563b5c13-b530-464a-b720-3798950d210b",
|
|
"indicator--563b5c13-5b8c-45e1-81a5-3798950d210b",
|
|
"indicator--563b5c14-a1ac-4b74-ac78-3798950d210b",
|
|
"indicator--563b5c14-814c-4a91-8154-3798950d210b",
|
|
"indicator--563b5c14-fd70-4ecc-a132-3798950d210b",
|
|
"indicator--563b5c15-14c8-4ef6-aadb-3798950d210b",
|
|
"observed-data--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"network-traffic--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"ipv4-addr--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"indicator--563b5c16-c614-4f57-b201-3798950d210b",
|
|
"indicator--563b5c17-38c0-40a8-8aa8-3798950d210b",
|
|
"indicator--563b5c18-6298-4421-903d-3798950d210b",
|
|
"indicator--563b5c18-a0c0-453a-934f-3798950d210b",
|
|
"indicator--563b5c1a-1e04-48c6-943c-3798950d210b",
|
|
"indicator--563b5c1b-77ac-4b25-ad94-3798950d210b",
|
|
"indicator--563b5c1b-6fa8-45c8-ab02-3798950d210b",
|
|
"indicator--563b5c1c-6a80-4421-9f55-3798950d210b",
|
|
"indicator--563b5c1c-80e0-4fbc-8dcc-3798950d210b",
|
|
"indicator--563b5c1d-136c-4d8b-9c84-3798950d210b",
|
|
"indicator--563b5c1d-16dc-4d3a-aad7-3798950d210b",
|
|
"indicator--563b5c1e-7378-4945-9e47-3798950d210b",
|
|
"indicator--563b5c1e-cac0-4987-a601-3798950d210b",
|
|
"indicator--563b5c1f-71c0-49bd-a03a-3798950d210b",
|
|
"indicator--563b5c20-82b4-4de8-85a6-3798950d210b",
|
|
"indicator--563b5c21-666c-4772-b12b-3798950d210b",
|
|
"indicator--563b5c21-c694-43ad-807e-3798950d210b",
|
|
"indicator--563b5c22-98b0-42d9-8a7f-3798950d210b",
|
|
"indicator--563b5c22-5d60-40c6-8e0e-3798950d210b",
|
|
"indicator--563b5c22-37b0-42fc-92c4-3798950d210b",
|
|
"indicator--563b5c23-03ec-4d4a-ac54-3798950d210b",
|
|
"indicator--563b5c24-426c-4324-948c-3798950d210b",
|
|
"indicator--563b5c24-d3f4-46ed-950c-3798950d210b",
|
|
"indicator--563b5c26-31ec-4ad1-af06-3798950d210b",
|
|
"indicator--563b5c26-0c94-4170-9f79-3798950d210b",
|
|
"indicator--563b5c26-72c0-45b0-8fd6-3798950d210b",
|
|
"indicator--563b5c27-d3cc-4e63-aba1-3798950d210b",
|
|
"indicator--563b5c27-6384-4557-9a97-3798950d210b",
|
|
"indicator--563b5c28-11f4-48d9-82a1-3798950d210b",
|
|
"indicator--563b5c29-9c5c-48db-b692-3798950d210b",
|
|
"indicator--563b5c29-f740-48de-af52-3798950d210b",
|
|
"indicator--563b5c2a-2d04-40a8-8a4a-3798950d210b",
|
|
"indicator--563b5c2b-737c-4daf-9187-3798950d210b",
|
|
"indicator--563b5c2c-8c10-40f4-9158-3798950d210b",
|
|
"indicator--563b5c2c-85a8-43c0-85f8-3798950d210b",
|
|
"indicator--563b5c2d-0690-41e0-965b-3798950d210b",
|
|
"indicator--563b5c2d-1d34-43fb-9cfe-3798950d210b",
|
|
"indicator--563b5c2e-525c-4441-9afe-3798950d210b",
|
|
"indicator--563b5c2e-47c0-48c0-808d-3798950d210b",
|
|
"indicator--563b5c2e-fdbc-4ec5-8e1d-3798950d210b",
|
|
"indicator--563b5c30-cbdc-448f-9a9e-3798950d210b",
|
|
"indicator--563b5c31-cbd8-49bb-a0fd-3798950d210b",
|
|
"indicator--563b5c32-d0b0-44a6-a64d-3798950d210b",
|
|
"indicator--563b5c32-2d2c-418b-8e23-3798950d210b",
|
|
"indicator--563b5c33-64e4-4131-9a7a-3798950d210b",
|
|
"indicator--563b5c33-9ed0-42ab-8aa4-3798950d210b",
|
|
"indicator--563b5c34-34ac-469a-8f61-3798950d210b",
|
|
"indicator--563b5c35-4a2c-4fc7-adfa-3798950d210b",
|
|
"indicator--563b5c35-d874-4df3-84c4-3798950d210b",
|
|
"indicator--563b5c36-2008-4e2e-8a15-3798950d210b",
|
|
"observed-data--563b5c36-222c-4718-bca4-3798950d210b",
|
|
"domain-name--563b5c36-222c-4718-bca4-3798950d210b",
|
|
"observed-data--563b5c37-9054-47f3-8171-3798950d210b",
|
|
"domain-name--563b5c37-9054-47f3-8171-3798950d210b",
|
|
"indicator--563b5c38-bd18-4e23-943c-3798950d210b",
|
|
"indicator--563b5c38-4200-49ca-826b-3798950d210b",
|
|
"indicator--563b5c39-93f0-414f-bd82-3798950d210b",
|
|
"indicator--563b5c39-f778-4f3d-95d7-3798950d210b",
|
|
"indicator--563b5c3a-5340-406a-bfc7-3798950d210b",
|
|
"observed-data--563b5c3a-845c-4961-9a35-3798950d210b",
|
|
"domain-name--563b5c3a-845c-4961-9a35-3798950d210b",
|
|
"indicator--563b5c3b-618c-4d12-a164-3798950d210b",
|
|
"indicator--563b5c3b-a60c-4535-9e2a-3798950d210b",
|
|
"indicator--563b5c3c-ab80-4857-8f0b-3798950d210b",
|
|
"indicator--563b5c3c-9154-4208-b2f3-3798950d210b",
|
|
"indicator--563b5c3d-0be0-46ab-8cc2-3798950d210b",
|
|
"indicator--563b5c3d-c85c-4075-812e-3798950d210b",
|
|
"indicator--563b5c3e-dac8-4451-a90a-3798950d210b",
|
|
"indicator--563b5c3f-0634-474a-8d61-3798950d210b",
|
|
"indicator--563b5c40-4c30-4274-a1ca-3798950d210b",
|
|
"indicator--563b5c40-f374-485e-9d19-3798950d210b",
|
|
"indicator--563b5c40-da4c-490e-8ec9-3798950d210b",
|
|
"indicator--563b5c42-b500-450f-b557-3798950d210b",
|
|
"indicator--563b5c42-5470-4315-b4f2-3798950d210b",
|
|
"indicator--563b5c42-0fd0-496a-b558-3798950d210b",
|
|
"indicator--563b5c43-dfd8-4443-be96-3798950d210b",
|
|
"indicator--563b5c43-6228-4b5e-84d8-3798950d210b",
|
|
"indicator--563b5c44-57cc-4ff5-ab72-3798950d210b",
|
|
"indicator--563b5c44-11bc-4470-96be-3798950d210b",
|
|
"indicator--563b5c45-d480-4cd0-97b1-3798950d210b",
|
|
"indicator--563b5c45-e414-4a05-bd2d-3798950d210b",
|
|
"indicator--563b5c46-6d48-408c-8668-3798950d210b",
|
|
"indicator--563b5c47-9568-4b89-a3d2-3798950d210b",
|
|
"observed-data--563b5c47-ad68-4065-a18f-3798950d210b",
|
|
"domain-name--563b5c47-ad68-4065-a18f-3798950d210b",
|
|
"observed-data--563b5c48-e8c8-4d1e-a289-3798950d210b",
|
|
"domain-name--563b5c48-e8c8-4d1e-a289-3798950d210b",
|
|
"indicator--563b5c48-22e8-47d6-978d-3798950d210b",
|
|
"indicator--563b5c48-8a50-4e8d-b46d-3798950d210b",
|
|
"indicator--563b5c49-e42c-40a9-95cc-3798950d210b",
|
|
"indicator--563b5c4a-6970-491b-ab97-3798950d210b",
|
|
"indicator--563b5c4a-a44c-4822-b18b-3798950d210b",
|
|
"indicator--563b5c4b-09c4-4fec-afb7-3798950d210b",
|
|
"indicator--563b5c4b-12d0-4f7d-bcbd-3798950d210b",
|
|
"indicator--563b5c4c-81c8-4e39-baca-3798950d210b",
|
|
"indicator--563b5c4d-09b8-463c-b2f0-3798950d210b",
|
|
"indicator--563b5c4e-d648-4603-9320-3798950d210b",
|
|
"indicator--563b5c4e-f34c-4257-a4c6-3798950d210b",
|
|
"indicator--563b5c4e-a648-4a7e-bb5f-3798950d210b",
|
|
"indicator--563b5c4f-7958-44b5-a4f4-3798950d210b",
|
|
"indicator--563b5c4f-1540-44d5-a519-3798950d210b",
|
|
"indicator--563b5c50-4fb8-4cbb-b582-3798950d210b",
|
|
"indicator--563b5c50-8f7c-41f7-a567-3798950d210b",
|
|
"indicator--563b5c52-cb3c-4b0b-af87-3798950d210b",
|
|
"indicator--563b5c52-88ac-432b-83bb-3798950d210b",
|
|
"indicator--563b5c52-0b5c-431d-a3f5-3798950d210b",
|
|
"indicator--563b5c53-1de0-41be-a77f-3798950d210b",
|
|
"indicator--563b5c54-109c-43ec-a258-3798950d210b",
|
|
"indicator--563b5c54-ec90-462a-b901-3798950d210b",
|
|
"indicator--563b5c55-2b30-4ebd-8621-3798950d210b",
|
|
"indicator--563b5c55-d8ec-4d48-89e5-3798950d210b",
|
|
"indicator--563b5c55-c4ac-41e6-80d9-3798950d210b",
|
|
"indicator--563b5c56-5734-4053-bed5-3798950d210b",
|
|
"indicator--563b5c56-ab38-42bf-a214-3798950d210b",
|
|
"indicator--563b5c57-7c04-4ad9-8cc2-3798950d210b",
|
|
"indicator--563b5c57-25dc-4304-b026-3798950d210b",
|
|
"indicator--563b5c58-9e5c-4f66-995f-3798950d210b",
|
|
"indicator--563b5c58-90c4-4603-ad5f-3798950d210b",
|
|
"indicator--563b5c59-2184-4bd8-af06-3798950d210b",
|
|
"indicator--563b5c5a-3630-4b03-9bf4-3798950d210b",
|
|
"indicator--563b5c5b-8998-4dc4-9cd3-3798950d210b",
|
|
"indicator--563b5c5b-20b0-4f5c-86ba-3798950d210b",
|
|
"indicator--563b5c5c-9138-4bab-a70b-3798950d210b",
|
|
"indicator--563b5c5c-bfec-4e2e-9ef2-3798950d210b",
|
|
"indicator--563b5c5d-b234-499f-b826-3798950d210b",
|
|
"indicator--563b5c5e-2914-48d1-bf15-3798950d210b",
|
|
"indicator--563b5c5e-b410-4d55-97d5-3798950d210b",
|
|
"indicator--563b5c5f-c98c-45a1-a712-3798950d210b",
|
|
"indicator--563b5c60-99bc-4b02-8114-3798950d210b",
|
|
"indicator--563b5c61-38f0-4780-9ce7-3798950d210b",
|
|
"indicator--563b5c61-2a0c-48e8-88c1-3798950d210b",
|
|
"observed-data--563b5c61-1940-4ce2-9315-3798950d210b",
|
|
"domain-name--563b5c61-1940-4ce2-9315-3798950d210b",
|
|
"indicator--563b5c62-738c-49f6-9367-3798950d210b",
|
|
"indicator--563b5c62-c860-48b8-a172-3798950d210b",
|
|
"indicator--563b5c63-e1e8-487b-a4c6-3798950d210b",
|
|
"indicator--563b5c64-efa0-4bb5-82de-3798950d210b",
|
|
"indicator--563b5c65-6bc0-45f5-9201-3798950d210b",
|
|
"indicator--563b5c65-ffc4-467b-8330-3798950d210b",
|
|
"indicator--563b5c67-6c20-48a7-b686-3798950d210b",
|
|
"indicator--563b5c67-b800-406a-b15f-3798950d210b",
|
|
"indicator--563b5c68-0cd4-46ea-87a2-3798950d210b",
|
|
"indicator--563b5c68-7fec-44e4-a008-3798950d210b",
|
|
"indicator--563b5c68-30f8-4c58-a856-3798950d210b",
|
|
"indicator--563b5c69-ef34-4f22-b3c2-3798950d210b",
|
|
"indicator--563b5c6a-4c98-4e04-b56a-3798950d210b",
|
|
"indicator--563b5c6b-b440-48f5-a9e9-3798950d210b",
|
|
"indicator--563b5c6b-04d4-415d-b144-3798950d210b",
|
|
"indicator--563b5c6c-0df0-41d1-a771-3798950d210b",
|
|
"indicator--563b5c6c-4ea0-4f1d-b717-3798950d210b",
|
|
"indicator--563b5c6c-45ec-4750-8160-3798950d210b",
|
|
"indicator--563b5c6d-5954-4628-88af-3798950d210b",
|
|
"observed-data--563b5c6e-4d80-4410-b15d-3798950d210b",
|
|
"domain-name--563b5c6e-4d80-4410-b15d-3798950d210b",
|
|
"indicator--563b5c6f-879c-436d-9bbd-3798950d210b",
|
|
"indicator--563b5c6f-78ac-4d14-b5b1-3798950d210b",
|
|
"indicator--563b5c6f-98f4-479c-b4e7-3798950d210b",
|
|
"indicator--563b5c70-abe4-4eb1-835b-3798950d210b",
|
|
"indicator--563b5c70-2200-4e09-836a-3798950d210b",
|
|
"indicator--563b5c71-3e0c-4eb7-9a81-3798950d210b",
|
|
"indicator--563b5c71-d754-45b3-85e8-3798950d210b",
|
|
"indicator--563b5c72-8dc0-45f6-b0a4-3798950d210b",
|
|
"indicator--563b5c72-e1c4-4074-be03-3798950d210b",
|
|
"indicator--563b5c73-d9ec-48ff-9069-3798950d210b",
|
|
"indicator--563b5c73-9114-482d-bf1e-3798950d210b",
|
|
"indicator--563b5c74-eaec-4e6a-886c-3798950d210b",
|
|
"indicator--563b5c74-430c-4cfe-bb63-3798950d210b",
|
|
"indicator--563b5c75-7bb4-4a05-9546-3798950d210b",
|
|
"indicator--563b5c75-554c-4d75-91eb-3798950d210b",
|
|
"indicator--563b5c75-4fe8-496a-98d5-3798950d210b",
|
|
"indicator--563b5c76-eef0-4e96-a1fa-3798950d210b",
|
|
"indicator--563b5c76-2004-4702-a768-3798950d210b",
|
|
"observed-data--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"network-traffic--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"ipv4-addr--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"indicator--563b5c78-7700-443d-9e6c-3798950d210b",
|
|
"indicator--563b5c78-c7d8-4b61-881a-3798950d210b",
|
|
"indicator--563b5c79-dc48-4f45-a66e-3798950d210b",
|
|
"observed-data--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"network-traffic--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"ipv4-addr--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"indicator--563b5c7a-34b4-46a2-b1be-3798950d210b",
|
|
"observed-data--563b5c7a-1164-43d0-9eba-3798950d210b",
|
|
"domain-name--563b5c7a-1164-43d0-9eba-3798950d210b",
|
|
"indicator--563b5c7b-b804-496a-9265-3798950d210b",
|
|
"indicator--563b5c7b-0b70-4f2d-8aba-3798950d210b",
|
|
"indicator--563b5c7c-c1b4-4f48-a334-3798950d210b",
|
|
"indicator--563b5c7c-7a6c-402a-ae56-3798950d210b",
|
|
"indicator--563b5c7c-0798-4eed-9d04-3798950d210b",
|
|
"indicator--563b5c7d-6840-4084-8edf-3798950d210b",
|
|
"indicator--563b5c7e-c1f0-4dd9-953f-3798950d210b",
|
|
"indicator--563b5c7e-a014-4bb8-a2c0-3798950d210b",
|
|
"indicator--563b5c7e-1014-46bc-a18f-3798950d210b",
|
|
"indicator--563b5c7f-62dc-4f68-a42b-3798950d210b",
|
|
"indicator--563b5c7f-dd58-41dd-a6f6-3798950d210b",
|
|
"indicator--563b5c80-c0a4-489f-9a5e-3798950d210b",
|
|
"indicator--563b5c80-5468-4c22-acf2-3798950d210b",
|
|
"indicator--563b5c81-3b68-4acc-8235-3798950d210b",
|
|
"indicator--563b5c81-e8d4-4c50-9a43-3798950d210b",
|
|
"indicator--563b5c82-ff00-4e0e-b625-3798950d210b",
|
|
"indicator--563b5c82-1904-4460-b45d-3798950d210b",
|
|
"indicator--563b5c83-8590-440f-b6d0-3798950d210b",
|
|
"indicator--563b5c83-60b8-4413-aa10-3798950d210b",
|
|
"indicator--563b5c84-01d8-40ea-9b1d-3798950d210b",
|
|
"indicator--563b5c85-cf98-44ea-860d-3798950d210b",
|
|
"indicator--563b5c86-39cc-4189-9925-3798950d210b",
|
|
"indicator--563b5c87-3cec-4b08-8463-3798950d210b",
|
|
"indicator--563b5c88-7efc-4290-9526-3798950d210b",
|
|
"indicator--563b5c8a-b00c-4584-a8f5-3798950d210b",
|
|
"observed-data--563b5c8a-5b40-4a14-bcf8-3798950d210b",
|
|
"domain-name--563b5c8a-5b40-4a14-bcf8-3798950d210b",
|
|
"indicator--563b5c8b-5e18-488d-bd3a-3798950d210b",
|
|
"indicator--563b5c8b-c95c-4666-834e-3798950d210b",
|
|
"indicator--563b5c8c-a638-4d33-8f9b-3798950d210b",
|
|
"indicator--563b5c8c-6724-4446-b774-3798950d210b",
|
|
"indicator--563b5c8d-4b7c-4702-9b93-3798950d210b",
|
|
"indicator--563b5c8d-adf4-46f6-ace6-3798950d210b",
|
|
"indicator--563b5c8e-0b60-44dc-a6e7-3798950d210b",
|
|
"indicator--563b5c8e-2414-44e2-8c7d-3798950d210b",
|
|
"indicator--563b5c8f-d9b8-4ed4-83d3-3798950d210b",
|
|
"observed-data--563b5c8f-1308-4c93-8dcf-3798950d210b",
|
|
"domain-name--563b5c8f-1308-4c93-8dcf-3798950d210b",
|
|
"indicator--563b5c90-6a1c-46b3-a423-3798950d210b",
|
|
"indicator--563b5c90-9c7c-4066-a2ee-3798950d210b",
|
|
"indicator--563b5c91-3c08-44e3-bb03-3798950d210b",
|
|
"indicator--563b5c91-2030-4367-85e8-3798950d210b",
|
|
"indicator--563b5c92-81b0-4fd5-aac7-3798950d210b",
|
|
"indicator--563b5c92-d45c-4796-8bf4-3798950d210b",
|
|
"indicator--563b5c94-9e28-4a10-a838-3798950d210b",
|
|
"indicator--563b5c96-26d8-4c2f-9ce2-3798950d210b",
|
|
"indicator--563b5c96-42ac-46c5-b121-3798950d210b",
|
|
"indicator--563b5c96-9240-47b5-b698-3798950d210b",
|
|
"observed-data--563b5c97-582c-4ea0-a7a6-3798950d210b",
|
|
"domain-name--563b5c97-582c-4ea0-a7a6-3798950d210b",
|
|
"indicator--563b5c98-4590-41ac-8826-3798950d210b",
|
|
"indicator--563b5c98-a6a4-414f-b1f3-3798950d210b",
|
|
"indicator--563b5c99-87f8-4a45-847f-3798950d210b",
|
|
"indicator--563b5c9a-ac58-4580-a56c-3798950d210b",
|
|
"indicator--563b5c9a-d624-4bec-8cf8-3798950d210b",
|
|
"indicator--563b5c9b-f87c-4dc1-a180-3798950d210b",
|
|
"indicator--563b5c9c-059c-4c4f-a69e-3798950d210b",
|
|
"indicator--563b5c9c-760c-4a3f-8234-3798950d210b",
|
|
"indicator--563b5c9e-3c5c-454a-9404-3798950d210b",
|
|
"observed-data--563b5c9e-0a18-4e06-af5e-3798950d210b",
|
|
"domain-name--563b5c9e-0a18-4e06-af5e-3798950d210b",
|
|
"indicator--563b5c9f-38f0-42c4-86ac-3798950d210b",
|
|
"indicator--563b5ca0-c138-4c64-abd3-3798950d210b",
|
|
"indicator--563b5ca0-e880-41da-929e-3798950d210b",
|
|
"indicator--563b5ca0-0ecc-442f-ae81-3798950d210b",
|
|
"indicator--563b5ca2-f9d8-44ba-a434-3798950d210b",
|
|
"indicator--563b5ca3-d7f8-4989-8ffa-3798950d210b",
|
|
"indicator--563b5ca4-9b34-4a44-951a-3798950d210b",
|
|
"indicator--563b5ca4-8618-4d9d-aa53-3798950d210b",
|
|
"indicator--563b5ca5-65d4-455d-b3f4-3798950d210b",
|
|
"indicator--563b5ca5-1c48-4d31-926c-3798950d210b",
|
|
"indicator--563b5ca5-0bb8-4bed-a95f-3798950d210b",
|
|
"indicator--563b5ca6-c240-4ce0-ae0c-3798950d210b",
|
|
"indicator--563b5ca6-8738-4a3c-9c62-3798950d210b",
|
|
"indicator--563b5ca7-b774-4122-bf6f-3798950d210b",
|
|
"indicator--563b5ca7-3e14-416b-8dec-3798950d210b",
|
|
"indicator--563b5ca8-4858-4413-8fd2-3798950d210b",
|
|
"indicator--563b5ca8-8ed0-4fdf-abd9-3798950d210b",
|
|
"indicator--563b5ca8-0394-4f0f-8852-3798950d210b",
|
|
"indicator--563b5ca9-9510-4be7-869b-3798950d210b",
|
|
"indicator--563b5ca9-b720-455c-a415-3798950d210b",
|
|
"indicator--563b5caa-ac9c-4ded-8683-3798950d210b",
|
|
"indicator--563b5caa-a954-4481-91c0-3798950d210b",
|
|
"indicator--563b5caa-2f48-4de0-8a5f-3798950d210b",
|
|
"indicator--563b5cab-20f8-46f4-92bf-3798950d210b",
|
|
"indicator--563b5cac-e190-4f98-ada5-3798950d210b",
|
|
"indicator--563b5cad-e2a0-4816-bd0a-3798950d210b",
|
|
"indicator--563b5cad-4a1c-464a-abf4-3798950d210b",
|
|
"indicator--563b5cae-1c20-405a-95bf-3798950d210b",
|
|
"indicator--563b5cae-75f8-402c-9821-3798950d210b",
|
|
"indicator--563b5caf-7e50-4fbe-9471-3798950d210b",
|
|
"indicator--563b5caf-1aa8-4135-aafb-3798950d210b",
|
|
"indicator--563b5cb0-5fe4-4982-8cfe-3798950d210b",
|
|
"observed-data--563b5cb1-5600-4d6c-920c-3798950d210b",
|
|
"domain-name--563b5cb1-5600-4d6c-920c-3798950d210b",
|
|
"observed-data--563b5cb1-2364-4a75-aa66-3798950d210b",
|
|
"domain-name--563b5cb1-2364-4a75-aa66-3798950d210b",
|
|
"indicator--563b5cb2-8d30-449c-aa9d-3798950d210b",
|
|
"indicator--563b5cb3-d9bc-4242-8cf7-3798950d210b",
|
|
"indicator--563b5cb3-1ea0-413c-b172-3798950d210b",
|
|
"indicator--563b5cb4-0070-4f65-9edf-3798950d210b",
|
|
"indicator--563b5cb4-23d4-4495-ae39-3798950d210b",
|
|
"indicator--563b5cb5-fdec-43fd-962b-3798950d210b",
|
|
"indicator--563b5cb5-fb9c-43be-afb7-3798950d210b",
|
|
"observed-data--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"network-traffic--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"ipv4-addr--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"indicator--563b5cb6-0ce0-45ee-8d66-3798950d210b",
|
|
"indicator--563b5cb6-a2ec-462a-b07e-3798950d210b",
|
|
"indicator--563b5cb7-0f34-4b70-ad79-3798950d210b",
|
|
"indicator--563b5cb8-e118-4e0d-a723-3798950d210b",
|
|
"indicator--563b5cb8-5fe0-4ef8-b155-3798950d210b",
|
|
"indicator--563b5cb8-d898-49a0-a7fd-3798950d210b",
|
|
"indicator--563b5cb9-ffbc-4093-82f4-3798950d210b",
|
|
"indicator--563b5cba-6804-4e3d-ab4c-3798950d210b",
|
|
"indicator--563b5cba-a528-4e67-9e72-3798950d210b",
|
|
"indicator--563b5cba-7f7c-4473-a048-3798950d210b",
|
|
"indicator--563b5cbb-1ddc-4db9-aaea-3798950d210b",
|
|
"observed-data--563b5cbb-cc04-4d98-b522-3798950d210b",
|
|
"domain-name--563b5cbb-cc04-4d98-b522-3798950d210b",
|
|
"indicator--563b5cbc-23d8-48e7-a6ac-3798950d210b",
|
|
"indicator--563b5cbd-5e14-49ed-9608-3798950d210b",
|
|
"indicator--563b5cbe-6564-4638-b009-3798950d210b",
|
|
"indicator--563b5cbe-96dc-477d-8739-3798950d210b",
|
|
"indicator--563b5cbe-b658-428b-85af-3798950d210b",
|
|
"indicator--563b5cbf-ac30-417c-ac87-3798950d210b",
|
|
"indicator--563b5cbf-777c-4853-ba26-3798950d210b",
|
|
"observed-data--563b5cc0-6fd0-48ad-960f-3798950d210b",
|
|
"domain-name--563b5cc0-6fd0-48ad-960f-3798950d210b",
|
|
"indicator--563b5cc1-3f10-4b10-b236-3798950d210b",
|
|
"indicator--563b5cc2-ab84-4d0f-9247-3798950d210b",
|
|
"indicator--563b5cc2-2540-40a6-a9ba-3798950d210b",
|
|
"indicator--563b5cc4-fc00-443b-921e-3798950d210b",
|
|
"indicator--563b5cc4-2630-4236-919e-3798950d210b",
|
|
"indicator--563b5cc5-aaa8-4bfc-8b96-3798950d210b",
|
|
"indicator--563b5cc7-ba58-47e4-b963-3798950d210b",
|
|
"indicator--563b5cc8-6e00-4a80-945a-3798950d210b",
|
|
"indicator--563b5cc8-8ec4-4d76-aa1f-3798950d210b",
|
|
"indicator--563b5cc9-f208-456a-8d6c-3798950d210b",
|
|
"indicator--563b5cc9-4724-45cd-9bdc-3798950d210b",
|
|
"indicator--563b5cca-b014-455b-b9a7-3798950d210b",
|
|
"indicator--563b5cca-c2a8-4590-9ffb-3798950d210b",
|
|
"observed-data--563b5cca-9720-4c2a-8a62-3798950d210b",
|
|
"domain-name--563b5cca-9720-4c2a-8a62-3798950d210b",
|
|
"indicator--563b5ccb-aa78-4f95-85ca-3798950d210b",
|
|
"indicator--563b5ccc-9d40-4429-8971-3798950d210b",
|
|
"indicator--563b5ccd-cfc0-4941-9af7-3798950d210b",
|
|
"indicator--563b5ccd-2fc8-4e33-8295-3798950d210b",
|
|
"indicator--563b5ccd-4fa4-4ad7-aa26-3798950d210b",
|
|
"indicator--563b5cce-16b8-4c81-bae5-3798950d210b",
|
|
"indicator--563b5ccf-c1d8-45f0-b2c3-3798950d210b",
|
|
"indicator--563b5ccf-2ba4-4c01-a252-3798950d210b",
|
|
"indicator--563b5cd0-5334-4166-86f0-3798950d210b",
|
|
"indicator--563b5cd0-d950-46f6-8a46-3798950d210b",
|
|
"indicator--563b5cd0-ee70-4f9d-987c-3798950d210b",
|
|
"indicator--563b5cd1-9b80-4aa1-a9b7-3798950d210b",
|
|
"indicator--563b5cd2-72a0-4945-97c3-3798950d210b",
|
|
"indicator--563b5cd2-9088-4bf0-8243-3798950d210b",
|
|
"indicator--563b5cd3-a88c-4791-adc5-3798950d210b",
|
|
"indicator--563b5cd4-f878-4003-9cdb-3798950d210b",
|
|
"indicator--563b5cd4-0ca4-40ce-b3c3-3798950d210b",
|
|
"indicator--563b5cd5-0cd8-4e72-9010-3798950d210b",
|
|
"indicator--563b5cd6-9fb8-4074-b7f0-3798950d210b",
|
|
"indicator--563b5cd7-f4f8-4454-bd35-3798950d210b",
|
|
"indicator--563b5cd8-798c-422c-9e47-3798950d210b",
|
|
"indicator--563b5cd8-ee4c-4a66-b022-3798950d210b",
|
|
"indicator--563b5cd9-689c-429c-97da-3798950d210b",
|
|
"indicator--563b5cd9-b438-4ba4-907b-3798950d210b",
|
|
"indicator--563b5cdb-6ab8-45d1-959c-3798950d210b",
|
|
"indicator--563b5cdc-3138-4aff-9975-3798950d210b",
|
|
"indicator--563b5cdc-f33c-4cee-a17c-3798950d210b",
|
|
"indicator--563b5cdc-015c-4b7a-a6b3-3798950d210b",
|
|
"indicator--563b5cdd-2f4c-4f1e-bf0d-3798950d210b",
|
|
"indicator--563b5cdd-45b4-46ed-ab47-3798950d210b",
|
|
"indicator--563b5cde-e7f8-4a3c-ae09-3798950d210b",
|
|
"indicator--563b5cde-f170-4806-8baa-3798950d210b",
|
|
"indicator--563b5cdf-a700-4608-949c-3798950d210b",
|
|
"indicator--563b5cdf-7d70-4d8f-9597-3798950d210b",
|
|
"indicator--563b5ce0-9808-4f41-a67c-3798950d210b",
|
|
"indicator--563b5ce0-3274-477c-b173-3798950d210b",
|
|
"indicator--563b5ce1-118c-4319-8247-3798950d210b",
|
|
"indicator--563b5ce2-e974-4d15-9e31-3798950d210b",
|
|
"observed-data--563b5ce2-4af0-4ef3-9d04-3798950d210b",
|
|
"domain-name--563b5ce2-4af0-4ef3-9d04-3798950d210b",
|
|
"indicator--563b5ce2-3330-4d29-bf6b-3798950d210b",
|
|
"indicator--563b5ce3-a320-4c9f-a25f-3798950d210b",
|
|
"indicator--563b5ce3-44b8-428c-a7c3-3798950d210b",
|
|
"indicator--563b5ce4-8eb4-49ec-825d-3798950d210b",
|
|
"indicator--563b5ce4-7920-42cc-9c45-3798950d210b",
|
|
"indicator--563b5ce5-9ed0-4797-b46a-3798950d210b",
|
|
"indicator--563b5ce5-a534-4429-8c7b-3798950d210b",
|
|
"indicator--563b5ce7-836c-47f8-826b-3798950d210b",
|
|
"indicator--563b5ce7-d2f8-46cb-a28a-3798950d210b",
|
|
"observed-data--563b5ce7-cdf8-4655-8d12-3798950d210b",
|
|
"domain-name--563b5ce7-cdf8-4655-8d12-3798950d210b",
|
|
"indicator--563b5ce8-9b7c-4e77-9511-3798950d210b",
|
|
"indicator--563b5ce8-01fc-4457-ab9b-3798950d210b",
|
|
"indicator--563b5ce9-a658-4ebf-b824-3798950d210b",
|
|
"indicator--563b5ce9-1f8c-4b2c-a866-3798950d210b",
|
|
"indicator--563b5cea-a898-4191-b83a-3798950d210b",
|
|
"indicator--563b5cea-6e44-4f0f-9f98-3798950d210b",
|
|
"observed-data--563b5cea-f26c-4d25-849e-3798950d210b",
|
|
"domain-name--563b5cea-f26c-4d25-849e-3798950d210b",
|
|
"indicator--563b5ceb-0420-449b-93bc-3798950d210b",
|
|
"indicator--563b5ceb-66b4-4473-89fe-3798950d210b",
|
|
"indicator--563b5cec-3e6c-41d6-a7ae-3798950d210b",
|
|
"indicator--563b5cee-71cc-4e77-9ae8-3798950d210b",
|
|
"indicator--563b5cee-1038-4fdf-9ad2-3798950d210b",
|
|
"indicator--563b5cef-53a4-433b-b0e9-3798950d210b",
|
|
"indicator--563b5cf0-ac20-4fe6-82a6-3798950d210b",
|
|
"indicator--563b5cf1-dfa8-4fe2-9e71-3798950d210b",
|
|
"indicator--563b5cf1-6928-4502-954a-3798950d210b",
|
|
"indicator--563b5cf2-984c-4e5e-b246-3798950d210b",
|
|
"indicator--563b5cf3-99d4-4ec4-98fc-3798950d210b",
|
|
"indicator--563b5cf3-c15c-422f-b6bf-3798950d210b",
|
|
"indicator--563b5cf4-c3dc-42fd-8702-3798950d210b",
|
|
"indicator--563b5cf5-17a8-4f49-882a-3798950d210b",
|
|
"indicator--563b5cf6-d0dc-4467-a9af-3798950d210b",
|
|
"indicator--563b5cf6-f4a0-467d-8adf-3798950d210b",
|
|
"indicator--563b5cf7-a118-4aec-893b-3798950d210b",
|
|
"indicator--563b5cf8-5cbc-422e-af36-3798950d210b",
|
|
"indicator--563b5cf8-beac-4508-9a81-3798950d210b",
|
|
"indicator--563b5cf9-2e30-4ef9-87e9-3798950d210b",
|
|
"indicator--563b5cf9-e0bc-4644-b13a-3798950d210b",
|
|
"indicator--563b5cfa-efa0-481c-af6d-3798950d210b",
|
|
"indicator--563b5cfb-19a8-47a3-aaed-3798950d210b",
|
|
"indicator--563b5cfd-4c44-4eb6-ac3e-3798950d210b",
|
|
"indicator--563b5cfe-5ea8-4858-a51a-3798950d210b",
|
|
"indicator--563b5cff-bfd4-4cc8-a47d-3798950d210b",
|
|
"indicator--563b5d00-4a80-4f1b-9003-3798950d210b",
|
|
"indicator--563b5d00-baac-4c0d-9105-3798950d210b",
|
|
"indicator--563b5d00-a1ec-4498-bba2-3798950d210b",
|
|
"indicator--563b5d01-aaa4-4224-889c-3798950d210b",
|
|
"indicator--563b5d01-f984-4464-98cd-3798950d210b",
|
|
"indicator--563b5d02-b738-4820-a77d-3798950d210b",
|
|
"indicator--563b5d02-e794-475a-93b8-3798950d210b",
|
|
"indicator--563b5d03-97dc-46e2-9300-3798950d210b",
|
|
"indicator--563b5d04-9708-4618-910f-3798950d210b",
|
|
"indicator--563b5d05-d7d8-4384-9f86-3798950d210b",
|
|
"indicator--563b5d05-91b4-4b08-ac27-3798950d210b",
|
|
"indicator--563b5d06-2848-4956-a489-3798950d210b",
|
|
"indicator--563b5d06-3360-4ada-be23-3798950d210b",
|
|
"indicator--563b5d07-5c04-446f-8d36-3798950d210b",
|
|
"indicator--563b5d08-77c8-4ac0-9459-3798950d210b",
|
|
"observed-data--563b5d08-e3a4-49ef-b0a9-3798950d210b",
|
|
"domain-name--563b5d08-e3a4-49ef-b0a9-3798950d210b",
|
|
"indicator--563b5d08-76c0-4389-a87d-3798950d210b",
|
|
"indicator--563b5d0a-cb30-449b-8db1-3798950d210b",
|
|
"indicator--563b5d0a-e144-427d-a4cb-3798950d210b",
|
|
"indicator--563b5d0b-f0dc-4dc5-aec0-3798950d210b",
|
|
"indicator--563b5d0b-6a98-48a3-9aef-3798950d210b",
|
|
"indicator--563b5d0c-5450-4d99-98b2-3798950d210b",
|
|
"indicator--563b5d0c-6eec-4453-92c5-3798950d210b",
|
|
"indicator--563b5d0d-9770-4b6b-8969-3798950d210b",
|
|
"indicator--563b5d0d-7c9c-48d0-94e0-3798950d210b",
|
|
"indicator--563b5d0e-0218-4bd9-b7c2-3798950d210b",
|
|
"indicator--563b5d0e-ace8-4335-a49c-3798950d210b",
|
|
"indicator--563b5d0f-8530-4959-8e89-3798950d210b",
|
|
"indicator--563b5d0f-1988-41e5-9a30-3798950d210b",
|
|
"indicator--563b5d10-3620-47a4-9b73-3798950d210b",
|
|
"indicator--563b5d11-cee4-4bd5-a343-3798950d210b",
|
|
"indicator--563b5d11-50cc-4d5e-a05f-3798950d210b",
|
|
"indicator--563b5d12-6cd4-455e-8281-3798950d210b",
|
|
"indicator--563b5d13-f698-4566-9a24-3798950d210b",
|
|
"indicator--563b5d13-3dac-4cdb-988b-3798950d210b",
|
|
"indicator--563b5d14-6ea8-4ab7-8095-3798950d210b",
|
|
"indicator--563b5d14-9b28-46ff-8182-3798950d210b",
|
|
"indicator--563b5d15-d34c-4152-bb4f-3798950d210b",
|
|
"indicator--563b5d15-bc98-4492-946d-3798950d210b",
|
|
"indicator--563b5d15-d958-48dd-8c77-3798950d210b",
|
|
"indicator--563b5d16-21f8-4466-8112-3798950d210b",
|
|
"indicator--563b5d16-4f60-40a0-9a67-3798950d210b",
|
|
"indicator--563b5d17-99fc-49f1-aefd-3798950d210b",
|
|
"indicator--563b5d17-acf0-4ae7-81fc-3798950d210b",
|
|
"indicator--563b5d18-23d4-4436-b2c8-3798950d210b",
|
|
"indicator--563b5d18-3e78-4c07-bafd-3798950d210b",
|
|
"indicator--563b5d19-10c4-4ed3-b5cc-3798950d210b",
|
|
"indicator--563b5d19-2d88-403b-a8a0-3798950d210b",
|
|
"indicator--563b5d1a-bd14-4b83-92de-3798950d210b",
|
|
"indicator--563b5d1b-564c-4a44-902a-3798950d210b",
|
|
"indicator--563b5d1c-fe94-4d39-a63d-3798950d210b",
|
|
"indicator--563b5d1c-3ab4-40ef-904c-3798950d210b",
|
|
"indicator--563b5d1d-32c0-43a2-8e82-3798950d210b",
|
|
"indicator--563b5d1d-0190-47b9-9bdd-3798950d210b",
|
|
"observed-data--563b5d1e-b5b8-4523-9a70-3798950d210b",
|
|
"domain-name--563b5d1e-b5b8-4523-9a70-3798950d210b",
|
|
"indicator--563b5d1e-cae0-433d-a93d-3798950d210b",
|
|
"indicator--563b5d1f-8a90-4b1b-831a-3798950d210b",
|
|
"indicator--563b5d1f-ecb0-41f8-b734-3798950d210b",
|
|
"indicator--563b5d21-f310-4152-a6be-3798950d210b",
|
|
"indicator--563b5d22-8a4c-4445-bbf5-3798950d210b",
|
|
"indicator--563b5d22-3374-491f-b8fd-3798950d210b",
|
|
"indicator--563b5d23-fc44-4317-9188-3798950d210b",
|
|
"indicator--563b5d24-81c0-4f61-ad6a-3798950d210b",
|
|
"indicator--563b5d25-b934-4d7b-a7fa-3798950d210b",
|
|
"indicator--563b5d25-1c68-4f22-8cda-3798950d210b",
|
|
"indicator--563b5d25-d634-4222-93fa-3798950d210b",
|
|
"indicator--563b5d26-88d0-4f35-8725-3798950d210b",
|
|
"indicator--563b5d26-6aa0-4abd-a320-3798950d210b",
|
|
"indicator--563b5d27-e090-41e6-a0ae-3798950d210b",
|
|
"indicator--563b5d27-5ad4-401e-93f1-3798950d210b",
|
|
"indicator--563b5d28-bd8c-4846-a19a-3798950d210b",
|
|
"indicator--563b5d29-13d0-4d33-a853-3798950d210b",
|
|
"indicator--563b5d2a-cfa0-4ee9-9649-3798950d210b",
|
|
"indicator--563b5d2a-48d4-42d0-96bc-3798950d210b",
|
|
"indicator--563b5d2a-6340-4be7-a94b-3798950d210b",
|
|
"indicator--563b5d2b-78b0-42e1-8f80-3798950d210b",
|
|
"indicator--563b5d2c-0818-4235-ba10-3798950d210b",
|
|
"indicator--563b5d2c-ad14-4bf8-8795-3798950d210b",
|
|
"indicator--563b5d2e-be68-409b-a13f-3798950d210b",
|
|
"indicator--563b5d2f-8b64-4595-83a2-3798950d210b",
|
|
"indicator--563b5d2f-7b90-495c-8838-3798950d210b",
|
|
"indicator--563b5d2f-af10-459a-b71e-3798950d210b",
|
|
"indicator--563b5d30-2190-4730-bdba-3798950d210b",
|
|
"indicator--563b5d30-f8f8-438c-8248-3798950d210b",
|
|
"indicator--563b5d31-fc50-4468-a6a9-3798950d210b",
|
|
"indicator--563b5d32-5d88-4854-9a44-3798950d210b",
|
|
"indicator--563b5d32-f0a4-4c0b-9932-3798950d210b",
|
|
"indicator--563b5d33-66cc-4b33-8404-3798950d210b",
|
|
"indicator--563b5d33-c89c-411b-9cd1-3798950d210b",
|
|
"indicator--563b5d34-54b0-47dd-a31f-3798950d210b",
|
|
"indicator--563b5d34-7194-450e-bdf5-3798950d210b",
|
|
"indicator--563b5d35-9e5c-49cb-a872-3798950d210b",
|
|
"indicator--563b5d36-6a84-4953-8eb1-3798950d210b",
|
|
"indicator--563b5d38-686c-4a13-8d42-3798950d210b",
|
|
"indicator--563b5d3a-1a58-47f1-9e1a-3798950d210b",
|
|
"indicator--563b5d3a-f950-4334-a210-3798950d210b",
|
|
"indicator--563b5d3a-4e48-4199-84be-3798950d210b",
|
|
"indicator--563b5d3b-b150-4afe-9a19-3798950d210b",
|
|
"indicator--563b5d3b-3778-4fca-b3dc-3798950d210b",
|
|
"indicator--563b5d3c-75a8-45ef-bc21-3798950d210b",
|
|
"indicator--563b5d3c-9cf0-4b53-a364-3798950d210b",
|
|
"indicator--563b5d3d-cb18-4268-9f95-3798950d210b",
|
|
"indicator--563b5d3d-eb2c-4b55-94f0-3798950d210b",
|
|
"indicator--563b5d3d-bfa0-4603-9ec8-3798950d210b",
|
|
"indicator--563b5d3e-c19c-4f17-877e-3798950d210b",
|
|
"indicator--563b5d3e-4448-4bcc-aac9-3798950d210b",
|
|
"indicator--563b5d3f-5714-4cf3-8860-3798950d210b",
|
|
"indicator--563b5d40-2904-4a38-82f7-3798950d210b",
|
|
"indicator--563b5d40-4fa4-42b2-bbe4-3798950d210b",
|
|
"indicator--563b5d41-4194-41cd-a09a-3798950d210b",
|
|
"indicator--563b5d42-bbf8-4e9a-8bda-3798950d210b",
|
|
"indicator--563b5d42-a310-40a7-8b7f-3798950d210b",
|
|
"indicator--563b5d43-5a6c-438d-8d84-3798950d210b",
|
|
"indicator--563b5d43-3584-408d-b5a4-3798950d210b",
|
|
"indicator--563b5d44-7670-469d-a70f-3798950d210b",
|
|
"indicator--563b5d44-f9e4-4b1b-92dd-3798950d210b",
|
|
"indicator--563b5d45-81e0-46a3-a23c-3798950d210b",
|
|
"indicator--56795408-52f8-4e39-ac70-4d7d950d210f",
|
|
"indicator--56795409-dc5c-45a2-8075-4d0f950d210f",
|
|
"indicator--56795409-4410-4f5a-bc93-4901950d210f",
|
|
"indicator--56795409-2ff8-45c7-bdae-461e950d210f",
|
|
"indicator--56795409-7628-4970-a04e-4514950d210f",
|
|
"indicator--5679540a-d354-410d-8865-4fa1950d210f",
|
|
"indicator--5679540a-4430-4f48-8cf3-4632950d210f",
|
|
"indicator--5679540a-7e78-40cb-98f5-4c40950d210f",
|
|
"indicator--5679540b-877c-445b-97a7-4de6950d210f",
|
|
"indicator--5679540b-6b44-4e77-a9c3-43d8950d210f",
|
|
"indicator--5679540b-1a14-4056-83c9-46dc950d210f",
|
|
"indicator--5679540b-3320-4683-8bb7-4b0f950d210f",
|
|
"indicator--5679540c-e928-4891-a4bf-4014950d210f",
|
|
"indicator--5679540c-616c-4feb-8a53-417f950d210f",
|
|
"indicator--5679540c-5240-4578-b677-4c47950d210f",
|
|
"indicator--5679540c-1cd0-4c9a-bf64-472a950d210f",
|
|
"indicator--5679540d-3854-4536-9ed7-426f950d210f",
|
|
"indicator--5679540d-fc34-4423-88fb-42e4950d210f",
|
|
"indicator--5679540d-f4a4-46d2-8c3d-443f950d210f",
|
|
"indicator--5679540e-b20c-47af-85bf-4ef3950d210f",
|
|
"indicator--5679540e-47fc-4dab-a1b9-433b950d210f",
|
|
"indicator--5679540e-0840-42de-9077-47c2950d210f",
|
|
"indicator--5679540e-cc94-4645-ad37-462d950d210f",
|
|
"indicator--5679540f-64e0-461f-afdf-4879950d210f",
|
|
"indicator--5679540f-b480-4ef2-8bcd-4a3e950d210f",
|
|
"indicator--5679540f-126c-4c75-9043-450d950d210f",
|
|
"indicator--56795410-5aec-4b36-91e1-49b4950d210f",
|
|
"indicator--56795410-9138-47a3-adc9-4000950d210f",
|
|
"indicator--56795410-9c1c-4a2f-a6ad-4ca3950d210f",
|
|
"indicator--56795410-3810-4d4c-83fe-4cc7950d210f",
|
|
"indicator--56795411-fb18-4579-abf2-434e950d210f",
|
|
"indicator--56795411-baac-412a-9a29-4c04950d210f",
|
|
"indicator--56795411-0a00-4d89-8200-422b950d210f",
|
|
"indicator--56795412-4b2c-452d-b05b-4c86950d210f",
|
|
"indicator--56795412-aa84-4b33-898b-4d15950d210f",
|
|
"indicator--56795412-c580-4d1e-925e-4d86950d210f",
|
|
"indicator--56795413-1d0c-4658-897d-46ab950d210f",
|
|
"indicator--56795413-7ad8-4e7b-bcf1-418f950d210f",
|
|
"indicator--56795413-8fb0-46e0-8f56-4367950d210f",
|
|
"indicator--56795413-e360-4f2b-977b-449c950d210f",
|
|
"indicator--56795414-29c4-4db2-87bc-4e5a950d210f",
|
|
"indicator--56795414-581c-4ace-a0ab-4141950d210f",
|
|
"indicator--56795414-cebc-4264-a95b-43d9950d210f",
|
|
"indicator--56795414-d3d8-4c7a-8654-447e950d210f",
|
|
"indicator--56795415-3e0c-41e3-a741-4b4b950d210f",
|
|
"indicator--56795415-9308-4bc2-94b5-4ea7950d210f",
|
|
"indicator--56795415-9c74-48c7-9ca7-4026950d210f",
|
|
"indicator--56795416-cd50-4d30-adf4-4b49950d210f",
|
|
"indicator--56795416-86c8-4a0a-a080-4551950d210f",
|
|
"indicator--56795416-6054-4e2e-8eaa-4f5c950d210f",
|
|
"indicator--56795416-1aa8-4ff3-94b8-44e4950d210f",
|
|
"indicator--56795417-62a8-4b3d-9d1b-4aa1950d210f",
|
|
"indicator--56795417-2fd4-445f-a07c-469e950d210f",
|
|
"indicator--56795417-0508-46e4-b56b-4020950d210f",
|
|
"indicator--56795418-0dbc-43e0-bd5c-4b0f950d210f",
|
|
"indicator--56795418-42a4-4231-91e5-448c950d210f",
|
|
"indicator--56795418-b898-4455-ad2e-4e39950d210f",
|
|
"indicator--56795419-db80-4817-8d92-43d3950d210f",
|
|
"indicator--56795419-7e08-4f23-8ceb-46a1950d210f",
|
|
"indicator--56795419-f628-49eb-8888-471f950d210f",
|
|
"indicator--56795419-30e4-41a2-b4a8-4368950d210f",
|
|
"indicator--5679541a-1e74-4920-80dc-4cff950d210f",
|
|
"indicator--5679541a-5aa4-4087-9f28-4c76950d210f",
|
|
"indicator--5679541a-e56c-48bb-9683-4741950d210f",
|
|
"indicator--5679541b-210c-45b7-ad30-4993950d210f",
|
|
"indicator--5679541b-5d24-4cce-8d79-412e950d210f",
|
|
"indicator--5679541b-1510-42c3-bd84-44d3950d210f",
|
|
"indicator--5679541b-b134-47f4-bd43-4ba9950d210f",
|
|
"indicator--5679541c-3e24-4845-b2f3-4c56950d210f",
|
|
"indicator--5679541c-501c-428e-8278-4fb0950d210f",
|
|
"indicator--5679541c-ce04-4859-a62a-4a7c950d210f",
|
|
"indicator--5679541d-fcc8-41f1-b39c-466e950d210f",
|
|
"indicator--5679541d-6198-4fa5-8b31-4c45950d210f",
|
|
"indicator--5679541d-a8f0-4f82-a3e1-416b950d210f",
|
|
"indicator--5679541e-d87c-4227-bd05-489a950d210f",
|
|
"indicator--5679541e-a55c-467f-8362-4d5c950d210f",
|
|
"indicator--5679541e-e714-4c9a-bcab-4efe950d210f",
|
|
"indicator--5679541f-c038-4612-a595-48a6950d210f",
|
|
"indicator--5679541f-d6d0-451e-82cb-470a950d210f",
|
|
"indicator--5679541f-1ef8-470e-bc08-4efd950d210f",
|
|
"indicator--5679541f-bfcc-4ee7-89b9-4be1950d210f",
|
|
"indicator--56795420-1f8c-44dc-be43-46e4950d210f",
|
|
"indicator--56795420-5fe4-4056-915b-4846950d210f",
|
|
"indicator--56795420-bcf8-4043-8916-4b9a950d210f",
|
|
"indicator--56795421-679c-418d-aed4-44b5950d210f",
|
|
"indicator--56795421-16ec-49e2-8d83-47bf950d210f",
|
|
"indicator--56795421-9e4c-40c2-b7ae-4e31950d210f",
|
|
"indicator--56795421-eff4-4ddb-84cb-45b4950d210f",
|
|
"indicator--56795422-4108-4fc3-965a-4955950d210f",
|
|
"indicator--56795422-8984-4998-b10c-4c6b950d210f",
|
|
"indicator--56795422-d1f0-47e1-937e-4693950d210f",
|
|
"indicator--56795422-f798-42ae-b25a-4b3b950d210f",
|
|
"indicator--56795423-a438-4885-a7ac-4060950d210f",
|
|
"indicator--56795423-350c-43fb-a7e3-4992950d210f",
|
|
"indicator--56795423-0480-48f1-97f1-479b950d210f",
|
|
"indicator--56795424-edfc-4322-a69d-492e950d210f",
|
|
"indicator--56795424-7234-4557-8e46-43e2950d210f",
|
|
"indicator--56795424-e428-4987-8deb-408f950d210f",
|
|
"indicator--56795424-45fc-4ba1-9bd1-42e6950d210f",
|
|
"indicator--56795425-2a94-4203-971f-4463950d210f",
|
|
"indicator--56795425-6c7c-4e38-ae1a-4dfa950d210f",
|
|
"indicator--56795425-4338-4975-8b05-491d950d210f",
|
|
"indicator--56795426-48b8-416b-a920-4eb7950d210f",
|
|
"indicator--56795426-6000-4571-9140-47e9950d210f",
|
|
"indicator--56795426-b360-4e31-b25e-4b84950d210f",
|
|
"indicator--56795426-6760-4b01-b591-42a1950d210f",
|
|
"indicator--56795427-1e5c-474c-b96e-4231950d210f",
|
|
"indicator--56795427-2978-4a01-aa6b-4bfb950d210f",
|
|
"indicator--56795427-c3d0-4ecf-98d3-442a950d210f",
|
|
"indicator--56795428-e310-4585-8d9a-4365950d210f",
|
|
"indicator--56795428-3bcc-4f56-b9d8-406e950d210f",
|
|
"indicator--56795428-e308-49ac-adac-401b950d210f",
|
|
"indicator--56795428-4d9c-4ae3-b390-4595950d210f",
|
|
"indicator--56795429-6ab0-4407-a818-4922950d210f",
|
|
"indicator--56795429-6d1c-48ee-8bd8-4575950d210f",
|
|
"indicator--56795429-18a0-46b0-bc96-4eb4950d210f",
|
|
"indicator--5679542a-e840-4f04-94f6-4ff3950d210f",
|
|
"indicator--5679542a-dcc0-463a-a545-4329950d210f",
|
|
"indicator--5679542a-5580-41f5-82fd-41cb950d210f",
|
|
"indicator--5679542a-2ff8-4c97-882b-4087950d210f",
|
|
"indicator--5679542b-1288-4870-a75b-4849950d210f",
|
|
"indicator--5679542b-aa58-40cf-a324-400f950d210f",
|
|
"indicator--5679542b-fc8c-445a-b708-485e950d210f",
|
|
"indicator--5679542c-bb14-4a1d-9bde-4f7a950d210f",
|
|
"indicator--5679542c-dcf4-4047-a581-4c66950d210f",
|
|
"indicator--5679542c-1a10-4f0a-bbf0-48e2950d210f",
|
|
"indicator--5679542d-9318-4e71-a7e6-4e36950d210f",
|
|
"indicator--5679542d-b01c-40ad-83e9-450d950d210f",
|
|
"indicator--5679542d-4d6c-4b84-bbe9-4605950d210f",
|
|
"indicator--5679542d-2308-4a29-8b5f-4a68950d210f",
|
|
"indicator--5679542e-5bf0-4e81-b993-4a4b950d210f",
|
|
"indicator--5679542e-1db0-4adf-a8d2-42d5950d210f",
|
|
"indicator--5679542e-bc1c-4991-81c4-45a0950d210f",
|
|
"indicator--5679542f-3d54-4f79-ba08-4d2e950d210f",
|
|
"indicator--5679542f-76c8-440d-afed-4867950d210f",
|
|
"indicator--5679542f-8c50-47c6-9dc2-40d6950d210f",
|
|
"indicator--56795430-ef00-4137-a446-4d66950d210f",
|
|
"indicator--56795430-44a4-4077-9724-4601950d210f",
|
|
"indicator--56795430-90e4-4b1a-88d0-4be1950d210f",
|
|
"indicator--56795430-5240-4877-b0f7-467d950d210f",
|
|
"indicator--56795431-a368-4c3b-970f-48ee950d210f",
|
|
"indicator--56795431-77fc-4b0d-8d0c-4265950d210f",
|
|
"indicator--56795431-c7fc-4092-8439-494c950d210f",
|
|
"indicator--56795431-d854-4440-b9a3-4899950d210f",
|
|
"indicator--56795432-7578-41bd-b09c-4949950d210f",
|
|
"indicator--56795432-2c98-4c0c-9296-418c950d210f",
|
|
"indicator--56795432-de98-487c-a01f-4848950d210f",
|
|
"indicator--56795432-7364-4b31-bdb2-4b66950d210f",
|
|
"indicator--56795433-bf7c-4679-9789-461d950d210f",
|
|
"indicator--56795433-5094-4f5f-9cf1-44ba950d210f",
|
|
"indicator--56795433-6368-42b6-80b9-403e950d210f",
|
|
"indicator--56795433-7ef0-461f-9a38-4738950d210f",
|
|
"indicator--56795434-4298-4be8-a7a6-4fd4950d210f",
|
|
"indicator--56795434-5160-461b-a106-471a950d210f",
|
|
"indicator--56795434-b0b8-4c78-b193-46f8950d210f",
|
|
"indicator--56795435-248c-4abd-8d0a-4d75950d210f",
|
|
"indicator--56795435-64d4-40bd-a731-4ba3950d210f",
|
|
"indicator--56795435-90c0-436b-858c-4de6950d210f",
|
|
"indicator--56795436-d4ac-4184-87f5-4de5950d210f",
|
|
"indicator--56795436-a668-4fcf-a81c-48c7950d210f",
|
|
"indicator--56795436-ea0c-4e6a-8239-4fa1950d210f",
|
|
"indicator--56795436-13e8-452d-a7e2-4c4b950d210f",
|
|
"indicator--56795437-7da0-488e-b0b3-47aa950d210f",
|
|
"indicator--56795437-80a4-4e42-bf63-4ba1950d210f",
|
|
"indicator--56795437-4ce8-406c-ad7f-4223950d210f",
|
|
"indicator--56795438-67b0-4ed2-a5ab-470e950d210f",
|
|
"indicator--56795438-094c-4e8f-96d8-4327950d210f",
|
|
"indicator--56795438-fc80-4838-aae5-4687950d210f",
|
|
"indicator--56795438-a4f0-489e-afa1-496c950d210f",
|
|
"indicator--56795439-df84-4522-866a-4e8d950d210f",
|
|
"indicator--56795439-c7dc-4178-b4eb-47f0950d210f",
|
|
"indicator--56795439-82b0-4708-87fb-486d950d210f",
|
|
"indicator--5679543a-0244-4ec0-8726-43a1950d210f",
|
|
"indicator--5679543a-5bc0-4060-9fba-4ad7950d210f",
|
|
"indicator--5679543a-ea54-42bf-8d58-43f3950d210f",
|
|
"indicator--5679543a-44fc-4f86-a644-4949950d210f",
|
|
"indicator--5679543b-4164-4ab9-85bc-4e96950d210f",
|
|
"indicator--5679543b-8eac-4a41-a5e3-40a6950d210f",
|
|
"indicator--5679543b-3ab8-4342-8b25-4243950d210f",
|
|
"indicator--5679543c-3984-4960-9970-4b0d950d210f",
|
|
"indicator--5679543c-5578-4581-9412-42d8950d210f",
|
|
"indicator--5679543c-78c4-46e0-a1ab-4edf950d210f",
|
|
"indicator--5679543c-7894-4f32-8bba-47a9950d210f",
|
|
"indicator--5679543d-f0b0-458e-a25c-4599950d210f",
|
|
"indicator--5679543d-a12c-4db7-bdb8-4959950d210f",
|
|
"indicator--5679543d-8844-41d2-8580-43af950d210f",
|
|
"indicator--5679543e-0af4-4780-8105-4120950d210f",
|
|
"indicator--5679543e-3018-46f2-a51c-4876950d210f",
|
|
"indicator--5679543e-fb00-4306-8828-4e64950d210f",
|
|
"indicator--5679543f-198c-4b50-870b-4d99950d210f",
|
|
"indicator--5679543f-a5b4-4877-80e8-47c5950d210f",
|
|
"indicator--5679543f-6c50-42b1-89b1-4dfd950d210f",
|
|
"indicator--5679543f-ca88-4102-9458-4e0c950d210f",
|
|
"indicator--56795440-1168-4b92-9083-449b950d210f",
|
|
"indicator--56795440-ab74-42c4-bc61-450d950d210f",
|
|
"indicator--56795440-ded8-4370-b722-4efb950d210f",
|
|
"indicator--56795441-b40c-4dff-8c60-4ab9950d210f",
|
|
"indicator--56795441-5e34-4f5e-bd79-4ca7950d210f",
|
|
"indicator--56795441-207c-40fd-b781-41fb950d210f",
|
|
"indicator--56795441-ecbc-4827-a494-4742950d210f",
|
|
"indicator--56795442-f344-47e0-a978-4991950d210f",
|
|
"indicator--56795442-858c-4ecb-9de8-495e950d210f",
|
|
"indicator--56795442-5c64-4444-9fa1-4a11950d210f",
|
|
"indicator--56795443-c0dc-4e1e-a2a0-4a94950d210f",
|
|
"indicator--56795443-d268-4c3e-8986-4ce3950d210f",
|
|
"indicator--56795443-8d44-4896-926b-49cc950d210f",
|
|
"indicator--56795444-dd78-4123-8c4a-49d6950d210f",
|
|
"indicator--56795444-4e4c-462a-9cf9-48e1950d210f",
|
|
"indicator--56795444-c480-4cc6-bde5-4722950d210f",
|
|
"indicator--56795444-1428-477a-a222-4e76950d210f",
|
|
"indicator--56795445-bc90-40b5-a8f1-4cfb950d210f",
|
|
"indicator--56795445-7048-4c03-81b0-44dc950d210f",
|
|
"indicator--56795445-89ec-4e5c-a528-4c5a950d210f",
|
|
"indicator--56795446-bcec-4697-aa94-4e0d950d210f",
|
|
"indicator--56795446-1ed0-414f-9a23-4868950d210f",
|
|
"indicator--56795446-e1f8-4226-a4ee-4f56950d210f",
|
|
"indicator--56795447-c494-4de8-b3d2-47ee950d210f",
|
|
"indicator--56795447-4254-49aa-9cf0-4bb4950d210f",
|
|
"indicator--56795447-935c-4062-b3e5-4528950d210f",
|
|
"indicator--56795447-4704-475c-926c-4e03950d210f",
|
|
"indicator--56795448-b8b4-46b1-8134-4c24950d210f",
|
|
"indicator--56795448-0f84-4f58-95ae-45a8950d210f",
|
|
"indicator--56795448-265c-406b-947e-4b3d950d210f",
|
|
"indicator--56795449-c4a0-4cce-aef5-4b87950d210f",
|
|
"indicator--56795449-5514-4806-ba00-47b6950d210f",
|
|
"indicator--56795449-91fc-40f8-8e61-49a6950d210f",
|
|
"indicator--56795449-c654-4702-8d4f-4947950d210f",
|
|
"indicator--5679544a-5b14-421e-a28c-4466950d210f",
|
|
"indicator--5679544a-0088-4bad-af72-427a950d210f",
|
|
"indicator--5679544a-fa34-4c04-9095-4868950d210f",
|
|
"indicator--5679544b-9980-44f6-981a-4094950d210f",
|
|
"indicator--5679544b-2748-44cf-9999-4c88950d210f",
|
|
"indicator--5679544b-03e0-4f51-a90e-4422950d210f",
|
|
"indicator--5679544b-2284-41f1-8ada-4cab950d210f",
|
|
"indicator--5679544c-98fc-4b20-bbdf-40d1950d210f",
|
|
"indicator--5679544c-0e18-407a-bcbd-4e91950d210f",
|
|
"indicator--5679544c-6bd8-4c30-ba60-4dc3950d210f",
|
|
"indicator--5679544d-688c-451e-85cc-4f2a950d210f",
|
|
"indicator--5679544d-c3a0-4866-9a76-40e1950d210f",
|
|
"indicator--5679544d-9d70-43f3-8898-4971950d210f",
|
|
"indicator--5679544e-5e48-4b2f-bb1d-4092950d210f",
|
|
"indicator--5679544e-1d54-445b-b20f-4457950d210f",
|
|
"indicator--5679544e-8910-43f9-98b1-4099950d210f",
|
|
"indicator--5679544e-f5e0-4397-ae5e-48e0950d210f",
|
|
"indicator--5679544f-9938-49cf-9d45-49c0950d210f",
|
|
"indicator--5679544f-6810-4da8-aaf4-44e1950d210f",
|
|
"indicator--5679544f-79f8-456f-b096-4f3b950d210f",
|
|
"indicator--56795450-bef4-4be2-9609-4f34950d210f",
|
|
"indicator--56795450-6b88-4be1-a5ca-4763950d210f",
|
|
"indicator--56795450-f8c4-434d-91bb-46d2950d210f",
|
|
"indicator--56795450-7188-4576-b8da-448f950d210f",
|
|
"indicator--56795451-dcf0-4e37-9b9a-4e50950d210f",
|
|
"indicator--56795451-5860-469f-bbc8-41db950d210f",
|
|
"indicator--56795451-e458-4267-ae70-4f05950d210f",
|
|
"indicator--56795452-49cc-4cbb-a926-4d91950d210f",
|
|
"indicator--56795452-307c-48eb-a668-43f9950d210f",
|
|
"indicator--56795452-3c18-44a6-af2a-4123950d210f",
|
|
"indicator--56795452-b2e8-4f40-bab6-4d28950d210f",
|
|
"indicator--56795453-a0c4-40aa-8c73-445e950d210f",
|
|
"indicator--56795453-ebf0-4288-abcf-48de950d210f",
|
|
"indicator--56795453-6410-4c33-a7d5-4c4b950d210f",
|
|
"indicator--56795454-9f78-4cd1-a51c-413b950d210f",
|
|
"indicator--56795454-0488-4e50-bcc7-4036950d210f",
|
|
"indicator--56795454-4460-48e8-8a3c-4650950d210f",
|
|
"indicator--56795455-0b34-4c68-b6a2-46e7950d210f",
|
|
"indicator--56795455-d3a8-456f-878f-45ab950d210f",
|
|
"indicator--56795455-acc4-4a3e-b3fa-4f4f950d210f",
|
|
"indicator--56795455-37a8-473f-8b8b-4574950d210f",
|
|
"indicator--56795456-4f44-4d33-a5db-4145950d210f",
|
|
"indicator--56795456-8340-4232-b717-42b7950d210f",
|
|
"indicator--56795456-56e4-4a76-bba1-41de950d210f",
|
|
"indicator--56795457-d434-4b89-b9a5-4bc2950d210f",
|
|
"indicator--56795457-60d0-4eae-83af-4f74950d210f",
|
|
"indicator--56795457-33a4-4feb-8ba7-4c7d950d210f",
|
|
"indicator--56795457-1684-4bec-a07a-4011950d210f",
|
|
"indicator--56795458-8434-4edd-9298-4b2e950d210f",
|
|
"indicator--56795458-7734-48b3-9ef7-4bab950d210f",
|
|
"indicator--56795458-c0fc-4c9d-9d91-479b950d210f",
|
|
"indicator--56795459-813c-4c4f-ba5e-483f950d210f",
|
|
"indicator--56795459-247c-4114-b80a-44ce950d210f",
|
|
"indicator--56795459-74bc-4f7a-826a-4114950d210f",
|
|
"indicator--5679545a-607c-40fc-8634-457b950d210f",
|
|
"indicator--5679545a-8e04-4269-950e-4d8f950d210f",
|
|
"indicator--5679545a-abd8-4968-8831-4e1d950d210f",
|
|
"indicator--5679545a-eaf0-4af6-8715-409f950d210f",
|
|
"indicator--5679545b-797c-4460-8878-4edd950d210f",
|
|
"indicator--5679545b-f68c-4762-b15e-4ddc950d210f",
|
|
"indicator--5679545b-2d8c-4902-ae48-4533950d210f",
|
|
"indicator--5679545c-95ec-4a88-ab6a-4839950d210f",
|
|
"indicator--5679545c-d7f8-48f0-836e-4647950d210f",
|
|
"indicator--5679545c-a320-4be9-8e54-4bc7950d210f",
|
|
"indicator--5679545c-495c-41b3-983e-493f950d210f",
|
|
"indicator--5679545d-64a8-4a86-b735-4362950d210f",
|
|
"indicator--5679545d-8090-4666-9313-4695950d210f",
|
|
"indicator--5679545d-7598-43eb-bc60-4767950d210f",
|
|
"indicator--5679545e-331c-4a9b-9b8a-40cb950d210f",
|
|
"indicator--5679545e-4904-4567-a55f-484c950d210f",
|
|
"indicator--5679545e-2d5c-4756-827a-4f06950d210f",
|
|
"indicator--5679545f-79cc-4225-a11c-4abf950d210f",
|
|
"indicator--5679545f-1efc-425c-b299-4103950d210f",
|
|
"indicator--5679545f-e9e8-4c0c-8b40-421e950d210f",
|
|
"indicator--5679545f-34cc-4629-bec7-4591950d210f",
|
|
"indicator--56795460-2f78-48a9-a2bf-46a7950d210f",
|
|
"indicator--56795460-7050-4fcc-bfcb-4693950d210f",
|
|
"indicator--56795460-5ab0-483a-94cf-4d07950d210f",
|
|
"indicator--56795461-d418-4ced-a7be-4971950d210f",
|
|
"indicator--56795461-8a10-4f2a-8074-4588950d210f",
|
|
"indicator--56795461-b95c-4208-a66c-45f8950d210f",
|
|
"indicator--56795461-2aec-4474-8806-4ac6950d210f",
|
|
"indicator--56795462-59bc-4f4c-b547-466b950d210f",
|
|
"indicator--56795462-b0bc-436a-8bf0-4260950d210f",
|
|
"indicator--56795462-9f1c-4633-9c4c-43d1950d210f",
|
|
"indicator--56795463-c62c-4b5b-86a9-460d950d210f",
|
|
"indicator--56795463-cad0-4c51-9b5d-4c61950d210f",
|
|
"indicator--56795463-9cac-4dc6-b4fb-43d6950d210f",
|
|
"indicator--56795464-4308-40a6-bdd1-4aa6950d210f",
|
|
"indicator--56795464-4750-4068-aa0f-4cf3950d210f",
|
|
"indicator--56795464-35b8-4f85-b7ad-4723950d210f",
|
|
"indicator--56795464-52e4-4b0d-a2f2-4e5a950d210f",
|
|
"indicator--56795465-d24c-4cf6-97b2-4b3e950d210f",
|
|
"indicator--56795465-fedc-43b5-aaca-42ec950d210f",
|
|
"indicator--56795465-2d34-436a-a349-46eb950d210f",
|
|
"indicator--56795466-60f0-4c82-b6aa-4c30950d210f",
|
|
"indicator--56795466-3b78-451e-af0d-42b6950d210f",
|
|
"indicator--56795466-f238-4d95-84ac-4694950d210f",
|
|
"indicator--56795466-f474-49c4-8880-4083950d210f",
|
|
"indicator--56795467-dfc8-43e2-a3a9-4ec4950d210f",
|
|
"indicator--56795467-7af0-4862-9595-4325950d210f",
|
|
"indicator--56795467-d730-40a4-9c2e-42b8950d210f",
|
|
"indicator--56795468-2808-4deb-97b3-4dd0950d210f",
|
|
"indicator--56795468-60e4-4bb2-af09-40cc950d210f",
|
|
"indicator--56795468-ce80-4168-9665-4773950d210f",
|
|
"indicator--56795468-8df8-45f2-acfd-44fe950d210f",
|
|
"indicator--56795469-77f8-4de2-a386-4a53950d210f",
|
|
"indicator--56795469-3d38-4f46-b9c8-46d2950d210f",
|
|
"indicator--56795469-1bcc-4086-8023-463b950d210f",
|
|
"indicator--5679546a-8e9c-4530-947c-4cbb950d210f",
|
|
"indicator--5679546a-e524-427a-b5e7-4726950d210f",
|
|
"indicator--5679546a-74ac-454d-9586-4944950d210f",
|
|
"indicator--5679546a-c1c4-4753-bb87-4811950d210f",
|
|
"indicator--5679546b-a774-4ef1-ac87-4999950d210f",
|
|
"indicator--5679546b-d2d8-41dd-a33d-4a4f950d210f",
|
|
"indicator--5679546b-1ef4-4f6c-89d5-4b87950d210f",
|
|
"indicator--5679546c-6100-450d-a3a4-4eb9950d210f",
|
|
"indicator--5679546c-acbc-49a8-ac29-4da9950d210f",
|
|
"indicator--5679546c-7398-4e7a-b552-42a5950d210f",
|
|
"indicator--5679546d-48e0-41fa-bef8-480e950d210f",
|
|
"indicator--5679546d-db54-484b-8062-45c8950d210f",
|
|
"indicator--5679546d-6138-4183-b735-40c8950d210f",
|
|
"indicator--5679546d-d714-42d2-bfbb-490f950d210f",
|
|
"indicator--5679546e-da60-4f16-9c46-4dc9950d210f",
|
|
"indicator--5679546e-56c8-4c54-a1e5-4ad3950d210f",
|
|
"indicator--5679546e-7ff0-4aa1-be89-4e61950d210f",
|
|
"indicator--5679546f-007c-49e2-8514-4479950d210f",
|
|
"indicator--5679546f-3ba8-43a2-a181-4769950d210f",
|
|
"indicator--5679546f-eca4-47de-8df5-4482950d210f",
|
|
"indicator--5679546f-0f30-4b5d-9705-4bae950d210f",
|
|
"indicator--56795470-dc28-426b-b838-4ada950d210f",
|
|
"indicator--56795470-38f0-4cf7-8f35-47f6950d210f",
|
|
"indicator--56795470-aef0-48e0-bf01-4640950d210f",
|
|
"indicator--56795471-ab40-49b7-87d8-4674950d210f",
|
|
"indicator--56795471-8d34-4cc8-ac2d-469e950d210f",
|
|
"indicator--56795471-c8c0-47b1-8a4f-4855950d210f",
|
|
"indicator--56795472-ff84-41d7-9498-4fc9950d210f",
|
|
"indicator--56795472-be48-4462-94fd-4572950d210f",
|
|
"indicator--56795472-ad18-4a59-b257-4af4950d210f",
|
|
"indicator--56795472-9620-4e2a-bbf1-4f8e950d210f",
|
|
"indicator--56795473-aee8-42eb-9cb6-45ca950d210f",
|
|
"indicator--56795473-a7b8-4f14-a361-450e950d210f",
|
|
"indicator--56795473-6a64-454e-8200-4365950d210f",
|
|
"indicator--56795474-73b0-4065-ad35-43e8950d210f",
|
|
"indicator--56795474-6568-4d22-9a7b-4e71950d210f",
|
|
"indicator--56795474-f794-4269-9bd1-479e950d210f",
|
|
"indicator--56795474-e938-4e40-932a-40d5950d210f",
|
|
"indicator--56795475-e9e0-438c-9479-4a85950d210f",
|
|
"indicator--56795475-daa4-4108-bd26-4fc8950d210f",
|
|
"indicator--56795475-3310-418f-a6a8-4531950d210f",
|
|
"indicator--56795476-49e4-4795-9294-4247950d210f",
|
|
"indicator--56795476-b090-42b9-955a-45ff950d210f",
|
|
"indicator--56795476-e874-4fea-a1f2-40c7950d210f",
|
|
"indicator--56795477-1998-440d-99cc-418c950d210f",
|
|
"indicator--56795477-f4a8-4ac8-aeec-4cae950d210f",
|
|
"indicator--56795477-7d4c-44a6-b453-43bb950d210f",
|
|
"indicator--56795477-2998-477d-a58c-4592950d210f",
|
|
"indicator--56795478-3720-4601-a37c-4e62950d210f",
|
|
"indicator--56795478-a7cc-437f-9e16-45f0950d210f",
|
|
"indicator--56795478-ad70-41c0-a02e-409b950d210f",
|
|
"indicator--56795479-a310-4f88-87d6-4dfd950d210f",
|
|
"indicator--56795479-ee7c-42a3-a756-4d17950d210f",
|
|
"indicator--56795479-dcc0-47ad-ab40-4c78950d210f",
|
|
"indicator--56795479-8bec-4fd0-8b5c-4171950d210f",
|
|
"indicator--5679547a-df04-450d-89b9-45c7950d210f",
|
|
"indicator--5679547a-1a08-4626-9f9f-4b0d950d210f",
|
|
"indicator--5679547a-cc58-4836-97e3-4f22950d210f",
|
|
"indicator--5679547b-cac8-4773-b34d-4aaf950d210f",
|
|
"indicator--5679547b-afb0-4c9a-bb83-49c2950d210f",
|
|
"indicator--5679547b-a384-437e-97a4-44e9950d210f",
|
|
"indicator--5679547c-c160-4259-aaf8-40a3950d210f",
|
|
"indicator--5679547c-6708-4df0-a043-4f41950d210f",
|
|
"indicator--5679547c-52e8-47dd-b2d1-44d2950d210f",
|
|
"indicator--5679547c-1b54-47d3-b2d8-4c94950d210f",
|
|
"indicator--5679547d-3e68-4d8b-b101-4342950d210f",
|
|
"indicator--5679547d-2340-4e81-8293-4d41950d210f",
|
|
"indicator--5679547d-7270-4275-9d45-4b1b950d210f",
|
|
"indicator--5679547e-3dcc-4b88-bbf3-4ef5950d210f",
|
|
"indicator--5679547e-c498-474f-8898-42f0950d210f",
|
|
"indicator--5679547e-dad0-432a-9756-41a9950d210f",
|
|
"indicator--5679547e-214c-4b31-9e1d-455e950d210f",
|
|
"indicator--5679547f-e28c-4253-9a37-4890950d210f",
|
|
"indicator--5679547f-7bd8-4171-ac38-4fd5950d210f",
|
|
"indicator--5679547f-9190-4100-9361-44dd950d210f",
|
|
"indicator--56795480-51ac-4e3c-99ba-4258950d210f",
|
|
"indicator--56795480-b894-41e8-bc92-460e950d210f",
|
|
"indicator--56795480-0508-41af-8d8f-4ea1950d210f",
|
|
"indicator--56795481-afac-4694-abfe-4e54950d210f",
|
|
"indicator--56795481-2a9c-4635-9776-467a950d210f",
|
|
"indicator--56795481-09b8-4c6d-a8f6-49ca950d210f",
|
|
"indicator--56795481-f124-4e94-80cf-4ea7950d210f",
|
|
"indicator--56795482-b6c0-40bb-b8b2-4ed8950d210f",
|
|
"indicator--56795482-6348-4352-b62c-49a6950d210f",
|
|
"indicator--56795482-a36c-4d62-b31f-424d950d210f",
|
|
"indicator--56795483-06f4-4d08-815a-4614950d210f",
|
|
"indicator--56795483-15b8-45cb-9c7a-4104950d210f",
|
|
"indicator--56795483-9930-45d6-ab12-41b2950d210f",
|
|
"indicator--56795483-8c38-4ac0-86bc-4a5d950d210f",
|
|
"indicator--56795484-9cf0-48ba-ba6f-423d950d210f",
|
|
"indicator--56795484-cf78-4943-bf36-4eb6950d210f",
|
|
"indicator--56795484-bacc-4c6a-a4e8-435b950d210f",
|
|
"indicator--56795485-7f50-4ce0-8495-4721950d210f",
|
|
"indicator--56795485-9db8-4426-86a7-4779950d210f",
|
|
"indicator--56795485-b680-42d4-ab32-4c72950d210f",
|
|
"indicator--56795486-2858-49f9-9e87-4946950d210f",
|
|
"indicator--56795486-90d4-4d33-a75b-41e2950d210f",
|
|
"indicator--56795486-9968-48d5-9e2c-40f0950d210f",
|
|
"indicator--56795486-b6bc-426f-ad4e-45a4950d210f",
|
|
"indicator--56795487-f2e4-4851-a5e5-4093950d210f",
|
|
"indicator--56795487-1640-4484-b880-41c6950d210f",
|
|
"indicator--56795487-4bb0-4bb4-8d34-4f49950d210f",
|
|
"indicator--56795487-d190-463d-ac22-4763950d210f",
|
|
"indicator--56795488-0788-43ce-983c-40d1950d210f",
|
|
"indicator--56795488-f364-4847-b177-40c6950d210f",
|
|
"indicator--56795488-a350-494b-be1a-467a950d210f",
|
|
"indicator--56795489-9da0-4228-8c42-4236950d210f",
|
|
"indicator--56795489-cbe4-4799-b15e-46b3950d210f",
|
|
"indicator--56795489-de78-449f-baa6-4dc9950d210f",
|
|
"indicator--56795489-f5f0-4f5e-9771-45a1950d210f",
|
|
"indicator--5679548a-e2dc-4e14-a6ad-420f950d210f",
|
|
"indicator--5679548a-d6d4-4bce-be88-4f50950d210f",
|
|
"indicator--5679548a-3af4-464b-a766-4596950d210f",
|
|
"indicator--5679548b-6c18-4a37-9c41-4cf7950d210f",
|
|
"indicator--5679548b-e224-4282-89f3-4490950d210f",
|
|
"indicator--5679548b-ba94-4738-945d-4394950d210f",
|
|
"indicator--5679548c-ec78-4cd3-a752-454f950d210f",
|
|
"indicator--5679548c-e410-4aec-884c-4750950d210f",
|
|
"indicator--5679548c-4de8-403f-aa5a-4fc9950d210f",
|
|
"indicator--5679548c-4038-4b37-af86-4912950d210f",
|
|
"indicator--5679548d-56e8-48a5-9643-4e95950d210f",
|
|
"indicator--5679548d-f034-43e6-80b5-4140950d210f",
|
|
"indicator--5679548d-6b74-4702-83e5-4590950d210f",
|
|
"indicator--5679548e-e310-40e2-a853-402b950d210f",
|
|
"indicator--5679548e-c6d4-401e-99b4-4b22950d210f",
|
|
"indicator--5679548e-0d98-43a9-8bf1-415a950d210f",
|
|
"indicator--5679548e-58ec-4cad-a192-48ad950d210f",
|
|
"indicator--5679548f-a350-4312-b619-41d3950d210f",
|
|
"indicator--5679548f-5184-46ff-b9d9-4d06950d210f",
|
|
"indicator--5679548f-7de0-48c3-a12c-4ab6950d210f",
|
|
"indicator--56795490-fee8-4a35-98f0-48b8950d210f",
|
|
"indicator--56795490-f658-4d5a-b886-4888950d210f",
|
|
"indicator--56795490-f858-411a-a598-4b03950d210f",
|
|
"indicator--56795490-69a0-4160-ac10-4b69950d210f",
|
|
"indicator--56795491-240c-42e9-993e-4d8f950d210f",
|
|
"indicator--56795491-e26c-44ab-8756-4abb950d210f",
|
|
"indicator--56795491-39a8-4a78-b41c-4c61950d210f",
|
|
"indicator--56795492-ba50-4675-91c4-4211950d210f",
|
|
"indicator--56795492-9184-4ac6-97e5-4079950d210f",
|
|
"indicator--56795492-a49c-470e-a970-47fb950d210f",
|
|
"indicator--56795493-9998-4b55-b865-4c84950d210f",
|
|
"indicator--56795493-dde4-4673-aaac-4535950d210f",
|
|
"indicator--56795493-d444-46bd-97e2-4f76950d210f",
|
|
"indicator--56795493-e7e8-4306-8993-4234950d210f",
|
|
"indicator--56795494-22a8-48ee-b897-41a9950d210f",
|
|
"indicator--56795494-1d78-4451-929f-4cd8950d210f",
|
|
"indicator--56795494-bac8-4c1d-9439-47e0950d210f",
|
|
"indicator--56795495-182c-4592-b01e-48f7950d210f",
|
|
"indicator--56795495-c7d8-438e-92b3-4063950d210f",
|
|
"indicator--56795495-3050-4d32-bfb6-4cd3950d210f",
|
|
"indicator--56795496-17a4-4231-b4de-441e950d210f",
|
|
"indicator--56795496-49a4-4184-9224-4735950d210f",
|
|
"indicator--56795496-6dc8-49d8-b12c-49f3950d210f",
|
|
"indicator--56795496-ed50-4d7d-a169-4ad9950d210f",
|
|
"indicator--56795497-61a4-4136-ad17-463d950d210f",
|
|
"indicator--56795497-d76c-4fe5-8561-41ae950d210f",
|
|
"indicator--56795497-9128-4f06-b0dc-4c15950d210f",
|
|
"indicator--56795498-6240-4703-9a59-4a0b950d210f",
|
|
"indicator--56795498-22ec-474b-b112-42c5950d210f",
|
|
"indicator--56795498-980c-49a0-8f48-42f3950d210f",
|
|
"indicator--56795498-c090-46bc-ba89-41e3950d210f",
|
|
"indicator--56795499-9638-471b-86dd-44ae950d210f",
|
|
"indicator--56795499-8b78-4fe6-8065-4d33950d210f",
|
|
"indicator--56795499-b078-4f48-862e-4666950d210f",
|
|
"indicator--5679549a-86d0-4928-a400-4b83950d210f",
|
|
"indicator--5679549a-3834-468c-86a0-4adb950d210f",
|
|
"indicator--5679549a-f670-4bff-85ad-4c70950d210f",
|
|
"indicator--5679549b-0c58-4c67-8525-4aa3950d210f",
|
|
"indicator--5679549b-a888-4bcc-a972-41fe950d210f",
|
|
"indicator--5679549b-49e4-49a7-803f-4ae9950d210f",
|
|
"indicator--5679549b-0684-4fa2-ad47-49ca950d210f",
|
|
"indicator--5679549c-d21c-4259-a670-4e95950d210f",
|
|
"indicator--5679549c-17ac-4e1a-8b79-46c8950d210f",
|
|
"indicator--5679549c-38bc-4346-824b-4790950d210f",
|
|
"indicator--5679549d-df78-4304-9b79-491c950d210f",
|
|
"indicator--5679549d-10b8-45b2-845d-46b6950d210f",
|
|
"indicator--5679549d-a1e4-4a09-95b3-406d950d210f",
|
|
"indicator--5679549d-747c-473a-8630-4636950d210f",
|
|
"indicator--5679549e-42e8-4823-8ecc-4d52950d210f",
|
|
"indicator--5679549e-722c-48f2-bb6b-4520950d210f",
|
|
"indicator--5679549e-2d78-4f99-8c90-466f950d210f",
|
|
"indicator--5679549f-e004-4a82-95dd-4b48950d210f",
|
|
"indicator--5679549f-6688-4fe0-8bc1-4c22950d210f",
|
|
"indicator--5679549f-cb1c-41e9-87d1-4ea1950d210f",
|
|
"indicator--567954a0-6500-4beb-91a1-4fde950d210f",
|
|
"indicator--567954a0-b438-4fb4-a868-4d32950d210f",
|
|
"indicator--567954a0-d174-4741-9130-47ca950d210f",
|
|
"indicator--567954a0-16f0-490f-8ab9-477d950d210f",
|
|
"indicator--567954a1-23c8-48e9-aefb-4376950d210f",
|
|
"indicator--567954a1-bf18-4383-ad78-411b950d210f",
|
|
"indicator--567954a1-40fc-40f0-87c8-4502950d210f",
|
|
"indicator--567954a1-2ca8-450b-a6bb-408e950d210f",
|
|
"indicator--567954a2-9590-43ca-94d4-4f49950d210f",
|
|
"indicator--567954a2-5c6c-4446-a3fe-41d7950d210f",
|
|
"indicator--567954a2-a058-400f-9753-4951950d210f",
|
|
"indicator--567954a3-4754-4f48-bcba-4caf950d210f",
|
|
"indicator--567954a3-0018-4020-8e19-4deb950d210f",
|
|
"indicator--567954a3-5500-424c-a461-45ca950d210f",
|
|
"indicator--567954a3-3d78-4bfc-b80f-4240950d210f",
|
|
"indicator--567954a4-ea8c-438d-bf10-4e2e950d210f",
|
|
"indicator--567954a4-db74-4b8d-99a9-4a64950d210f",
|
|
"indicator--567954a4-9aa8-4144-b7df-4cc6950d210f",
|
|
"indicator--567954a5-19e4-41d4-b018-4aec950d210f",
|
|
"indicator--567954a5-1340-47a8-be77-495d950d210f",
|
|
"indicator--567954a5-ed20-46b0-8b88-47d6950d210f",
|
|
"indicator--567954a5-7940-4678-bf54-4450950d210f",
|
|
"indicator--567954a6-f2e0-4b54-8709-4988950d210f",
|
|
"indicator--567954a6-8614-47f1-98ad-41e2950d210f",
|
|
"indicator--567954a6-ed7c-4bcb-8399-4314950d210f",
|
|
"indicator--567954a7-7870-4015-9ca6-4594950d210f",
|
|
"indicator--567954a7-bbf4-4480-8aba-47ee950d210f",
|
|
"indicator--567954a7-f79c-455b-9183-4397950d210f",
|
|
"indicator--567954a8-70d4-4156-86ba-41a5950d210f",
|
|
"indicator--567954a8-67bc-4af2-8f5c-417e950d210f",
|
|
"indicator--567954a8-d380-44c9-884c-4a70950d210f",
|
|
"indicator--567954a8-bde8-4e57-a143-4ab2950d210f",
|
|
"indicator--567954a9-673c-4d82-a275-4f39950d210f",
|
|
"indicator--567954a9-e528-400a-9bf6-4a42950d210f",
|
|
"indicator--567954a9-d644-4ff7-bcc9-422f950d210f",
|
|
"indicator--567954aa-e414-4034-b084-4341950d210f",
|
|
"indicator--567954aa-a064-4196-aa73-4af8950d210f",
|
|
"indicator--567954aa-9924-41ab-8339-400e950d210f",
|
|
"indicator--567954aa-3b94-4b03-aa28-4b53950d210f",
|
|
"indicator--567954ab-4ed4-44c8-9cb8-4773950d210f",
|
|
"indicator--567954ab-dce8-44eb-b203-43a6950d210f",
|
|
"indicator--567954ab-cdb8-4f41-8f8f-41ae950d210f",
|
|
"indicator--567954ac-993c-4a73-b6f7-40b8950d210f",
|
|
"indicator--567954ac-6590-49ec-b2e6-4dbb950d210f",
|
|
"indicator--567954ac-eb98-4c3a-9978-426e950d210f",
|
|
"indicator--567954ad-4b54-4e99-a350-4f92950d210f",
|
|
"indicator--567954ad-462c-44d0-87d8-4e3d950d210f",
|
|
"indicator--567954ad-d594-425b-b71b-47fb950d210f",
|
|
"indicator--567954ad-4aa8-4cf0-be48-402a950d210f",
|
|
"indicator--567954ae-c21c-4a6f-96e6-44cc950d210f",
|
|
"indicator--567954ae-61d0-4ee5-8631-4129950d210f",
|
|
"indicator--567954ae-5854-480b-8e81-4e7f950d210f",
|
|
"indicator--567954af-8bec-42b4-9786-4298950d210f",
|
|
"indicator--567954af-24bc-4697-a512-425d950d210f",
|
|
"indicator--567954af-1fb0-4cc5-b6ca-4d20950d210f",
|
|
"indicator--567954b0-3ca0-41cd-844a-402e950d210f",
|
|
"indicator--567954b0-ad50-465b-b098-4278950d210f",
|
|
"indicator--567954b0-1df4-4df6-9d28-47bc950d210f",
|
|
"indicator--567954b0-4f50-440e-9e4b-4b19950d210f",
|
|
"indicator--567954b1-6d80-4a26-8025-4e2f950d210f",
|
|
"indicator--567954b1-4780-45fb-a078-4e90950d210f",
|
|
"indicator--567954b1-b038-464b-9fc6-4c42950d210f",
|
|
"indicator--567954b2-f0c0-468e-9282-44d5950d210f",
|
|
"indicator--567954b2-e67c-46e7-aca8-4d9b950d210f",
|
|
"indicator--567954b2-9b0c-40fc-a191-4d5b950d210f",
|
|
"indicator--567954b2-0e80-4985-ba31-44a6950d210f",
|
|
"indicator--567954b3-4368-4614-be59-4999950d210f",
|
|
"indicator--567954b3-ffdc-4d12-af53-4ed8950d210f",
|
|
"indicator--567954b3-c7cc-4165-b90f-4439950d210f",
|
|
"indicator--567954b4-ba28-4ea5-a2d4-4dec950d210f",
|
|
"indicator--567954b4-cd78-427f-9dca-4e7e950d210f",
|
|
"indicator--567954b4-f930-452b-9356-40b3950d210f",
|
|
"indicator--567954b5-6698-4c22-99a6-4638950d210f",
|
|
"indicator--567954b5-4d58-42bc-a7c3-427d950d210f",
|
|
"indicator--567954b5-f27c-4bf7-9d84-422a950d210f",
|
|
"indicator--567954b5-1284-45c2-bcff-4054950d210f",
|
|
"indicator--567954b6-1440-4a2f-ac98-4aa8950d210f",
|
|
"indicator--567954b6-cd10-48e4-9c50-4db2950d210f",
|
|
"indicator--567954b6-3588-4aa5-a1d9-491e950d210f",
|
|
"indicator--567954b7-80c8-4e78-ad0c-4949950d210f",
|
|
"indicator--567954b7-2a94-4ab7-8b83-43c6950d210f",
|
|
"indicator--567954b7-e3b4-40d2-b4c6-45c6950d210f",
|
|
"indicator--567954b7-6858-46c0-8243-4fe7950d210f",
|
|
"indicator--567954b8-b544-4295-9eb0-48bc950d210f",
|
|
"indicator--567954b8-0240-4fd8-b9f5-4e14950d210f",
|
|
"indicator--567954b8-152c-4344-84c2-4cb8950d210f",
|
|
"indicator--567954b9-2864-4dae-ba40-41c7950d210f",
|
|
"indicator--567954b9-a378-4210-ad2a-47e2950d210f",
|
|
"indicator--567954b9-f588-4575-9b8f-4faa950d210f",
|
|
"indicator--567954b9-b5b0-4c8f-8963-408d950d210f",
|
|
"indicator--567954ba-e844-4a7d-a64b-494a950d210f",
|
|
"indicator--567954ba-7d20-48a1-9913-4040950d210f",
|
|
"indicator--567954ba-565c-40b9-ab28-4f68950d210f",
|
|
"indicator--567954bb-f36c-49ff-b9cc-4874950d210f",
|
|
"indicator--567954bb-25d8-4292-85a3-4b58950d210f",
|
|
"indicator--567954bb-aa7c-4283-aff3-43ee950d210f",
|
|
"indicator--567954bb-36b8-4eb0-b991-4cfb950d210f",
|
|
"indicator--567954bc-b11c-4b78-8af6-40c3950d210f",
|
|
"indicator--567954bc-a740-424d-b6a7-40e3950d210f",
|
|
"indicator--567954bc-4ae4-45f7-9214-462f950d210f",
|
|
"indicator--567954bd-0370-444d-b343-43b9950d210f",
|
|
"indicator--567954bd-8fdc-4b57-94c2-4c11950d210f",
|
|
"indicator--567954bd-3f6c-405d-8778-48ad950d210f",
|
|
"indicator--567954be-2620-4aa1-85b9-4d53950d210f",
|
|
"indicator--567954be-6268-422a-92aa-469c950d210f",
|
|
"indicator--567954be-9aa8-4693-b137-4a4a950d210f",
|
|
"indicator--567954be-c68c-40d5-a26c-4115950d210f",
|
|
"indicator--567954bf-1c50-48df-819d-4cb6950d210f",
|
|
"indicator--567954bf-7298-47f4-989b-4562950d210f",
|
|
"indicator--567954bf-a208-476d-80e0-4cde950d210f",
|
|
"indicator--567954c0-4564-4b1a-8ded-47e6950d210f",
|
|
"indicator--567954c0-c398-4f0c-bdc0-47fb950d210f",
|
|
"indicator--567954c0-76a4-43ef-8c9d-40bf950d210f",
|
|
"indicator--567954c1-b94c-4a56-ad36-49e2950d210f",
|
|
"indicator--567954c1-0e58-49f6-a53d-4b3d950d210f",
|
|
"indicator--567954c1-db74-407f-91ec-4d22950d210f",
|
|
"indicator--567954c1-e75c-4bab-aba3-42b9950d210f",
|
|
"indicator--567954c2-283c-4aa2-8960-4a88950d210f",
|
|
"indicator--567954c2-1714-435e-9c08-43b2950d210f",
|
|
"indicator--567954c2-eea4-457b-9710-418d950d210f",
|
|
"indicator--567954c3-b500-4ee3-86ff-4c14950d210f",
|
|
"indicator--567954c3-ce30-4b9b-89a1-4aca950d210f",
|
|
"indicator--567954c3-b3c8-4cb4-8f4f-47e7950d210f",
|
|
"indicator--567954c3-9788-40a7-ae50-4984950d210f",
|
|
"indicator--567954c4-10b0-4231-b345-430e950d210f",
|
|
"indicator--567954c4-46ec-4e37-9377-4e71950d210f",
|
|
"indicator--567954c4-c5f0-4a9c-b185-45e1950d210f",
|
|
"indicator--567954c4-2b50-457f-a1ea-44a1950d210f",
|
|
"indicator--567954c4-2414-4f8a-9d1f-4323950d210f",
|
|
"indicator--567954c5-8d8c-4c61-a282-44e8950d210f",
|
|
"indicator--567954c5-ecd4-46c0-93ba-450b950d210f",
|
|
"indicator--567954c5-4c30-4640-a92a-43ab950d210f",
|
|
"indicator--567954c5-831c-4300-89be-4e54950d210f",
|
|
"indicator--567954c6-be8c-468e-8e13-4dcf950d210f",
|
|
"indicator--567954c6-0c78-410c-8826-492c950d210f",
|
|
"indicator--567954c6-1a0c-456a-8f05-4233950d210f",
|
|
"indicator--567954c6-8538-4df0-92cd-4260950d210f",
|
|
"indicator--567954c7-e760-439b-9ebc-4a8f950d210f",
|
|
"indicator--567954c7-7a34-4b79-a516-457d950d210f",
|
|
"indicator--567954c7-7d1c-4839-8b6f-4c96950d210f",
|
|
"indicator--567954c7-31e8-47ac-a734-47d7950d210f",
|
|
"indicator--567954c7-cf0c-4566-a7c3-4efb950d210f",
|
|
"indicator--567954c8-a89c-45f2-a061-477e950d210f",
|
|
"indicator--567954c8-3324-4918-9414-4c0d950d210f",
|
|
"indicator--567954c8-0528-4840-b685-4364950d210f",
|
|
"indicator--567954c8-abac-4262-a373-4e9a950d210f",
|
|
"indicator--567954c9-4334-4c1d-bcff-4ed1950d210f",
|
|
"indicator--567954c9-13dc-4dac-b29e-4ad3950d210f",
|
|
"indicator--567954c9-28d0-404c-a25e-400c950d210f",
|
|
"indicator--567954ca-8288-4377-820e-461b950d210f",
|
|
"indicator--567954ca-fbe8-4c27-b376-49aa950d210f",
|
|
"indicator--567954ca-ba08-4bbd-9e69-4e36950d210f",
|
|
"indicator--567954ca-37a4-4b27-beba-4d25950d210f",
|
|
"indicator--567954cb-e7e0-4f06-a6ca-4a4d950d210f",
|
|
"indicator--567954cb-24a0-4814-86de-48b5950d210f",
|
|
"indicator--567954cb-730c-4390-8ae2-4cf2950d210f",
|
|
"indicator--567954cc-26c4-49a6-862d-43e6950d210f",
|
|
"indicator--567954cc-a7ac-45f7-9583-4233950d210f",
|
|
"indicator--567954cc-5aa0-4118-99b9-4243950d210f",
|
|
"indicator--567954cd-49f8-472b-a62c-4edd950d210f",
|
|
"indicator--567954cd-8450-4220-a689-46fa950d210f",
|
|
"indicator--567954cd-b82c-4c43-87c2-468d950d210f",
|
|
"indicator--567954cd-a914-44fe-baf8-4d21950d210f",
|
|
"indicator--567954ce-9bb0-422b-b71e-4dd6950d210f",
|
|
"indicator--567954ce-ab88-4e1e-b046-448a950d210f",
|
|
"indicator--567954ce-6d48-430f-b5ad-4d05950d210f",
|
|
"indicator--567954cf-20dc-4844-94e0-4fd6950d210f",
|
|
"indicator--567954cf-a000-408b-ae8a-4259950d210f",
|
|
"indicator--567954cf-6874-4988-9c4d-4827950d210f",
|
|
"indicator--567954d0-8cfc-44b7-ba08-414b950d210f",
|
|
"indicator--567954d0-6124-455e-b61e-4532950d210f",
|
|
"indicator--567954d0-216c-49d1-bd20-49a4950d210f",
|
|
"indicator--567954d0-f508-439e-b521-49c1950d210f",
|
|
"indicator--567954d1-9934-4cf1-bc88-4485950d210f",
|
|
"indicator--567954d1-2c38-405d-9e9a-4497950d210f",
|
|
"indicator--567954d1-7b58-413f-b31a-4447950d210f",
|
|
"indicator--567954d2-d880-467c-9603-4897950d210f",
|
|
"indicator--567954d2-5dc4-42f2-9856-428f950d210f",
|
|
"indicator--567954d2-b290-4362-a9ac-4d14950d210f",
|
|
"indicator--567954d2-637c-40e0-90fb-4771950d210f",
|
|
"indicator--567954d3-7c34-4be9-aa6b-4b40950d210f",
|
|
"indicator--567954d3-9cf8-4007-ae96-41a2950d210f",
|
|
"indicator--567954d3-2814-4d1e-a88b-4c7c950d210f",
|
|
"indicator--567954d4-5ea8-42b7-9083-408d950d210f",
|
|
"indicator--567954d4-29bc-4209-a9e0-453c950d210f",
|
|
"indicator--567954d4-8f04-4395-aa30-46a5950d210f",
|
|
"indicator--567954d4-086c-4889-8db2-4e38950d210f",
|
|
"indicator--567954d5-0570-4a50-9b38-4d37950d210f",
|
|
"indicator--567954d5-ad50-4610-85c3-4764950d210f",
|
|
"indicator--567954d5-bf10-43d2-94a8-4432950d210f",
|
|
"indicator--567954d6-19a4-4443-987a-456b950d210f",
|
|
"indicator--567954d6-13d4-4306-b3a8-486f950d210f",
|
|
"indicator--567954d6-b934-4e9d-aa1c-4b4a950d210f",
|
|
"indicator--567954d6-7c54-4ab1-af6a-48b3950d210f",
|
|
"indicator--567954d7-3c34-46f2-8ce7-48df950d210f",
|
|
"indicator--567954d7-8060-4b20-85f2-4b4c950d210f",
|
|
"indicator--567954d7-9778-4730-9323-45dc950d210f",
|
|
"indicator--567954d8-8a1c-479c-bf51-4c0f950d210f",
|
|
"indicator--567954d8-40e0-4601-acf1-4ab7950d210f",
|
|
"indicator--567954d8-1738-4d84-b0ac-4bc2950d210f",
|
|
"indicator--567954d9-9188-4205-b2a8-4acd950d210f",
|
|
"indicator--567954d9-3cc4-4322-89fa-45d6950d210f",
|
|
"indicator--567954d9-a744-4709-8791-4431950d210f",
|
|
"indicator--567954d9-5330-43d8-b390-4eb7950d210f",
|
|
"indicator--567954da-e0bc-46cf-8f14-4f1e950d210f",
|
|
"indicator--567954da-a4f8-470b-9c69-4ce4950d210f",
|
|
"indicator--567954da-ae2c-48c5-9450-484d950d210f",
|
|
"indicator--567954db-44d0-499a-ba90-45a2950d210f",
|
|
"indicator--567954db-119c-4b31-9539-441e950d210f",
|
|
"indicator--567954db-2af0-4ad7-b1be-4d58950d210f",
|
|
"indicator--567954db-8230-414e-a873-408e950d210f",
|
|
"indicator--567954dc-a6f0-4bee-a2de-4dea950d210f",
|
|
"indicator--567954dc-8688-4ffc-83ee-45ef950d210f",
|
|
"indicator--567954dc-6074-419e-9f57-4e3c950d210f",
|
|
"indicator--567954dd-dde0-4eca-a012-4074950d210f",
|
|
"indicator--567954dd-27c0-4de4-848e-4bd8950d210f",
|
|
"indicator--567954dd-6514-45f1-94cb-4b10950d210f",
|
|
"indicator--567954de-78d0-4412-94e2-4cef950d210f",
|
|
"indicator--567954de-1cc8-461c-97c4-4d36950d210f",
|
|
"indicator--567954de-fb94-4cef-8372-44f3950d210f",
|
|
"indicator--567954de-0558-4760-8b43-4249950d210f",
|
|
"indicator--567954df-4484-4956-ae21-4fa1950d210f",
|
|
"indicator--567954df-cfb8-4e0b-a8a0-46f7950d210f",
|
|
"indicator--567954df-01f8-4073-baf4-4fa6950d210f",
|
|
"indicator--567954e0-66a8-4ab2-a8e4-4e0d950d210f",
|
|
"indicator--567954e0-2f1c-42fc-b0dd-46e7950d210f",
|
|
"indicator--567954e0-0144-4c6f-b275-41c5950d210f",
|
|
"indicator--567954e0-0530-4927-beed-4096950d210f",
|
|
"indicator--567954e1-81d4-4371-a816-4be1950d210f",
|
|
"indicator--567954e1-cdc0-497a-aeac-4a43950d210f",
|
|
"indicator--567954e1-0250-4718-be9c-4583950d210f",
|
|
"indicator--567954e2-5b6c-4e9d-9cbf-46f5950d210f",
|
|
"indicator--567954e2-88d8-48f6-bd19-434c950d210f",
|
|
"indicator--567954e2-98e8-45aa-9a98-4470950d210f",
|
|
"indicator--567954e2-c854-416d-96c3-4e02950d210f",
|
|
"indicator--567954e3-bc64-400c-a874-494b950d210f",
|
|
"indicator--567954e3-f1b4-42bc-bdd0-49d7950d210f",
|
|
"indicator--567954e3-85e4-4d46-96da-4a11950d210f",
|
|
"indicator--567954e4-2848-4b4d-918c-4b03950d210f",
|
|
"indicator--567954e4-8a18-429c-8a0d-4b2e950d210f",
|
|
"indicator--567954e4-ef28-4017-9033-4ba7950d210f",
|
|
"indicator--567954e5-c7bc-46dc-b624-4682950d210f",
|
|
"indicator--567954e5-05f8-4676-a94b-4789950d210f",
|
|
"indicator--567954e5-68cc-4d83-8e3c-4d6c950d210f",
|
|
"indicator--567954e5-07d8-4684-97ff-473d950d210f",
|
|
"indicator--567954e6-e8b4-455e-b05f-44e5950d210f",
|
|
"indicator--567954e6-b35c-4405-af56-4a6d950d210f",
|
|
"indicator--567954e6-ed84-44c1-8784-474f950d210f",
|
|
"indicator--567954e7-11e4-49ef-bb59-4017950d210f",
|
|
"indicator--567954e7-38a8-4b5f-aa6c-4b8c950d210f",
|
|
"indicator--567954e7-08c0-4d08-852e-4fe1950d210f",
|
|
"indicator--567954e8-3dfc-480a-b181-4b69950d210f",
|
|
"indicator--567954e8-dfa0-401a-9659-4b66950d210f",
|
|
"indicator--567954e8-ec30-4446-b11c-4668950d210f",
|
|
"indicator--567954e8-74e4-4148-a922-417e950d210f",
|
|
"indicator--567954e9-16c0-4a37-8eb3-49cd950d210f",
|
|
"indicator--567954e9-b188-4aae-abd1-4c91950d210f",
|
|
"indicator--567954e9-295c-46a5-a0a8-47cc950d210f",
|
|
"indicator--567954ea-dad8-4af9-ae4d-4026950d210f",
|
|
"indicator--567954ea-6180-44b5-9752-49d8950d210f",
|
|
"indicator--567954ea-f264-490b-8aab-444c950d210f",
|
|
"indicator--567954ea-f1b4-40b0-aac2-492b950d210f",
|
|
"indicator--567954eb-4b4c-4578-a76b-4511950d210f",
|
|
"indicator--567954eb-be1c-4b5d-966e-47a3950d210f",
|
|
"indicator--567954eb-c074-4206-9f72-4894950d210f",
|
|
"indicator--567954ec-2a38-4065-a991-4c3c950d210f",
|
|
"indicator--567954ec-6cc0-4dbd-a75b-4476950d210f",
|
|
"indicator--567954ec-a790-4d66-a832-44d3950d210f",
|
|
"indicator--567954ec-64bc-4e18-b5d3-4cf8950d210f",
|
|
"indicator--567954ed-41e8-44ed-aedc-416e950d210f",
|
|
"indicator--567954ed-394c-4a09-8340-41b6950d210f",
|
|
"indicator--567954ed-1e44-4925-b1e7-459d950d210f",
|
|
"indicator--567954ed-9338-4f07-8110-43fd950d210f",
|
|
"indicator--567954ee-eda8-46c5-a19e-4631950d210f",
|
|
"indicator--567954ee-12a8-41c3-bbdd-4c15950d210f",
|
|
"indicator--567954ee-9bf4-42f4-bf45-41ac950d210f",
|
|
"indicator--567954ef-afcc-4de1-b0e2-4c18950d210f",
|
|
"indicator--567954ef-5670-4414-83ab-4fdc950d210f",
|
|
"indicator--567954ef-65d4-496c-9ca6-4f33950d210f",
|
|
"indicator--567954ef-bd78-4a35-96bb-44d1950d210f",
|
|
"indicator--567954f0-9958-46da-ad85-4e14950d210f",
|
|
"indicator--567954f0-abdc-4433-9546-4797950d210f",
|
|
"indicator--567954f0-d694-4e51-aca0-4b66950d210f",
|
|
"indicator--567954f1-feb4-4069-92c6-44e1950d210f",
|
|
"indicator--567954f1-7750-4300-89a0-4eee950d210f",
|
|
"indicator--567954f1-6814-40f7-99c0-4c81950d210f",
|
|
"indicator--567954f2-9354-420f-afcb-4229950d210f",
|
|
"indicator--567954f2-a3e4-4a7a-8fa7-47aa950d210f",
|
|
"indicator--567954f2-4df4-4dd3-9625-4d4f950d210f",
|
|
"indicator--567954f2-6b64-4a4e-a243-4e71950d210f",
|
|
"indicator--567954f3-90b0-4d58-85f2-4326950d210f",
|
|
"indicator--567954f3-6064-41ff-92ba-4cc0950d210f",
|
|
"indicator--567954f3-2a18-4679-a01d-4349950d210f",
|
|
"indicator--567954f4-6e40-4a81-a6f4-45b9950d210f",
|
|
"indicator--567954f4-f950-44d5-aefa-4d2d950d210f",
|
|
"indicator--567954f4-d9fc-41ae-92d3-4f90950d210f",
|
|
"indicator--567954f4-58d8-49a6-81ff-4930950d210f",
|
|
"indicator--567954f5-1374-4c1d-b722-4553950d210f",
|
|
"indicator--567954f5-8b28-4ec8-aa30-4868950d210f",
|
|
"indicator--567954f5-90c8-43b9-ba77-4f69950d210f",
|
|
"indicator--567954f6-cd54-4a08-a7d3-4d9b950d210f",
|
|
"indicator--567954f6-64a4-4c2b-b3e6-4d16950d210f",
|
|
"indicator--567954f6-e5a0-4f86-8771-4865950d210f",
|
|
"indicator--567954f7-2368-46f4-86ee-433a950d210f",
|
|
"indicator--567954f7-fab4-4075-b074-4573950d210f",
|
|
"indicator--567954f7-011c-4f26-a4b3-4054950d210f",
|
|
"indicator--567954f7-3f50-4ebd-80f6-44bc950d210f",
|
|
"indicator--567954f8-309c-4fa1-9870-4b54950d210f",
|
|
"indicator--567954f8-15e0-4eff-8a5c-4c61950d210f",
|
|
"indicator--567954f8-6ab4-4e50-999c-43fe950d210f",
|
|
"indicator--567954f9-e38c-4547-a7fb-4303950d210f",
|
|
"indicator--567954f9-a4d0-4b66-b769-4bed950d210f",
|
|
"indicator--567954f9-71d0-4f64-8d07-4be2950d210f",
|
|
"indicator--567954fa-60dc-44fe-a4a0-45f6950d210f",
|
|
"indicator--567954fa-9f84-4782-b5ac-40bd950d210f",
|
|
"indicator--567954fa-522c-4832-8e6f-4900950d210f",
|
|
"indicator--567954fa-37d0-4b38-943b-4edf950d210f",
|
|
"indicator--567954fb-9810-4230-a222-4e0a950d210f",
|
|
"indicator--567954fb-eb44-4a18-93fa-45ac950d210f",
|
|
"indicator--567954fb-e140-44b1-a091-44d8950d210f",
|
|
"indicator--567954fc-aea0-4cca-b29d-444b950d210f",
|
|
"indicator--567954fc-8320-4254-b47a-4b18950d210f",
|
|
"indicator--567954fc-840c-464b-b6f5-4b62950d210f",
|
|
"indicator--567954fd-1670-432e-9a85-4916950d210f",
|
|
"indicator--567954fd-b6fc-4d4b-80f4-4cae950d210f",
|
|
"indicator--567954fd-0dd8-4c7a-9174-4a82950d210f",
|
|
"indicator--567954fd-75cc-4434-a8dd-41de950d210f",
|
|
"indicator--567954fe-5940-4b94-aa30-4b39950d210f",
|
|
"indicator--567954fe-ad64-4610-a9a8-4695950d210f",
|
|
"indicator--567954fe-8ac8-4d6e-a176-4ce4950d210f",
|
|
"indicator--567954ff-2bc0-4d9f-b486-4a48950d210f",
|
|
"indicator--567954ff-d4a4-491d-9038-425f950d210f",
|
|
"indicator--567954ff-b5b0-4f81-9edb-429d950d210f",
|
|
"indicator--567954ff-c870-4308-9bb1-4075950d210f",
|
|
"indicator--56795500-fdd8-4808-ae93-4218950d210f",
|
|
"indicator--56795500-e718-4d41-bcb4-4a8e950d210f",
|
|
"indicator--56795500-8538-4394-b55f-42fe950d210f",
|
|
"indicator--56795501-3bd8-48a8-8542-4bcb950d210f",
|
|
"indicator--56795501-fa44-4a86-9b3c-4dd0950d210f",
|
|
"indicator--56795501-4910-4e69-ae86-4c9f950d210f",
|
|
"indicator--56795502-8ecc-4592-bffb-4ca4950d210f",
|
|
"indicator--56795502-aecc-4ba6-a157-4e1c950d210f",
|
|
"indicator--56795502-a89c-449b-a964-4200950d210f",
|
|
"indicator--56795502-fab4-4935-bc7a-4039950d210f",
|
|
"indicator--56795503-76a8-4415-b4dc-4761950d210f",
|
|
"indicator--56795503-a5d8-4513-a7b8-4a8b950d210f",
|
|
"indicator--56795503-1550-40d0-803f-4fcb950d210f",
|
|
"indicator--56795504-c548-4049-ad55-4998950d210f",
|
|
"indicator--56795504-5024-4c58-a5d2-4511950d210f",
|
|
"indicator--56795504-762c-455c-8c78-4bb9950d210f",
|
|
"indicator--56795505-7aa8-46e9-86f0-4681950d210f",
|
|
"indicator--56795505-cb68-401f-8f1f-4fcf950d210f",
|
|
"indicator--56795505-f8b8-4ffd-b6ac-4068950d210f",
|
|
"indicator--56795505-8500-4f81-ab5f-40ac950d210f",
|
|
"indicator--56795506-c238-4d1d-9c35-4dbd950d210f",
|
|
"indicator--56795506-e458-4d51-9384-44fa950d210f",
|
|
"indicator--56795506-3734-4ac8-baf1-4509950d210f",
|
|
"indicator--56795507-520c-4fc2-8e6e-4d25950d210f",
|
|
"indicator--56795507-1e8c-411f-aa60-4529950d210f",
|
|
"indicator--56795507-ec74-4972-ac4f-4827950d210f",
|
|
"indicator--56795507-253c-4168-a24f-48b4950d210f",
|
|
"indicator--56795508-1b38-4fc8-a62f-4911950d210f",
|
|
"indicator--56795508-6b2c-4134-a9e5-40a2950d210f",
|
|
"indicator--56795508-1924-424c-b34d-432b950d210f",
|
|
"indicator--56795509-5fe8-44fd-a85e-42fb950d210f",
|
|
"indicator--56795509-ef38-4580-95d5-4c1e950d210f",
|
|
"indicator--56795509-6f88-4f76-8e5f-48de950d210f",
|
|
"indicator--5679550a-2424-4fd6-8ffa-40bf950d210f",
|
|
"indicator--5679550a-d5c8-4353-b6f6-4232950d210f",
|
|
"indicator--5679550a-c988-4e7f-8ae4-4986950d210f",
|
|
"indicator--5679550a-7f7c-478f-93fe-4c19950d210f",
|
|
"indicator--5679550b-9d78-41a3-9542-4802950d210f",
|
|
"indicator--5679550b-8ee8-4d07-bde9-41ee950d210f",
|
|
"indicator--5679550b-61c4-419a-81ce-4f74950d210f",
|
|
"indicator--5679550c-f258-4a53-bbd7-4f5d950d210f",
|
|
"indicator--5679550c-b77c-4364-810f-4b73950d210f",
|
|
"indicator--5679550c-f70c-4ca0-8aba-49ed950d210f",
|
|
"indicator--5679550c-0d50-4305-a8a1-4cb1950d210f",
|
|
"indicator--5679550d-bb08-4bd6-b760-49e5950d210f",
|
|
"indicator--5679550d-44bc-49cd-8ba6-4d14950d210f",
|
|
"indicator--5679550d-7ba4-4af2-9ae4-4551950d210f",
|
|
"indicator--5679550d-66a4-4361-b35d-42df950d210f",
|
|
"indicator--5679550e-5db8-4a04-84a9-4204950d210f",
|
|
"indicator--5679550e-c250-4bdb-b0fe-471e950d210f",
|
|
"indicator--5679550e-d3ac-41ef-927e-4557950d210f",
|
|
"indicator--5679550e-b338-4ced-8554-4fb6950d210f",
|
|
"indicator--5679550f-562c-40e0-b2f7-4b0b950d210f",
|
|
"indicator--5679550f-2750-40ba-8f93-418e950d210f",
|
|
"indicator--5679550f-d1c4-4f63-87a9-42d6950d210f",
|
|
"indicator--56795510-9750-495a-9e89-4cff950d210f",
|
|
"indicator--56795510-9650-4d88-ba12-4f0f950d210f",
|
|
"indicator--56795510-56dc-4dde-88c0-44f7950d210f",
|
|
"indicator--56795510-a860-467f-bcbb-4c8e950d210f",
|
|
"indicator--56795511-a710-4487-8c96-4d1d950d210f",
|
|
"indicator--56795511-57e0-498d-a452-483e950d210f",
|
|
"indicator--56795511-565c-40db-baa3-47ba950d210f",
|
|
"indicator--56795512-9734-4f1e-adfa-4f9f950d210f",
|
|
"indicator--56795512-9304-489e-8243-4a18950d210f",
|
|
"indicator--56795512-49a8-4b65-a547-4ef8950d210f",
|
|
"indicator--56795513-2968-4590-98ca-4da1950d210f",
|
|
"indicator--56795513-8b6c-4064-b307-445e950d210f",
|
|
"indicator--56795513-83a0-47cc-b7a6-4b03950d210f",
|
|
"indicator--56795513-7868-490a-88ba-4c2f950d210f",
|
|
"indicator--56795514-ea04-46b0-a148-49c0950d210f",
|
|
"indicator--56795514-7720-4923-9336-4d50950d210f",
|
|
"indicator--56795514-e524-443a-ac3d-4def950d210f",
|
|
"indicator--56795515-cf44-466d-a5e8-4f89950d210f",
|
|
"indicator--56795515-dad8-4b1c-ae77-4d13950d210f",
|
|
"indicator--56795515-f15c-419c-8b5e-4a6b950d210f",
|
|
"indicator--56795515-48b8-4b28-8a75-4c73950d210f",
|
|
"indicator--56795516-3e5c-494b-8851-4169950d210f",
|
|
"indicator--56795516-0d50-4314-8c1d-4b5e950d210f",
|
|
"indicator--56795516-ec78-462b-b405-4575950d210f",
|
|
"indicator--56795517-8c48-4f57-bd2b-4c59950d210f",
|
|
"indicator--56795517-8eb4-4e85-b349-48ff950d210f",
|
|
"indicator--56795517-8334-41b1-b218-4ba5950d210f",
|
|
"indicator--56795518-fcd8-4bb3-9e7c-4c73950d210f",
|
|
"indicator--56795518-d62c-4d35-a016-480f950d210f",
|
|
"indicator--56795518-36c8-4348-b240-4e70950d210f",
|
|
"indicator--56795518-d3ec-4ba3-8bee-4d87950d210f",
|
|
"indicator--56795519-3ea0-4c85-a6a8-4a7b950d210f",
|
|
"indicator--56795519-3994-4ea0-952a-4794950d210f",
|
|
"indicator--56795519-5aa8-4fc9-bcef-4897950d210f",
|
|
"indicator--5679551a-554c-4055-a073-419f950d210f",
|
|
"indicator--5679551a-684c-4a3b-b149-4235950d210f",
|
|
"indicator--5679551a-1968-4c51-b79c-498b950d210f",
|
|
"indicator--5679551a-2a50-4a5d-9605-4a7d950d210f",
|
|
"indicator--5679551b-56b4-4913-ba79-4275950d210f",
|
|
"indicator--5679551b-fcbc-4cd2-81dc-451f950d210f",
|
|
"indicator--5679551b-3558-416c-9fe2-4955950d210f",
|
|
"indicator--5679551c-85bc-4778-afd2-4527950d210f",
|
|
"indicator--5679551c-07d4-486e-acf3-4ca9950d210f",
|
|
"indicator--5679551c-0dcc-4fd5-a46e-4ec4950d210f",
|
|
"indicator--5679551d-0de8-4104-8080-429c950d210f",
|
|
"indicator--5679551d-e11c-4f23-8e56-41c9950d210f",
|
|
"indicator--5679551d-8ef0-4692-955f-44ac950d210f",
|
|
"indicator--5679551d-c8ac-4da4-9ff3-4642950d210f",
|
|
"indicator--5679551e-28d0-49c2-a93f-4e6f950d210f",
|
|
"indicator--5679551e-1d34-4497-8671-4935950d210f",
|
|
"indicator--5679551e-c760-4692-a1d0-44d0950d210f",
|
|
"indicator--5679551f-6cc4-4360-93d5-4550950d210f",
|
|
"indicator--5679551f-9ea0-48c5-b91c-47a0950d210f",
|
|
"indicator--5679551f-2d74-4c85-9100-4d43950d210f",
|
|
"indicator--56795520-9ec0-47c8-8a5b-43a7950d210f",
|
|
"indicator--56795520-1d44-4aa5-8ee7-447d950d210f",
|
|
"indicator--56795520-1b90-408c-b035-438b950d210f",
|
|
"indicator--56795520-1b54-4bcf-9b6e-416f950d210f",
|
|
"indicator--56795521-6a3c-4ee6-b878-450a950d210f",
|
|
"indicator--56795521-7f94-46d4-b0bd-4e32950d210f",
|
|
"indicator--56795521-67e8-4609-9b18-422a950d210f",
|
|
"indicator--56795522-b4f8-43aa-b45d-4979950d210f",
|
|
"indicator--56795522-3340-4adf-9603-4be4950d210f",
|
|
"indicator--56795522-5650-4dc3-8180-4ae6950d210f",
|
|
"indicator--56795522-7194-40a8-9577-4a6c950d210f",
|
|
"indicator--56795523-a0f4-4b98-87c8-4103950d210f",
|
|
"indicator--56795523-3824-4913-87c4-4d0b950d210f",
|
|
"indicator--56795523-b9b0-435b-8528-4732950d210f",
|
|
"indicator--56795524-4a9c-47d8-8832-42dc950d210f",
|
|
"indicator--56795524-8858-4f5b-a6e4-4f38950d210f",
|
|
"indicator--56795524-5de0-4a64-9d21-45d4950d210f",
|
|
"indicator--56795525-a00c-42c2-899d-4d69950d210f",
|
|
"indicator--56795525-8500-4927-96ca-444b950d210f",
|
|
"indicator--56795525-b374-4bc4-bb78-458e950d210f",
|
|
"indicator--56795525-2138-435d-a81e-41eb950d210f",
|
|
"indicator--56795526-1a7c-4141-a5da-4725950d210f",
|
|
"indicator--56795526-6770-4f3f-ac9a-4ac3950d210f",
|
|
"indicator--56795526-f628-4e6c-aab3-4120950d210f",
|
|
"indicator--56795527-db88-4449-9a23-4690950d210f",
|
|
"indicator--56795527-26ec-4138-8305-4405950d210f",
|
|
"indicator--56795527-af1c-4944-b076-48fe950d210f",
|
|
"indicator--56795528-dd40-4150-bb8d-4c6a950d210f",
|
|
"indicator--56795528-d36c-435e-8d2c-4c1e950d210f",
|
|
"indicator--56795528-f0c0-4ce0-b754-4135950d210f",
|
|
"indicator--56795528-0c40-46e8-a94a-4d21950d210f",
|
|
"indicator--56795529-8dd4-4a46-b608-4fbf950d210f",
|
|
"indicator--56795529-8938-42b8-a610-4a98950d210f",
|
|
"indicator--56795529-de88-4379-91fa-4d2a950d210f",
|
|
"indicator--5679552a-a51c-401a-b9dd-4c21950d210f",
|
|
"indicator--5679552a-c99c-44e9-af24-4a46950d210f",
|
|
"indicator--5679552a-4028-43c1-9355-4ebe950d210f",
|
|
"indicator--5679552a-f304-4226-aab3-41da950d210f",
|
|
"indicator--5679552b-c80c-40e2-aadf-456e950d210f",
|
|
"indicator--5679552b-a788-4927-99c1-441b950d210f",
|
|
"indicator--5679552b-49f4-4cc5-8483-4e6a950d210f",
|
|
"indicator--5679552c-c3f8-4b28-9971-4aad950d210f",
|
|
"indicator--5679552c-a544-44a9-ac33-42a3950d210f",
|
|
"indicator--5679552c-4954-44e6-af8a-4a74950d210f",
|
|
"indicator--5679552d-c4e8-416e-b19e-49eb950d210f",
|
|
"indicator--5679552d-5f80-48eb-af12-4313950d210f",
|
|
"indicator--5679552d-915c-4352-8cb1-4093950d210f",
|
|
"indicator--5679552d-d2d8-4a02-ab0e-496f950d210f",
|
|
"indicator--5679552e-3e2c-49af-856f-434b950d210f",
|
|
"indicator--5679552e-8468-4122-926f-4468950d210f",
|
|
"indicator--5679552e-c244-4644-9ea7-4bec950d210f",
|
|
"indicator--5679552f-bb00-4fb2-859e-4f55950d210f",
|
|
"indicator--5679552f-b230-4e43-af53-48dd950d210f",
|
|
"indicator--5679552f-1368-4037-bb85-4b84950d210f",
|
|
"indicator--56795530-5eb4-401c-b109-480b950d210f",
|
|
"indicator--56795530-2970-4ef4-9061-4274950d210f",
|
|
"indicator--56795530-c164-4805-ac66-47bd950d210f",
|
|
"indicator--56795530-f110-435e-ad0f-4f3d950d210f",
|
|
"indicator--56795531-3e04-4c40-9b1b-4993950d210f",
|
|
"indicator--56795531-dcdc-4da9-a50a-46fb950d210f",
|
|
"indicator--56795531-80d4-49df-9b9b-44a5950d210f",
|
|
"indicator--56795532-4fdc-4788-9307-49f9950d210f",
|
|
"indicator--56795532-8ac4-4f4c-b3c1-4b86950d210f",
|
|
"indicator--56795532-abe0-464e-8cdf-4a39950d210f",
|
|
"indicator--56795533-e8c0-486b-90e6-4b9e950d210f",
|
|
"indicator--56795533-37c4-4fbe-aab9-429f950d210f",
|
|
"indicator--56795533-f00c-4a16-b312-4e60950d210f",
|
|
"indicator--56795533-faf0-47e8-9b40-47ea950d210f",
|
|
"indicator--56795534-39d4-44ce-bc55-4d4f950d210f",
|
|
"indicator--56795534-a4b0-474c-974e-44a8950d210f",
|
|
"indicator--56795534-6738-46b5-8859-413d950d210f",
|
|
"indicator--56795535-ca70-480a-8381-41ba950d210f",
|
|
"indicator--56795535-bc48-4382-82fe-4323950d210f",
|
|
"indicator--56795535-7a84-4ba7-bd83-4bc9950d210f",
|
|
"indicator--56795535-6ea8-4a45-bee9-4993950d210f",
|
|
"indicator--56795536-8d6c-4185-b42b-4755950d210f",
|
|
"indicator--56795536-dd70-4f38-bfc0-4063950d210f",
|
|
"indicator--56795536-5a0c-4154-80a8-4069950d210f",
|
|
"indicator--56795537-fd54-44f3-877a-4531950d210f",
|
|
"indicator--56795537-24f4-4379-96d7-4ee3950d210f",
|
|
"indicator--56795537-2cbc-458f-981a-402e950d210f",
|
|
"indicator--56795537-a85c-457e-8bde-44e5950d210f",
|
|
"indicator--56795538-5dc0-42a4-8dab-4f34950d210f",
|
|
"indicator--56795538-baf8-42dc-b0d6-4f1d950d210f",
|
|
"indicator--56795538-f468-41df-b938-4336950d210f",
|
|
"indicator--56795539-975c-48f5-9a84-4734950d210f",
|
|
"indicator--56795539-1410-4669-b2ca-4514950d210f",
|
|
"indicator--56795539-044c-4cbf-87c7-49e6950d210f",
|
|
"indicator--5679553a-a168-423c-910c-42b8950d210f",
|
|
"indicator--5679553a-1e68-4256-af98-4503950d210f",
|
|
"indicator--5679553a-231c-4b2a-9894-4ceb950d210f",
|
|
"indicator--5679553a-a65c-48bb-b7be-4ec6950d210f",
|
|
"indicator--5679553b-4300-423e-9908-4721950d210f",
|
|
"indicator--5679553b-6798-4c5e-8eb4-42f8950d210f",
|
|
"indicator--5679553b-e988-4156-96e2-4e2b950d210f",
|
|
"indicator--5679553c-a658-4c83-808b-4f26950d210f",
|
|
"indicator--5679553c-76ac-43e4-b189-4082950d210f",
|
|
"indicator--5679553c-0e08-460b-bcae-4912950d210f",
|
|
"indicator--5679553d-3c20-4d86-a4b1-41bf950d210f",
|
|
"indicator--5679553d-ce70-42b2-af9a-4154950d210f",
|
|
"indicator--5679553d-ad58-4dab-be3a-4250950d210f",
|
|
"indicator--5679553d-2288-4a22-a284-4c27950d210f",
|
|
"indicator--5679553e-9d3c-4f96-84b4-41a3950d210f",
|
|
"indicator--5679553e-9498-4423-955b-48f9950d210f",
|
|
"indicator--5679553e-7a08-426a-809a-4b45950d210f",
|
|
"indicator--5679553f-034c-4310-a20f-46d0950d210f",
|
|
"indicator--5679553f-ca90-4fa9-b9a9-4bdc950d210f",
|
|
"indicator--5679553f-651c-4443-b61a-498a950d210f",
|
|
"indicator--5679553f-4ec0-4f2a-b5ca-413a950d210f",
|
|
"indicator--56795540-2d80-467d-bf74-4959950d210f",
|
|
"indicator--56795540-830c-402a-a984-4f14950d210f",
|
|
"indicator--56795540-d5b0-4079-8402-4766950d210f",
|
|
"indicator--56795541-90f0-42c7-a881-402f950d210f",
|
|
"indicator--56795541-f134-4d52-8668-46fb950d210f",
|
|
"indicator--56795541-d348-463d-ba82-4ef8950d210f",
|
|
"indicator--56795542-470c-4ded-b0b7-46c5950d210f",
|
|
"indicator--56795542-9340-492a-8cf4-4f2e950d210f",
|
|
"indicator--56795542-bf8c-457a-81ed-4392950d210f",
|
|
"indicator--56795542-b98c-46ec-a138-4644950d210f",
|
|
"indicator--56795543-90ec-442d-9495-48cd950d210f",
|
|
"indicator--56795543-0450-420a-ad3d-4a4f950d210f",
|
|
"indicator--56795543-68e0-45f8-9930-4030950d210f",
|
|
"indicator--56795544-65c0-457c-a2f9-4d8f950d210f",
|
|
"indicator--56795544-4028-4e1c-a9b0-4ad1950d210f",
|
|
"indicator--56795544-0760-45f7-9ac9-4ec6950d210f",
|
|
"indicator--56795545-a200-4167-9e6c-4559950d210f",
|
|
"indicator--56795545-f6ac-470d-98d5-44fa950d210f",
|
|
"indicator--56795545-56cc-4e12-bab8-4dac950d210f",
|
|
"indicator--56795545-b274-441f-a96e-42cb950d210f",
|
|
"indicator--56795546-b57c-4ab1-a727-4728950d210f",
|
|
"indicator--56795546-06e4-45be-aa25-4fa8950d210f",
|
|
"indicator--56795546-89f8-4ba0-b1bb-41f9950d210f",
|
|
"indicator--56795547-6a94-41c4-9ae8-4c01950d210f",
|
|
"indicator--56795547-6868-490a-8916-425a950d210f",
|
|
"indicator--56795547-3c78-4bc4-8d0f-4f33950d210f",
|
|
"indicator--56795547-af9c-4164-a42d-4201950d210f",
|
|
"indicator--56795548-b320-4aca-89b2-4fa2950d210f",
|
|
"indicator--56795548-1200-4eec-afba-4621950d210f",
|
|
"indicator--56795548-3ddc-4611-90f2-4b4c950d210f",
|
|
"indicator--56795549-7fcc-4621-b889-4758950d210f",
|
|
"indicator--56795549-c080-44bb-9ff2-4aad950d210f",
|
|
"indicator--56795549-8168-4ce5-9894-4828950d210f",
|
|
"indicator--5679554a-cd94-467a-9c78-4506950d210f",
|
|
"indicator--5679554a-fd68-4a30-9a2d-4a79950d210f",
|
|
"indicator--5679554a-27c0-4716-96cd-4824950d210f",
|
|
"indicator--5679554a-da44-4588-80b5-4bc8950d210f",
|
|
"indicator--5679554b-f3a8-459f-9b09-4a2f950d210f",
|
|
"indicator--5679554b-2dfc-4a78-a7f4-4997950d210f",
|
|
"indicator--5679554b-2720-4211-96e7-4f98950d210f",
|
|
"indicator--5679554c-87d4-4339-bbab-4c18950d210f",
|
|
"indicator--5679554c-071c-49a3-be43-436d950d210f",
|
|
"indicator--5679554c-135c-4099-8d93-4017950d210f",
|
|
"indicator--5679554c-0ac4-441b-9feb-4c34950d210f",
|
|
"indicator--5679554d-0bbc-4c4e-9a1e-41e1950d210f",
|
|
"indicator--5679554d-8c1c-424f-b2ee-47a3950d210f",
|
|
"indicator--5679554d-55ac-4610-9994-4c13950d210f",
|
|
"indicator--5679554e-05c0-49d5-9078-4c38950d210f",
|
|
"indicator--5679554e-e3c4-4b74-987f-4502950d210f",
|
|
"indicator--5679554e-d20c-41db-bb82-4b94950d210f",
|
|
"indicator--5679554e-6a28-444e-ac83-4214950d210f",
|
|
"indicator--5679554f-8c50-4dbc-bdf0-483c950d210f",
|
|
"indicator--5679554f-ead8-4101-bab6-45ce950d210f",
|
|
"indicator--5679554f-38ec-469e-9eb6-4df8950d210f",
|
|
"indicator--56795550-5fe4-4429-be55-4dc4950d210f",
|
|
"indicator--56795550-10c4-4f03-9607-4e7b950d210f",
|
|
"indicator--56795550-b39c-4e29-9c46-44f3950d210f",
|
|
"indicator--56795550-4cf8-47c5-97e9-482c950d210f",
|
|
"indicator--56795551-1774-4668-8a4d-4c78950d210f",
|
|
"indicator--56795551-1738-42a4-892f-437d950d210f",
|
|
"indicator--56795551-d0a0-4f92-967f-49c8950d210f",
|
|
"indicator--56795552-1948-4682-abe0-4bcb950d210f",
|
|
"indicator--56795552-0d54-4cba-87c2-4853950d210f",
|
|
"indicator--56795552-1440-41c5-9af0-4035950d210f",
|
|
"indicator--56795553-02ac-44fd-956d-4edb950d210f",
|
|
"indicator--56795553-c06c-4f2b-bc4b-40db950d210f",
|
|
"indicator--56795553-0a48-40d0-977d-4e83950d210f",
|
|
"indicator--56795553-ec10-45b0-bf90-4af5950d210f",
|
|
"indicator--56795554-9fc0-4a09-a2aa-48b0950d210f",
|
|
"indicator--56795554-e718-452d-92b5-42f4950d210f",
|
|
"indicator--56795554-e2a8-431e-847a-4347950d210f",
|
|
"indicator--56795555-55a8-4e08-818a-4fd4950d210f",
|
|
"indicator--56795555-bdac-44e0-85ac-4caf950d210f",
|
|
"indicator--56795555-45b8-4e8c-8d99-4748950d210f",
|
|
"indicator--56795555-da90-400f-9ca6-4589950d210f",
|
|
"indicator--56795556-8e80-4340-b2f4-4241950d210f",
|
|
"indicator--56795556-62a4-48a0-bce3-4e2a950d210f",
|
|
"indicator--56795556-bb54-4e0e-99c1-4f54950d210f",
|
|
"indicator--56795557-88f0-4790-958c-4396950d210f",
|
|
"indicator--56795557-2c78-4b49-9b3f-461a950d210f",
|
|
"indicator--56795557-fa18-4a36-a03d-4228950d210f",
|
|
"indicator--56795558-bc74-4c29-9fb1-4e68950d210f",
|
|
"indicator--56795558-f5bc-467e-a395-4607950d210f",
|
|
"indicator--56795558-8ec4-4082-9e6a-4c8d950d210f",
|
|
"indicator--56795558-356c-4026-91d6-4fcc950d210f",
|
|
"indicator--56795559-6af0-490b-9a39-448a950d210f",
|
|
"indicator--56795559-9524-4a9f-813b-41db950d210f",
|
|
"indicator--56795559-ab68-49da-9400-49db950d210f",
|
|
"indicator--5679555a-55f8-47d3-8a97-40a2950d210f",
|
|
"indicator--5679555a-b26c-4a94-a8f7-43c8950d210f",
|
|
"indicator--5679555a-1fb4-4fd9-a475-475a950d210f",
|
|
"indicator--5679555a-34ec-44a1-af9c-4809950d210f",
|
|
"observed-data--563b5c8f-ad34-4ff0-9761-3798950d210b",
|
|
"domain-name--563b5c8f-ad34-4ff0-9761-3798950d210b",
|
|
"observed-data--563b5cad-b964-42ed-8103-3798950d210b",
|
|
"domain-name--563b5cad-b964-42ed-8103-3798950d210b",
|
|
"observed-data--563b5d20-7bf0-45af-831a-3798950d210b",
|
|
"domain-name--563b5d20-7bf0-45af-831a-3798950d210b",
|
|
"indicator--563b5d21-4654-4cd5-b476-3798950d210b",
|
|
"indicator--563b5b87-66b0-4d75-84f0-3798950d210b",
|
|
"observed-data--563b5d29-54d4-4683-922b-3798950d210b",
|
|
"domain-name--563b5d29-54d4-4683-922b-3798950d210b",
|
|
"observed-data--563b5d38-c4e8-4487-a05b-3798950d210b",
|
|
"domain-name--563b5d38-c4e8-4487-a05b-3798950d210b",
|
|
"indicator--563b5ba2-fe00-468d-a15c-3798950d210b",
|
|
"indicator--563b5d41-e0e0-416e-bc15-3798950d210b",
|
|
"indicator--563b5bab-d898-4c35-a8d8-3798950d210b",
|
|
"indicator--563b5bac-9f00-496c-ac63-3798950d210b",
|
|
"indicator--563b5bb7-87a0-4e2b-9007-3798950d210b",
|
|
"observed-data--563b5bb9-82f0-441f-899a-3798950d210b",
|
|
"domain-name--563b5bb9-82f0-441f-899a-3798950d210b",
|
|
"indicator--563b5bc8-87ac-4fec-b10e-3798950d210b",
|
|
"observed-data--563b5bc9-28a8-455f-9868-3798950d210b",
|
|
"domain-name--563b5bc9-28a8-455f-9868-3798950d210b",
|
|
"observed-data--563b5bcc-09e0-4ccc-a141-3798950d210b",
|
|
"domain-name--563b5bcc-09e0-4ccc-a141-3798950d210b",
|
|
"indicator--563b5bd1-22a8-4e77-a702-3798950d210b",
|
|
"observed-data--563b5bde-0f0c-4c7b-8f1a-3798950d210b",
|
|
"domain-name--563b5bde-0f0c-4c7b-8f1a-3798950d210b",
|
|
"indicator--563b5be7-8268-4558-8a64-3798950d210b",
|
|
"indicator--563b5c02-5aa4-4c9b-b3ef-3798950d210b",
|
|
"observed-data--563b5c04-3b48-44e9-ad38-3798950d210b",
|
|
"domain-name--563b5c04-3b48-44e9-ad38-3798950d210b",
|
|
"observed-data--563b5c05-e808-4813-b72f-3798950d210b",
|
|
"domain-name--563b5c05-e808-4813-b72f-3798950d210b",
|
|
"observed-data--563b5c06-08c8-4106-bf80-3798950d210b",
|
|
"domain-name--563b5c06-08c8-4106-bf80-3798950d210b",
|
|
"indicator--563b5c07-cd98-488d-a296-3798950d210b",
|
|
"observed-data--563b5c0c-751c-4ee4-ae42-3798950d210b",
|
|
"domain-name--563b5c0c-751c-4ee4-ae42-3798950d210b",
|
|
"indicator--563b5c10-1ad8-46f8-92f6-3798950d210b",
|
|
"indicator--563b5c16-6e3c-4909-98ad-3798950d210b",
|
|
"indicator--563b5c1a-0fc8-408c-b737-3798950d210b",
|
|
"indicator--563b5c1f-c764-452d-8b81-3798950d210b",
|
|
"indicator--563b5c2a-3974-4938-84ed-3798950d210b",
|
|
"indicator--563b5c37-3fa0-4682-9829-3798950d210b",
|
|
"indicator--563b5c37-40e4-4dba-82a8-3798950d210b",
|
|
"indicator--563b5c41-bda4-4190-8db3-3798950d210b",
|
|
"indicator--563b5c5f-4940-4456-a5f4-3798950d210b",
|
|
"observed-data--563b5c60-13d4-4be2-a0c8-3798950d210b",
|
|
"domain-name--563b5c60-13d4-4be2-a0c8-3798950d210b",
|
|
"observed-data--563b5c63-f7ec-4cbc-a4eb-3798950d210b",
|
|
"domain-name--563b5c63-f7ec-4cbc-a4eb-3798950d210b",
|
|
"indicator--563b5c6a-5ca8-446a-b48b-3798950d210b",
|
|
"indicator--563b5c80-9bd4-4f20-878c-3798950d210b",
|
|
"observed-data--563b5c8c-cd50-4766-aca5-3798950d210b",
|
|
"domain-name--563b5c8c-cd50-4766-aca5-3798950d210b",
|
|
"indicator--563b5ca3-db08-4b1c-b7f1-3798950d210b",
|
|
"indicator--563b5ca6-9444-434d-a400-3798950d210b",
|
|
"observed-data--563b5cb2-e7ac-4b87-a228-3798950d210b",
|
|
"domain-name--563b5cb2-e7ac-4b87-a228-3798950d210b",
|
|
"indicator--563b5cce-fac8-4388-bff9-3798950d210b",
|
|
"observed-data--563b5cd2-9bcc-4829-b357-3798950d210b",
|
|
"domain-name--563b5cd2-9bcc-4829-b357-3798950d210b",
|
|
"indicator--563b5cd6-3e14-4721-ad50-3798950d210b",
|
|
"indicator--563b5ce6-bb4c-4c50-b565-3798950d210b",
|
|
"indicator--563b5cef-4578-47f6-b43d-3798950d210b",
|
|
"indicator--563b5cf5-4ed8-445b-99b6-3798950d210b",
|
|
"observed-data--563b5cf7-93f8-4672-901b-3798950d210b",
|
|
"domain-name--563b5cf7-93f8-4672-901b-3798950d210b",
|
|
"indicator--563b5cfc-abe8-49b4-b076-3798950d210b",
|
|
"indicator--563b5cfc-d5b4-4bcd-9929-3798950d210b",
|
|
"indicator--563b5d07-3ebc-4730-a5bd-3798950d210b",
|
|
"indicator--563b5d09-1eac-4d5c-9619-3798950d210b",
|
|
"indicator--563b5d12-96f4-4558-a706-3798950d210b",
|
|
"indicator--563b5b71-9c4c-4d50-989d-3798950d210b",
|
|
"indicator--563b5d16-dc54-449b-baf2-3798950d210b",
|
|
"indicator--563b5bf8-0464-429c-9f03-3798950d210b",
|
|
"indicator--563b5c08-440c-4e82-af88-3798950d210b",
|
|
"indicator--563b5c0f-476c-44d1-b0d4-3798950d210b",
|
|
"indicator--563b5c20-9624-45e7-928e-3798950d210b",
|
|
"indicator--563b5c3b-257c-4995-af04-3798950d210b",
|
|
"indicator--563b5c3e-70e4-4543-bf9c-3798950d210b",
|
|
"indicator--563b5c4a-9c9c-4f22-a4a3-3798950d210b",
|
|
"indicator--563b5c51-3f14-406d-abd5-3798950d210b",
|
|
"indicator--563b5c53-8d94-49bc-b558-3798950d210b",
|
|
"indicator--563b5c5b-d5bc-43d6-ab98-3798950d210b",
|
|
"indicator--563b5c5d-eab4-4c97-a0eb-3798950d210b",
|
|
"indicator--563b5c63-fba4-45af-8bed-3798950d210b",
|
|
"indicator--563b5c64-ee94-4c4d-a2e3-3798950d210b",
|
|
"indicator--563b5c6a-86f4-4f08-9032-3798950d210b",
|
|
"indicator--563b5c73-5848-44af-885c-3798950d210b",
|
|
"indicator--563b5c7d-1eb4-45e3-991d-3798950d210b",
|
|
"indicator--563b5c93-b4fc-438e-ad27-3798950d210b",
|
|
"indicator--563b5c9a-dde8-41ce-882e-3798950d210b",
|
|
"indicator--563b5cab-50b8-416b-a8a1-3798950d210b",
|
|
"indicator--563b5cbb-6f20-42fb-840c-3798950d210b",
|
|
"indicator--563b3ee6-fc74-4cd8-b2c9-4d51950d210b",
|
|
"indicator--563b5cf4-569c-428b-bc1a-3798950d210b",
|
|
"indicator--563b5d04-6f70-4642-b073-3798950d210b",
|
|
"indicator--563b5d06-c474-44bc-a028-3798950d210b",
|
|
"indicator--563b5d10-faa8-4458-ab52-3798950d210b",
|
|
"indicator--563b5d11-7394-4e7a-82a9-3798950d210b",
|
|
"indicator--563b5d2d-7900-4e99-8761-3798950d210b",
|
|
"indicator--563b5d37-182c-4cb6-9929-3798950d210b",
|
|
"indicator--563b5d37-a640-44d4-b2e8-3798950d210b",
|
|
"indicator--563b5d3f-29e4-456f-84b6-3798950d210b",
|
|
"indicator--563b5b69-bd58-4727-8f57-3798950d210b",
|
|
"indicator--563b5b6c-53d4-4861-85ce-3798950d210b",
|
|
"indicator--563b5b70-2830-423f-81e8-3798950d210b",
|
|
"indicator--563b5b83-4fdc-4331-8ce6-3798950d210b",
|
|
"indicator--563b5b83-8bac-4aab-9497-3798950d210b",
|
|
"indicator--563b5b8b-2d30-47eb-a4bb-3798950d210b",
|
|
"indicator--563b5b8d-bdc0-4dae-8c4e-3798950d210b",
|
|
"indicator--563b5b8f-21d0-414f-85ac-3798950d210b",
|
|
"indicator--563b5ba7-448c-43a7-b246-3798950d210b",
|
|
"indicator--563b5bb1-e0ec-460e-befe-3798950d210b",
|
|
"indicator--563b5bb4-4e88-479a-97b1-3798950d210b",
|
|
"indicator--563b5bc4-07e0-4899-9d14-3798950d210b",
|
|
"indicator--563b5bc5-b864-49fb-9f2f-3798950d210b",
|
|
"indicator--563b5bcb-8108-4a06-bbbe-3798950d210b",
|
|
"indicator--563b5bdf-49e0-4154-9e55-3798950d210b",
|
|
"indicator--563b5bec-4ea4-430d-b8b8-3798950d210b",
|
|
"indicator--563b5bee-6b10-4808-8ba4-3798950d210b",
|
|
"indicator--563b5bee-1dc0-45ee-9afe-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"admiralty-scale:information-credibility=\"6\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eb8-ed10-46d0-94dd-4d9a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eb9-10e8-42cc-87af-4c19950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.223.25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eb9-e598-464a-816e-4f00950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.167.22.221']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eb9-cbf8-40bf-b16f-49c7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.82.60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eba-bf7c-4701-9424-422d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.146']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eba-21cc-471d-9e56-42e5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '4.131.152.108']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebb-fa08-4398-be17-4879950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.75.214.29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebb-87a8-4b8a-a694-4764950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '28.39.127.170']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebb-cefc-473e-9db7-44fb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.248.46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebc-85b8-422d-92d0-47a3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.80.110']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebc-3e18-45e9-8c64-4412950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.221.13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebd-e9a8-4a35-960a-4584950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'natco1.no-ip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebd-a5d0-4b2f-86a3-472a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.247.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebd-24fc-4845-97e0-4d72950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.78.61.41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebe-1eb0-4eab-a1a0-4a40950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'lokia.mine.nu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebe-d2fc-4aa7-935f-452d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.250']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebf-99ac-4664-b952-4696950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.8.35.126']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebf-8128-44fa-8f94-451c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ebf-9304-41ba-ac8c-461b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.223.38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec0-f988-40e0-aac1-4729950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.75']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec0-a224-421a-b9c9-4bdc950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'remoteback.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec1-26cc-4f70-89ac-4258950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.179']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec1-5138-48e8-a4a9-41c7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.171.124.13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec1-b32c-4e5d-972d-45ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.103']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec2-0cd0-48ae-94e8-40a9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.112.204']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec2-57c0-4420-8b47-4123950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.173']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec3-c460-4699-b0b8-4a91950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.210.113.159']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec3-e69c-4213-bf48-4ac6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.115.137']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec3-938c-4d98-8bf2-43fc950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.232']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec4-d790-4f33-98f2-44e1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.99.2.42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec4-f8ac-4add-9142-430a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.255.174.13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec5-28d4-4189-ab11-4e13950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.221.20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec5-3174-462d-99d2-4510950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.151']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec5-4950-4473-a322-48ab950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'helpme.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec6-8274-4502-a772-4fa5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.80.107.129']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec6-2b20-4175-b67a-4d7f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec7-5750-4e00-b2cb-42a1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '28.144.135.60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec7-0f80-4d5d-916f-4ce4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.131.152.108']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec7-466c-4544-b067-4700950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.176.74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec8-4f98-40cf-8372-490e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.127.254.106']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec8-3378-43c6-b92e-466c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'natco2.no-ip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec9-8374-4bcb-85aa-449e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ramadi.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec9-b854-463e-91a5-4c14950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.255.189.137']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ec9-d2a0-4fc0-89a3-45a4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.158.177.102']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eca-c8f4-4cd5-a10c-426e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.81.69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eca-f2ec-4220-a49e-4292950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '12.152.196.39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecb-ceac-4941-ad72-4acd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.81.18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecb-6bf0-458a-8f8c-4d37950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.207.28.157']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecb-5d00-4296-9ca8-4536950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.126.25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecc-1f74-4ca4-8886-4c95950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'owner.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecc-ac94-4c30-9764-4186950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecc-3908-42d3-96dc-4a69950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.207.22.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecd-7de4-4e96-b16e-4914950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.82.130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecd-82c4-47a2-90ec-4bbe950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.65.5.104']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ece-0268-4589-8ecc-42ad950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.255.189.185']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ece-d724-4e78-b1ea-433d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ece-2be0-445a-8aba-4319950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.9.157.233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecf-e618-43a0-bccc-4a3d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.193.78.118']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ecf-9204-4891-9143-4dfb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.75.215.43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed0-d198-4a2f-9b76-49ef950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.247.76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed0-b690-4615-90b4-40db950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.0.50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed1-e864-4613-bcac-449f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.110.104']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed1-9ca8-4330-9aaa-4fc9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.47.195.5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed1-7f90-42cf-a1e0-4c38950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.107.4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed2-621c-4e8c-8187-47aa950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'powerhost.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed2-c080-4df0-afe1-41e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.247.102']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed2-987c-4fc4-b4bb-49f9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.107.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed3-da38-4e29-8890-497f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '76.73.114.231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed3-8820-4f6d-bbd2-4b48950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.207.28.124']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed4-a008-4d22-b257-4538950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.127.252.1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed4-da10-4fe0-9617-4363950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.hint-sms.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed4-35cc-41a8-a012-4be4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.158.126.21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed5-1cb0-4617-948a-44cd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'may2008.dyndns.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed6-6cbc-423f-857a-4b23950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.173.8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed6-a3b8-4994-a20a-44cb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.166.10.167']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed6-5200-4d9e-8cc1-4198950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hatamaya.chickenkiller.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed7-a508-4305-b434-4a1e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hint.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed7-a5b8-4593-931f-4db3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.221.30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed8-7cec-440b-9c7c-411e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'flashsoft.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed8-79f0-459c-873a-4133950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed8-1ed4-460c-a564-4f29950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.81.27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed9-8104-4657-af75-4a29950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'javaupdate.no-ip.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ed9-6734-40ea-93ce-4e90950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.79']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eda-211c-4620-b7bb-4370950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.176.140']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eda-fd48-45ce-9189-4d79950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '20.106.130.84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eda-ab98-445d-8f31-483c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.213']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edb-1ef4-4ca7-90f4-4e36950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.61.41.49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edb-9828-4c7a-8827-49d8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edc-c45c-404b-9187-4605950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'natco3.no-ip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edc-db1c-4a23-ad96-4bf9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.98.131.47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edc-f1b4-4cd1-b1e2-4342950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.80.107.179']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edd-ab50-46bd-ba24-4ebe950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.176.208']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edd-22b8-4c7f-b815-41f9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.208']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ede-ff64-4cd3-9884-409d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'menu.dyndns.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ede-64a4-49ec-a815-4fda950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.80.202']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ede-b618-49b4-973d-4463950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.223.67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edf-f848-4f6a-a779-43c4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'loading.myftp.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3edf-a874-4149-b6c9-4a27950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee0-0060-4010-a1e4-4242950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee0-f394-453d-985a-4d6f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.99.2.20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee0-cd88-48d2-abee-4925950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.200.23.207']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee1-aa88-47d5-b0cb-48a8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.9.157.20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee1-d1a8-465b-aab3-4f29950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.81.106']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee2-9dec-4409-a2db-485a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.220']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee2-10fc-495c-ad77-49c2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.247']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee2-d6d0-4777-a4fb-4666950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.142.255.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee3-995c-4099-9ba6-49a7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.176.70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee3-5ef0-4313-978f-445a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.80.108.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee4-bf74-4b7e-8cbf-447b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.255.189.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee4-46bc-4396-98c9-46f8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.220.246.117']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee4-4e00-4092-bdd0-4268950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee5-1a04-4ae0-b908-4f71950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.154.155.36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee5-1894-4880-a362-4882950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'natco4.no-ip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee6-abac-4823-9ac5-4fe5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.255.189.205']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee6-c090-469d-8a84-4654950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '24.142.255.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee7-cf3c-490c-a810-46fd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'test.cable-modem.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee7-c67c-4865-b768-42be950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.237']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee8-feac-40b9-9784-44d4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.229.70.246']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee8-aa8c-4425-931f-4a43950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.248.7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee8-1d30-4f5b-b00b-4bb3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'monagameel.chickenkiller.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee9-e988-4648-93dc-4550950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.176.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee9-38d8-4ab5-b3a8-4ac2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.177.32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eea-1ed0-41c8-8149-4070950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.84.188']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eea-5e1c-4a06-999e-4085950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '20.131.152.108']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eea-92bc-4e67-a8d6-4eda950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.188']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eeb-ff28-45cc-8e1a-4ad2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.80.108.105']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eeb-ae60-4f13-b4c5-4be4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '16.142.255.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eec-8b4c-4497-ab8c-4fe2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eec-6a48-4d95-b015-4f58950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eec-d7c4-42c2-b754-43f0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '76.73.114.245']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eed-dfb8-43b6-b893-4bea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.115.208']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eed-c0c0-4713-ae9e-42ca950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.255.189.145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eee-0524-4e6e-a20d-4937950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.82.244']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eee-4674-4a41-a474-4c08950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.166']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eee-c81c-4cbd-b1c1-4ab7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.20.74.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eef-d1e4-4861-bcce-4c62950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.46.69.198']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3eef-07cc-4637-8518-41b6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.250']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef0-4828-42e0-835d-498e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.136']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef0-631c-46fe-8c14-4c1e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.171.96.58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef0-da74-4f5f-a080-40de950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.166.10.156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef1-1ef0-4789-a71b-4b1c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'good.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef1-5d74-462a-92dd-475f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef2-f954-434b-a7df-4761950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.161.177.143']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef2-1b98-451e-a78c-422a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'mjed10.no-ip.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef2-3bc8-487f-8ac0-44bf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.248.13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef3-d0dc-4869-8fdb-41ec950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.247.114']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef3-7e70-444d-9427-4a45950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef4-4728-429f-85d6-4cdd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.239']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef4-17a4-4072-a48d-4852950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.213.146.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"first_observed": "2015-11-05T13:56:14Z",
|
|
"last_observed": "2015-11-05T13:56:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"ipv4-addr--563b3ef4-b090-4946-8cce-4932950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"dst_ref": "ipv4-addr--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--563b3ef4-b090-4946-8cce-4932950d210b",
|
|
"value": "0.0.0.0"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef5-a988-4b90-bbdc-431b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.115.247']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef5-fa64-4cfa-9b1e-414f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.139']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef6-e958-4570-81c5-4fab950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'idf.blogsite.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef6-2410-4263-b19c-423b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hint1.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef6-816c-492d-b332-4b6e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'skype.servemp3.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ef7-51f0-4ffc-b948-4352950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.135']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b578f-339c-4951-9b82-44f9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '536543.fateback.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b578f-ad30-46b6-b2cd-40e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1812ec5f8fe477ce63efe232dd0b4873']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5790-3bc4-45c3-8e63-481c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c6f40338e3cb0d5e7543c30f527a3583']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5790-41dc-444d-9240-4b6c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a0c01a209e6aea92aa52febe305d6fd3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5790-d9e8-48d9-961b-4704950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '6536562.fateback.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5791-1244-46d0-81a6-4117950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '08da77cef3d56ecaa5fe98624fd80b1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5791-f0f0-4139-98a0-4b76950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '70d53c44138160a495a5089d619e2a03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5792-abe8-4142-8917-4fb6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b617ed6c9ab846249c893a51175dc29b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5792-5974-48f0-9cfd-489b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.166.122.234']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5792-339c-4d57-8866-423b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ftp05.freetcp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5793-98e0-47bf-87c7-4f2b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd743a22cab2e219035e5474175decdc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5794-f580-4eb3-8646-4555950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e53bb81ab8bb57344055f5ceb704adc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5794-2ce8-4c5b-8a86-4d87950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b6d2f293e58d082273e36ea05acf1f43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5794-4440-4b82-a444-407f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a84fc4f3f628082da37ec22800f2dc72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5795-451c-4f51-9bc3-42a0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '85439bfe10537e815542a03194c8e674']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5795-a024-40ef-bc80-4ea3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '05895f49bfb6f92e20bc0cc2407d9191']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5796-2468-4d01-bdb1-4fbd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4124496faa7e2b44435af02873b0edf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5796-fc10-472c-997b-4a89950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0ac82fef5edbf57df9ce608cbb98400b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5796-bbd4-4a84-a1cb-4e9c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '234.81-166-122.customer.lyse.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5797-8c1c-451f-9a40-4f66950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e313ddcaa2706327f46be85d2d167fb7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5797-086c-4690-ba8e-4c53950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0041a9e075aace5d952a3bf7934df3d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5798-de58-4967-89ab-484b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd44d9f02bd8a958369c5a8f06a818355']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5798-cb48-481a-91ff-449c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0252e8d909b8b0e064c87ee994449170']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5798-74a8-4085-a23f-4cd4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9c279314d46c89dff020551326137791']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5799-84c0-4952-9aa8-43c1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8ca9e218801597212bfa6bc687723874']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5799-6fcc-4f3e-b5a6-48be950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8989bc6d429387323dffdb7aec650b24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5799-6d78-4f19-97c2-497d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8c0a2c24a756e139cac57783ef3493b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b579a-ce10-4ba2-a85c-4703950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '35883e06b8875fae96ccafc2959b80c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b579a-1d0c-450e-9299-4b6e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '72b59a43a94bf6dfb26329d13bc5ac74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b579b-3cb4-4576-b8a8-45cf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ftp06.freetcp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b579b-d484-4a7d-a1e0-471e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ecceae8cba0f8de575066852f82669c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b57ef-5554-4f0b-a489-40a9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.195.129.71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b57f0-3800-43cb-a5d3-4f2f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.43.141.188']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b57f1-bd44-402b-b183-4c04950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.101.183.146']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58f8-9234-4a0c-a514-4f36950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f2826d8c314b6f4a055527f5dcc731dd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58f9-85f0-463a-ad3e-4927950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.76.99.221']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fa-d914-4116-8d9b-4b11950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '308863c8460af5589b9e10cf1029af46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fa-d050-4c14-821e-460f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f5ad6be82ab101e2a1e92bb21884a2f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fb-b950-4539-b7d4-4c48950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07bcc42508b3d95e4549bb1617c06a50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fb-df6c-42dc-a48e-40c3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7a8e3a9ebf365caf568a5383b6e3e861']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fc-d51c-49c6-85a5-4760950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '00d75b02a237e896e653b5108cc730c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fc-6308-4c5e-9882-4895950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd34990862aee318c3c4c9a64eb87f020']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fc-0630-4825-ab60-48e2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.afisha.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fd-26cc-4b2d-bd6d-42a2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ad2ccb7d07729e78266415f9a1b9dd16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fd-7808-470b-b7ec-480b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.131.61.33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fe-39c0-42a0-9ec4-41f4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0079ee50f8d1240aa2ac7306ecff563b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fe-a7d8-42d6-8bc4-43ba950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'psynergi.dk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58fe-6660-4562-8ce9-412d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '102.6.175.69.unassigned.ord.singlehop.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58ff-df8c-4340-99cd-42ed950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3d5e46300d7391e0fda235b3e28a63b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58ff-c18c-4619-a686-498e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '27830c13968be6caefd2e75c9095fff6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b58ff-ff60-4628-a52c-41ba950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.91.80.25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5900-b628-4a28-906a-45a3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '70854fb3717d8e692a4a79c347a91021']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5901-d060-4521-be4c-412b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '39c23422.exofire.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5901-b478-4d87-a52c-4a45950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '334696b5abdcfe6ff4e9bfa33388506d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5901-de7c-483e-9288-4d3e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'af63eaf76efd27aa88e89b60805bd311']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5902-0fe8-4213-ada2-46e2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '182f08870c22e4f41b20bc0c72040e63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5902-ca4c-4f4e-9ec0-4b3f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1817d132ae3da088c90aba65a16d7fd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5903-7568-40c5-857c-4a5a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.85.61.78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5903-20d8-4e96-af98-40d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'eda.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5903-b568-481a-8341-4b63950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.19.88.89']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5904-b83c-4688-a4c6-43c7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '61609d3b70b678b9530cce3ef7f0e7d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5905-47c0-4f25-ba49-499a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '8953a258.orgfree.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5906-1cdc-4745-97df-4df9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '7a5fb48b.110mb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5907-7694-4b7e-b39d-461b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'kubusse.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5907-d51c-43f4-a56f-49b1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c66f749b2d6ac0cc6d49b2cea366effd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5908-9344-4564-8b8a-4bd4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '239f62dd.110mb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5908-0acc-42f6-b60c-4f97950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.37.76.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5909-e990-421f-8f04-45e0950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.160.249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5909-5594-4fc2-9677-4cf6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fcf22c940acb461bd66964021f47c0f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590a-2db8-4f36-acdb-4c87950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '01c2dc978ebedb5f6b50647492faa2f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590b-5bbc-4e86-8da0-4911950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.19.88.88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590b-d368-4126-a05e-4d18950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '81fd7838bbf7ab58f3f597d339f07c72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590b-50c4-4fb0-aaff-4703950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e2f6464abdba14d2ceb66916affd070d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590c-7168-4638-861d-4407950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '315f824b529fb2cf66bfeba16f28e6c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590c-cee0-4bad-bec2-4bcb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '0b65d839.x10hosting.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590c-e454-4034-a3df-468e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '00236a27a5d20c88aae81166a0d26537']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590d-6c34-4526-8dc2-4cf8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ba028705ce114c4f7e8c179e7dfda802']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590d-f500-42b8-811c-4070950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'vesterm.freehostia.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590e-6dac-4dbf-8d21-4007950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.91.80.106']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590e-e29c-498c-b509-4aeb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '3a068104.hostei.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590e-4988-49b9-8899-4cbd950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.175.6.102']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590f-0ddc-4975-92f2-44fb950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b5c01ffd82cf87cdc5e78a9291890bdb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b590f-8f80-4319-9236-40b2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'da93bd8355aaf4eeed5d5aa0e5fbd50c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5910-8b54-4949-8a4d-495a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1aa9fdfc1ef3f15447be83144dbba584']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5910-afa4-4e2b-aab9-4266950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '030f521773150db68d1ca7f3c31f41f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b68-97c4-4890-8aaf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3fabccdb91cf9038dcffff47bc364830']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b68-bd14-46c5-aaf6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.28.249.128']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b69-4f5c-4bb0-8366-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.170.79.231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b69-a644-4b9c-b7b1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.56.244.220']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6a-6920-4f1a-becc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0a22547458eee07f8a218892f6fc76ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6a-1ed4-4e56-9d7b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'b5.f1.2bd0.ip4.static.sl-reverse.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6c-3434-4549-82f5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.95.99.23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6d-0590-4903-a514-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2108153096436c8629349d0083810bc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6d-e0bc-4b0a-b5ed-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.236.23.22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6d-54bc-4318-96d3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.123.72.47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6e-8300-4b05-81c6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.winpy.usa.cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6e-5044-44c5-94d9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.171.108.190']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6f-2da4-430a-aa1e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '77e2e77977feec8ac5ed6555d52b4b16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6f-bae0-4b6b-8a9c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6788b33b1577a0b450888075a6700916']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b70-aed4-485c-9e47-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4820b8649083f2c7a64912cd3cb72c87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b71-3938-459e-a391-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'google.com.r3irv2ykn0qnd7vr7sqv7kg2qho3ab5tngl5avxi5iimz1jxw9pa9.uae.kim']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b71-5a9c-40ea-bc7f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.145.11']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b72-da14-4745-a7c0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'microchiefs.twilightparadox.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b72-2d84-43d7-b9a3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9ccfc2041d5a3b98db5c85b8a8a875da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b72-25f0-4923-9a05-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b73-ee74-4c4e-adf9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f70ed3e755f2aa6c1dac27fe2ffc5d6f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b73-ccb8-494d-82a7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.211.213']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5b74-48f4-4b4e-bd5d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5b74-48f4-4b4e-bd5d-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5b74-48f4-4b4e-bd5d-3798950d210b",
|
|
"value": "u.qurl.f.360.cn"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b75-46a0-4a24-b9e5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b7f04d268134faa3f8aaec5e8e25d0f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b75-a6f4-4df1-8702-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'essentially.algochanges.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b76-1980-4755-ad84-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ceb4a5b0c484514b61b290ca82b1ba68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b76-d920-40ce-9634-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e22202c0f39502b530dfa70733876013']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b77-68b4-40b9-92ff-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5d7bf2f79727fe332035728dfce9fccb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b77-4f8c-4f9f-b4c2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b78-7ff8-4dcd-bd4a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1f139ee4a6091d4125102bb5dcdb1191']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b78-e96c-42e3-9ef8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '96662139f5058164a04aa7cf4e486ef5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b79-b1d0-4ba6-bcaa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www245.bluedealsant.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b79-fb00-450c-8e8d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ccc100b9b54597da7a7d4f6b4c2db234']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7a-c298-4521-9548-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.88.48.151']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7a-2dec-4785-8fe6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1eac78fc15d2463d9b5a940b74959241']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7a-0a70-4206-bc24-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '14.169.40.149']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7b-c604-4bdd-b67f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'nooby123123.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7c-7664-4a05-bb6f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'dont.dnset.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7c-900c-4513-b3d5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.254.114.121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7d-9c34-453b-a4c9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.72.141.187']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7e-bcc0-46e9-b159-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.158.5.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7e-fe38-4b31-aa0c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8d2c1314c63b98fd3a74e5258f0ea0f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7f-bde0-49d4-8bf2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d24c8355288f3f10271cbd13af4f43e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b7f-63f8-48a6-b25a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4a8b6c73a347e928930af80349864471']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b80-acbc-4d93-b7ff-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '30e22da1e83695a42804b339fb72d364']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b80-4428-4e4b-95a0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.6.58.198']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b81-b0f4-4aa3-9a45-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'botbot.no-ip.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b81-c6e4-4d99-85e1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '42-154-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b81-675c-4631-861e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '933126ab45f10b76c90672099ab3c432']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b82-5fe8-480c-a415-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '190.108.171.108.client.static.strong-mf26.as54203.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b83-d958-4742-932e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.26.252']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:40:58.000Z",
|
|
"modified": "2020-08-03T06:40:58.000Z",
|
|
"first_observed": "2020-08-03T06:40:58Z",
|
|
"last_observed": "2020-08-03T06:40:58Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"ipv4-addr--563b5b85-bbdc-4eb2-b11b-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"dst_ref": "ipv4-addr--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--563b5b85-bbdc-4eb2-b11b-3798950d210b",
|
|
"value": "216.59.38.123"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b86-d6f8-4420-8b88-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.92.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b86-bff0-4e9a-9576-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'clay157.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b87-7688-4307-b708-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fea84eb04892bbabf73e8f494fa05e15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b87-2068-4862-9f9f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.82.46.253']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b88-b860-4894-a54a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.7.61.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b89-64a8-4a15-8ee4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07561810d818905851ce6ab2c1152871']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b89-c5b0-40ad-a7b3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'li45-233.members.linode.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8a-e67c-4fc9-853e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ee9e3b26bbbb89c4582f940ed03115c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8b-29e8-455e-8566-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b041817fe2dbe1b58af0842b4b15e01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8c-0cdc-4275-a76c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'dcsetup2000.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8c-8124-4193-9958-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'm3iz-00.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8d-be34-4db0-941d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2aa75eee002fab24049b162ce8407015']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8d-ec14-4ef0-83c4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f9d875a879a9ed3cd6ec960b0af975a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8e-495c-4987-bf0c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.226.11.122']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8e-0130-4003-89fe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bedff13cbce76b7e2cda49a68c40a533']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8f-e9b0-4a5d-9fc5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'egypttv.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8f-8390-4129-a4a4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.193.253.110']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b90-77a4-4d6e-8528-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'sh2.purevpn.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b90-fb50-4b21-85dc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '49.4.0.10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b91-8ebc-4af5-8a8b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'lilidega.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b91-4d18-484d-9d20-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fc93a311e8b6456c77d5e910ff6eff3a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b94-dfc0-49f6-9bb0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6289d7079d489e416fdc4633a6dc51c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b94-5f30-4436-a1be-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '89e2a404202e83cde0bbe360b3469cc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b95-5918-454d-8107-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4558b9bb1362385d8df2d5dc43ac1819']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b95-5230-40b6-8398-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c77aea623b26bc33c0cf2937a0c93aa3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b95-d154-43cb-a179-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c5e4cbb5d1ec1ee5f28a1cdf5b8a92c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5b96-4980-4416-89de-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5b96-4980-4416-89de-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5b96-4980-4416-89de-3798950d210b",
|
|
"value": "ec2-54-213-146-215.us-west-2.compute.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b96-f578-4ccd-a526-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'bitsoft.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b98-d3f8-45fb-8fd2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.72.230.162']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b98-9260-4e0e-96b1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0731b597e61c2fd74577239fc53c794b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b98-1d38-4232-a1c1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a5ee4fbb72543b8f884af592b9d99a93']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b99-473c-4b3d-bfba-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'stromoliks.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9a-a2ec-4c8f-8aa8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '191-148-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5b9a-3f68-461e-87c8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5b9a-3f68-461e-87c8-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5b9a-3f68-461e-87c8-3798950d210b",
|
|
"value": "ec2-52-28-249-128.eu-central-1.compute.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5b9b-c89c-48c7-ac29-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-06-24T07:37:16.000Z",
|
|
"modified": "2016-06-24T07:37:16.000Z",
|
|
"first_observed": "2016-06-24T07:37:16Z",
|
|
"last_observed": "2016-06-24T07:37:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5b9b-c89c-48c7-ac29-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5b9b-c89c-48c7-ac29-3798950d210b",
|
|
"value": "zapto.org"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9c-6764-4389-a1e3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f975521a337dbd521fb6e63bd18b6f8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9c-ea9c-4ddb-96fc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'alfa1000.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9c-6388-499e-ad9c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ptr-216-8-179-25.ptr.nextdimensioninc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9d-8740-4ba8-9e87-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.67.4.10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9e-0be0-400a-b349-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '10a7cf11e719997ae90c9822d397dcc0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9e-32a8-4856-9845-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '134.170.184.133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9e-9354-496b-95cb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'chv-4.achieveperfection.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9f-9e38-49bd-a608-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.181.131.233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b9f-3360-4a1b-8621-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.bhtfriends.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba0-15f0-4e4b-9691-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8fb481592cf8547ce50d44f629619a64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba0-aa50-44ef-883d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.126']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba1-27c0-48f2-b3e9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02970a6af18219b9a3871b9de22ae2da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba2-9e24-4e9a-8538-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2bcdc5091c446e8b6888d802a3589e09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba2-5694-41f3-bab5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b44aef3870c3a92d01c42e957f0410a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba3-2d94-4920-b44e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fd94458c0de734c45a226aae6d54bf6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba3-4294-4b1c-a60d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '60f2e101baf829bdcc0d1caa61863bd7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba4-131c-43f2-90f2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.82.202.207']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba4-71d4-498e-b83b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e9d040438f8b7fd11f9fcc87f804b433']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba5-6664-40e3-b906-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '150.189.255.173.client.dyn.strong-mf35.as54203.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba5-25e4-4fe2-928d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'node-1b3d.pool-118-173.dynamic.totbb.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba6-2268-4906-a92c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a1a637a880cfcd4694ed3db367eee2d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba8-ad20-4821-bc80-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '367c1c970f80bc5ae63c0b77f2e42992']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba8-ea40-4fdb-8644-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '12bf48aad67e6aa7ded1498c4858d865']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba9-0d9c-4f94-b183-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '106.254.127.199.client.static.strong-in67.as13926.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba9-0cfc-4aaa-a84f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ef999ee09422d4c4c3fd48c9c439f901']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5ba9-db10-41e8-be7b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5ba9-db10-41e8-be7b-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5ba9-db10-41e8-be7b-3798950d210b",
|
|
"value": "ec2-184-73-214-203.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5baa-8490-4299-b73a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '29c18600dec3e79d4a0f3d51eb1579a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5baa-b724-4ad9-abec-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '15d1f21dbfc9b71f285f591bebfbfe73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bab-4334-4a06-8402-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.91.197.204']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bac-5a04-4bc6-a5ff-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bad-93e8-4cef-90c6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'update.ciscofreak.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bae-2380-45db-8921-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07270db65db7e6bc80f7713845a8300a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bae-b530-4559-b43c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'removalmalware.servecounterstrike.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5baf-07d8-404e-92ef-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '128-72-141-187.broadband.corbina.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5baf-883c-4555-8878-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.181.131.234']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb0-7524-4033-bc86-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '165.254.114.32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb0-2ae0-4bbd-8064-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.lukki6dnd2kdnc.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb1-249c-4baa-b661-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'host-108-60-15-13.doteasy.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb2-757c-4802-a1ea-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8a5422c7d2514d7ad0ed912593547009']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb2-a190-45a5-a942-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.153.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb3-f18c-4a74-929f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e46a57c6d49b7de650ca473426741d3b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb3-d2b8-41ff-b661-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.117.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb5-2a9c-4f7b-a894-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c0eeac7e2a8757768db796a0b7519ee6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb5-9740-4706-8e41-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'b3.f1.2bd0.ip4.static.sl-reverse.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb5-c024-4f8a-bf95-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'anonymous-0.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb6-ba3c-40ae-b8bc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'jason44000.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb6-ad34-49ea-a70b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '74b56c75f6527f057967c3642d7f76e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb7-599c-4c8a-9a79-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c269bf0fd018ec0080f568160de3f0fb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb8-17c0-41b3-b489-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'down.7yue.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb8-e708-4a8a-a7ce-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '81c8bef50d2fffa1f21cce2b5f9810fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb9-b7cc-44ec-8569-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'whois.uae.kim']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bba-88fc-4e3f-b596-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '30146d472c497f002811f8c207db352b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bba-40d8-4bba-a282-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'rrcs-24-142-255-215.midsouth.biz.rr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bba-f0b4-43cb-a3ab-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '317a87b0a03c0c7532ca322e1b8226b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bbb-fe70-470d-aa60-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd850d6a5a34cbb5c030775d30d21b0d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bbb-bbb4-4f6e-a4cc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.135.162.119']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bbc-14f0-45e0-ba6f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '66ecf5e7936c4aee89e5b78656623e73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bbd-7100-4866-9980-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'mp4.servemp3.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bbf-3ae8-49f3-9c2d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f950907965f82119a919e5392488b455']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bbf-87d8-4cad-8988-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.57.213.64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bbf-eda4-4727-aa2c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'gov.uae.kim']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc0-8b34-4e1d-b65d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.117.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc0-4100-4dc7-931e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '152.74.20.198.unassigned.ord.singlehop.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc1-b840-42f9-93c2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '564b7276e04556646af4e1c38e05a93a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc1-4b44-43e1-8803-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b864a7763db860436035f4f8775dbd50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc2-2000-4302-98c0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '128.177.96.131.ipyx-074089-900-zyo.zip.zayo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc2-40c4-477c-984f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.150.42.114']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc2-9930-4060-a005-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '95ac31c40a32a6a44f84a6b77dd76332']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc3-e32c-4730-bd93-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.72.238.223']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc3-f994-4ccc-95e3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ahmado.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc4-ec84-427e-91b7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '34e94a52139c4d994b65921d17379783']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc5-6b80-411a-881a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8fa706569ebc147c4010e204c7586172']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc5-03ac-4df4-8274-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '497e67364304f7d84c69296d594c67c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc6-cc20-485d-bf5b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.14.182.233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc6-0988-441b-b6cc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '184f870d527eacc6e28f84efdb67df37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc7-441c-4007-929b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.44.38.74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc7-550c-40de-857e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '11-145-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc8-b9e0-48d0-bdf1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '55-158-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc9-b6dc-4e8f-a413-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.186.34.91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bca-85dc-4fa3-b7f8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bca-55c4-408c-a114-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '75.126.77.87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bca-d2f0-4896-aa68-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd622810a8024c09f07175b788ec0a764']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bcc-5234-45dd-a0d8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f22ef7d30481ef63b6d842f6f1c1c60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bcc-e1f4-4ed0-9236-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '249.24.175.69.unassigned.ord.singlehop.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bcd-c108-4b28-8073-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'frh-0000.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bce-68e8-481f-bc8c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.158.9.6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bce-8ce0-4581-8787-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'isp.servehttp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bce-3c6c-413a-94c9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '24d7666ac0366d9308a05c98e5c57e9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bcf-880c-4fcb-b2f7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '254-150-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bcf-ba6c-4412-9fd4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bc7bb730e98fcde7044251784e0d8ceb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd0-c108-47f0-b2cf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '09b5f55ce2c73883c1f168ec34d70eb9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd2-db18-4fd3-a4e2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.253.252.27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd2-a280-4dee-89cd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'sofianesou.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd3-3ac8-4d5f-b190-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.60.15.13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd3-adc4-4788-a57b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2bdb94df14fa5a2ddf9522ac05720d2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd3-7828-44de-84ec-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bed14c5b9db410e398e142bfc0cd0a61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5bd5-c58c-4ee8-b5e7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5bd5-c58c-4ee8-b5e7-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5bd5-c58c-4ee8-b5e7-3798950d210b",
|
|
"value": "ec2-184-73-167-20.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd5-466c-49f4-8660-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.148.131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd5-e4d8-4a8d-b7c6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'israisth.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd6-189c-4963-9dac-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9eaf0e6837ce7444040d9ab9c42fc147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd6-2bd0-4dce-9b57-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd7-b2b8-48f3-8b46-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f025ec5de4fc2cda7ccf988484082315']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd7-62ac-4ea2-9457-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '9jdce88iz1acbv028hq3o96507l29s.ipgreat.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd8-dc04-41c3-ae86-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'dialup-4.131.152.108.dial1.losangeles1.level3.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd8-25f4-4fa6-bdb5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '0000.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd9-f5e4-4c88-bb98-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'web55.alexiadns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd9-9fdc-42f3-81dd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'login.collegefan.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bda-ef98-4f8f-8d6a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'adobes3.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bda-2f68-4f5d-ac24-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.151.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdb-14c0-4e31-9464-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.188.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdb-686c-452b-a3cb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.120.162.176']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdc-27a8-4719-9b84-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.177.96.90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdd-bee4-44ad-b08b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07546536352e8435c078fb06c5ead2bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdd-330c-4a78-bdf4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a51edbae957be0a7fdf96f176e596e22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdd-0b98-47bc-82aa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b0a387fc5a3eedcf671f6c7053c5525e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bde-daf4-4948-852b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.173.238.105']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdf-1068-4275-af44-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aead225cf2c7ff837b9164d29ec5034b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be0-88c0-4968-8d38-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '124-171-173-37.dyn.iinet.net.au']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be1-a0e8-4af3-98df-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c27791457932fe95bfc66e064b2896e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be1-8634-4d51-9b77-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f31572c8035eeb5cfecfe406925ebadd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be2-f824-4dcf-81e8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '157.238.74.49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be3-9130-425e-8e11-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c78cbb6703ccb97802633db145ba36f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be3-0a24-4f86-9a6c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'su.noip.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be4-f1ac-437e-be8d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '117b20d1ff962a7d8fbcb0ce8e8a7ae6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be4-8810-4fd2-a81d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d789e07fa95535ededd79fe5e991add']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be5-549c-4812-8a90-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '16346b95e6deef9da7fe796c31b9dec4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be5-9178-412d-ac13-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.120.5.143']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be6-9610-4ff5-aa26-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '0j820j6.lightfre.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be6-8df8-40de-af32-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'g74.124-44-38.ppp.wakwak.ne.jp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:40:55.000Z",
|
|
"modified": "2020-08-03T06:40:55.000Z",
|
|
"first_observed": "2020-08-03T06:40:55Z",
|
|
"last_observed": "2020-08-03T06:40:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"ipv4-addr--563b5be6-1720-4f09-b9a5-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"dst_ref": "ipv4-addr--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--563b5be6-1720-4f09-b9a5-3798950d210b",
|
|
"value": "67.215.253.139"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be7-97f0-4600-975e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '31fe30196c2f7dc4ca8d6b8f1070dd6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be8-8574-4599-9556-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'playgame.servecounterstrike.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be9-0afc-4332-950b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.68.81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5be9-9464-4c31-b491-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2020-08-03T06:40:51.000Z",
|
|
"modified": "2020-08-03T06:40:51.000Z",
|
|
"first_observed": "2020-08-03T06:40:51Z",
|
|
"last_observed": "2020-08-03T06:40:51Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5be9-9464-4c31-b491-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5be9-9464-4c31-b491-3798950d210b",
|
|
"value": "anubisnetworks.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bea-e2c4-4aa4-b128-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '690354f894d6ec0b82287683acd873f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5beb-f738-49dc-8fcd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8ca915ab1d69a7007237eb83ae37eae5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bec-8224-4f28-aa7c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'googleupdate.servegame.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bec-e700-42d8-b94a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.38.187.102']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bed-96a8-4725-bf3b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.248.193.143']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bed-3160-4f2a-a856-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2e79a333e15f16ec5f309a7656fea945']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bef-fa84-41c2-964e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9dccb01facfbbb69429ef0faf4bc1bda']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bef-de1c-4c5a-9bba-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.251.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bef-72b0-45be-88f9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'omagle.serveblog.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf0-da7c-476c-8628-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '13.174.255.173.client.static.strong38.as22781.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf0-2148-4f17-842f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'microjonjokoss.jumpingcrab.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf1-fda4-4308-ba95-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1e28b72baae6c0edfad646b838ee6b9d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf1-a404-4102-86cb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0cd20f2d60a1b6e5cf649cfc23812c94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf2-0440-488a-8255-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.43.241.178']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf2-cfc4-4f02-a4d7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.15.221.220']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf3-2b8c-4005-b09d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.49.68.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf3-ed10-4be0-a129-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.226.11.124']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf4-d95c-444b-b2c7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.117.153']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5bf4-7f28-4162-ac7f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5bf4-7f28-4162-ac7f-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5bf4-7f28-4162-ac7f-3798950d210b",
|
|
"value": "ec2-23-21-172-164.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf5-2ee0-4834-8200-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1c8d4cd98f3ffe1b942f0a04692ed215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf5-c488-4364-83c1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7478d6dade2108b45190c1c8da33961f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf6-4e48-4dd6-9a7e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e4eabeadb3573d9b9c878fe3905d38b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf6-8164-4cae-a825-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3781c1043a79bea9a08f3681347e3fef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf6-a2f0-42ce-a077-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.120.234.114']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf7-e800-48ba-83d7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'bro1086698.lnk.telstra.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf7-1570-4b52-afc3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e488fca95cb923a0ecd329642c076e0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf9-baec-49f6-967f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.239.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf9-38a8-4d03-abb9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.247.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfa-f4c4-47e1-b0e1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a42c3679f391c20238f24f8647fb7eff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfa-0efc-4f95-93ff-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd1216d2da3aaf0997efc0d3504d52024']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfb-3670-4997-8d88-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ed0665cb1be3e8e42e3435d05fbc7283']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfb-0f50-4cdf-8a05-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'b2.f1.2bd0.ip4.static.sl-reverse.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfd-f12c-46c3-bce5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2db437e3625b732855c39ee4bfc75254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfd-7298-491c-b6fa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '76.73.114.192']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfd-9db4-4894-b8c6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ecab934f18d9b6a9a2be7d28bec6c1c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bfe-a5c4-401c-8a60-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f4742528f99497a1b2c7795083a5b2e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5bff-6b38-42eb-a76f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5bff-6b38-42eb-a76f-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5bff-6b38-42eb-a76f-3798950d210b",
|
|
"value": "ec2-52-28-3-6.eu-central-1.compute.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bff-8194-4dc2-a34c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ca41a8ff03149975c4204f8825e7b654']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c00-5f48-4172-ba04-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'uranio2.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c00-a9d4-47fc-bd6c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0baff68ae96e3eba0f72206ee2064303']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c00-3d00-4c07-b15b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ruswinter.hut2.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c01-ea94-43d1-bff9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.117.157']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c02-02b8-462d-a788-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e713142712b31512f78b6877ec962391']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c03-3d14-459c-b8eb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '49452649f4d8fa9e41e4a7e5df8d9fa1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c04-baa8-4fdd-806f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'newss.effers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c07-d128-474b-a91e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.97']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c07-9d3c-4416-90ab-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9640eccfd30d456c8013219d0fef5922']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c08-11a4-42fb-b1f8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'rdns.hosthink.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c09-1de8-4807-8a06-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.116.228']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c09-eb08-4e9c-ac71-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f92f84f1888af1fc272f8db3075d7265']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c09-6dcc-4388-b8e1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.117.156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0a-4abc-44f3-ae40-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.136.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0a-6e14-43e6-ae60-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.kukutrustnet.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0b-ff20-489b-94b3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '3.wap517.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0b-aef0-4ee5-91dc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0006bf8954d005dd54354392bc146c5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0c-a90c-4d95-a6d0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.210.139.8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0d-efa0-44a7-a248-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'forerunner1-no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0d-25fc-46e9-a968-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fc6e22d85a5ac5d60968a4d1f52f4569']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0e-b0bc-4604-920a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ns1.3322.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0e-e4e8-4f8f-92d1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3532e0f9244c0b89e9fe426afc8226cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0f-c1e8-4ae6-b9dc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6f16024cc940d2b8f20466f204aa81bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0f-c2f0-4f79-9682-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hosted-by.securefastserver.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c10-5c84-4c44-8bc6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www231.bluedealsant.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c10-6cd8-4e9c-9578-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.21.172.164']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c11-1d24-4b68-9f29-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c457c2a63fd6367a5026b2e508f3256c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c12-fe04-4bb9-98e5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '3.ns1631261.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c12-8dd4-4a4f-8131-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '39a990b0f41b55858adc6f0aef5112ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c13-b530-464a-b720-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.232.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c13-5b8c-45e1-81a5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.14.32.65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c14-a1ac-4b74-ac78-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.236']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c14-814c-4a91-8154-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3165b7472a9dd45cde49538561cba59f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c14-fd70-4ecc-a132-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c2f36fb152602166dc3e49cbaa6db86b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c15-14c8-4ef6-aadb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8f7c7e87f084eca45b58ea954f8a7103']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-06-28T06:51:41.000Z",
|
|
"modified": "2016-06-28T06:51:41.000Z",
|
|
"first_observed": "2016-06-28T06:51:41Z",
|
|
"last_observed": "2016-06-28T06:51:41Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"ipv4-addr--563b5c15-1068-4f78-91ed-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"dst_ref": "ipv4-addr--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--563b5c15-1068-4f78-91ed-3798950d210b",
|
|
"value": "255.255.255.255"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c16-c614-4f57-b201-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '3.wap517.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c17-38c0-40a8-8aa8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '57629df000441de42abe4f858c3ab4f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c18-6298-4421-903d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '43a24192d8ef646da200865c7903f7b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c18-a0c0-453a-934f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e1a8f36db3e325d8b919c83d1aaf3bcf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1a-1e04-48c6-943c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.21.235.94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1b-77ac-4b25-ad94-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.22.210.32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1b-6fa8-45c8-ab02-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07f0b8e30aecd0a9764bf7e6409e1900']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1c-6a80-4421-9f55-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'mimo0.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1c-80e0-4fbc-8dcc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ec643b2c161020e15b1a26df6a0fa2f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1d-136c-4d8b-9c84-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'vps02.rith-tech.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1d-16dc-4d3a-aad7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'anekdots.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1e-7378-4945-9e47-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www192.bluedealsant.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1e-cac0-4987-a601-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.217']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1f-71c0-49bd-a03a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.95.99.109']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c20-82b4-4de8-85a6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9ecd4c00ec7538fa89ef692053e54445']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c21-666c-4772-b12b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4b73d2c8f843090d98035437a9f73e6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c21-c694-43ad-807e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '150-153-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c22-98b0-42d9-8a7f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'u18290695.onlinehome-server.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c22-5d60-40c6-8e0e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '192241126504.b2b-digitalmarket.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c22-37b0-42fc-92c4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ea6c13a0064fb7f0c55cd8bc6f3b5e44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c23-03ec-4d4a-ac54-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.218.207.153']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c24-426c-4324-948c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.170.178.179']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c24-d3f4-46ed-950c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8455bbb9a210ce603a1b646b0d951bce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c26-31ec-4ad1-af06-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'define.ironmarsnews.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c26-0c94-4170-9f79-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'cyber18.no-ip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c26-72c0-45b0-8fd6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '547c63d9df4818896e60b64031989230']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c27-d3cc-4e63-aba1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0b508f428382385f005dee8989711773']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c27-6384-4557-9a97-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '205.164.24.43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c28-11f4-48d9-82a1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '137.189.255.173.client.dyn.strong-mf35.as54203.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c29-9c5c-48db-b692-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.250.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c29-f740-48de-af52-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.158.55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2a-2d04-40a8-8a4a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'cath.dk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2b-737c-4daf-9187-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '239516bac7a2ffc935623ebb68c4e3ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2c-8c10-40f4-9158-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.129.10.193']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2c-85a8-43c0-85f8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.215']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2d-0690-41e0-965b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ppp-124-120-5-143.revip2.asianet.co.th']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2d-1d34-43fb-9cfe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.f5ds1jkkk4d.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2e-525c-4441-9afe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5ae600173c041561af8f231f64091251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2e-47c0-48c0-808d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9de13a76b62fb62c75323d116008b1e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2e-fdbc-4ec5-8e1d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '50fd967b39315d95f02127a2f05f6326']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c30-cbdc-448f-9a9e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '192.161.48.59.static.quadranet.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c31-cbd8-49bb-a0fd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.68.116.229']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c32-d0b0-44a6-a64d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '56dc140ed4958b28a16d7c9f38208a60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c32-2d2c-418b-8e23-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.91.175']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c33-64e4-4131-9a7a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ca7c977b5b315dd62b0189f2619764db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c33-9ed0-42ab-8aa4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0ad7a80aa8af8e8bd31706da6402833b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c34-34ac-469a-8f61-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.149.43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c35-4a2c-4fc7-adfa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'myip.dnsomatic.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c35-d874-4df3-84c4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.g20news.ns01.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c36-2008-4e2e-8a15-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8e4626c9890d2b4702b746dfec2e5449']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c36-222c-4718-bca4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c36-222c-4718-bca4-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c36-222c-4718-bca4-3798950d210b",
|
|
"value": "ec2-23-21-189-99.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c37-9054-47f3-8171-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-06-24T07:37:11.000Z",
|
|
"modified": "2016-06-24T07:37:11.000Z",
|
|
"first_observed": "2016-06-24T07:37:11Z",
|
|
"last_observed": "2016-06-24T07:37:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c37-9054-47f3-8171-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c37-9054-47f3-8171-3798950d210b",
|
|
"value": "no-ip.biz"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c38-bd18-4e23-943c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '150-151-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c38-4200-49ca-826b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '69e6900cd860737eeba9b2b3bf0d71b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c39-93f0-414f-bd82-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '13.124.171.108.client.static.strong-in130.as13926.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c39-f778-4f3d-95d7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.171.173.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3a-5340-406a-bfc7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.23.224.90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c3a-845c-4961-9a35-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c3a-845c-4961-9a35-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c3a-845c-4961-9a35-3798950d210b",
|
|
"value": "ns1.china.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3b-618c-4d12-a164-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ns1.oray.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3b-a60c-4535-9e2a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '941eda82b23d0466ad1989f056a2b8c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3c-ab80-4857-8f0b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'bitcoinz.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3c-9154-4208-b2f3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'networks.3utilities.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3d-0be0-46ab-8cc2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b2853010fa7ee2e6057d5c7e89ed4e60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3d-c85c-4075-812e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.115.96']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3e-dac8-4451-a90a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.175.24.249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3f-0634-474a-8d61-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7a3bb4637866716e374911499ba36a17']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c40-4c30-4274-a1ca-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '05f3b8a52f58c3cdda4e64c4879e7074']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c40-f374-485e-9d19-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '58x158x177x98.ap58.ftth.ucom.ne.jp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c40-da4c-490e-8ec9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fdfde63d2d8e925d5769ad47c533611f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c42-b500-450f-b557-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.72.225.112']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c42-5470-4315-b4f2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.228']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c42-0fd0-496a-b558-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'eg4x24.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c43-dfd8-4443-be96-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '62.65.252.12.cable.starman.ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c43-6228-4b5e-84d8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.155.219.23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c44-57cc-4ff5-ab72-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '16fabe48278f84f8ae1bc682a3bd71d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c44-11bc-4470-96be-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.88.48.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c45-d480-4cd0-97b1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'de6c80d5e5e366676a355e91c2bdfd78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c45-e414-4a05-bd2d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hamza-00.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c46-6d48-408c-8668-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.kukutrustednet7.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c47-9568-4b89-a3d2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a73a28c07e1aa5208afa60780aa75251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c47-ad68-4065-a18f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c47-ad68-4065-a18f-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c47-ad68-4065-a18f-3798950d210b",
|
|
"value": "ec2-184-72-225-112.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c48-e8c8-4d1e-a289-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c48-e8c8-4d1e-a289-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c48-e8c8-4d1e-a289-3798950d210b",
|
|
"value": "c-24-98-131-47.hsd1.ga.comcast.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c48-22e8-47d6-978d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.253']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c48-8a50-4e8d-b46d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a8cde5ea57385e590f39e8023ce39f80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c49-e42c-40a9-95cc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'aliallosh.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4a-6970-491b-ab97-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1744ec4fea19742ec9ba187bb964a72c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4a-a44c-4822-b18b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '48621c75d5b974801e3a76599002f020']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4b-09c4-4fec-afb7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.93']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4b-12d0-4f7d-bcbd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '61240ce0875b0e8ecace1196c942ca75']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4c-81c8-4e39-baca-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '08e8016e7a4f9afd2d254cf0fc776381']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4d-09b8-463c-b2f0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.126.149']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4e-d648-4603-9320-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.9.115.62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4e-f34c-4257-a4c6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a0a29901cb45502e5b4fc1c917627905']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4e-a648-4a7e-bb5f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.14.32.58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4f-7958-44b5-a4f4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cf229bf780bb0fa2fbef5f13b2886365']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4f-1540-44d5-a519-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '19ccc6f126a7059e9362c48fef40f47a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c50-4fb8-4cbb-b582-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a1c37296fb70a67c763969ee4654c6b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c50-8f7c-41f7-a567-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'another.plusmarsnews.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c52-cb3c-4b0b-af87-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '09c6a265618fd49c99878cf97279c393']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c52-88ac-432b-83bb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'updatee.hopto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c52-0b5c-431d-a3f5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.g1ikddcvns3sdsal.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c53-1de0-41be-a77f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7d290b1298b32cb15e5e4d6298d3e224']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c54-109c-43ec-a258-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '131-148-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c54-ec90-462a-b901-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '57.4d.7e4b.ip4.static.sl-reverse.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c55-2b30-4ebd-8621-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e66206f27270fcd75c0a6a35e3219b85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c55-d8ec-4d48-89e5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'dd92b470a074618565051637a4922473']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c55-c4ac-41e6-80d9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '11d8412d989b61d86dfa689e9e7ff3dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c56-5734-4053-bed5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '646e6d1d625b0925b2737f28fde8c4c1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c56-ab38-42bf-a214-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'wjxs.pixri.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c57-7c04-4ad9-8cc2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '103389c08622c1a07ecf62163e0b8fef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c57-25dc-4304-b026-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hackerk.vicp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c58-9e5c-4f66-995f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'uae.kim']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c58-90c4-4603-ad5f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cf31aea415e7013e85d1687a1c0f5daa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c59-2184-4bd8-af06-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e4d884bfa4303032477ddd8f62986b15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5a-3630-4b03-9bf4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.158.177.98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5b-8998-4dc4-9cd3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9b5d35f629717406b59f682803d8e375']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5b-20b0-4f5c-86ba-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.149.90.166']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5c-9138-4bab-a70b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.150.254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5c-bfec-4e2e-9ef2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '134.170.188.72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5d-b234-499f-b826-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8a9172841a883cd0e4ea8944f6759b7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5e-2914-48d1-bf15-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0b1f2616cbd83a2a1f65ad7da4cfc333']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5e-b410-4d55-97d5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c08519230b49ad87bc6aa12933aa0cec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5f-c98c-45a1-a712-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'natco5.no-ip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c60-99bc-4b02-8114-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ae09f2266f7280d3f7f52c076b7fcb94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c61-38f0-4780-9ce7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a353a87a7a909d45f91bc99589477402']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c61-2a0c-48e8-88c1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.67.70.15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c61-1940-4ce2-9315-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-06-20T00:46:29.000Z",
|
|
"modified": "2016-06-20T00:46:29.000Z",
|
|
"first_observed": "2016-06-20T00:46:29Z",
|
|
"last_observed": "2016-06-20T00:46:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c61-1940-4ce2-9315-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c61-1940-4ce2-9315-3798950d210b",
|
|
"value": "api.ipify.org"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c62-738c-49f6-9367-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.73.167.20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c62-c860-48b8-a172-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ee0add063f0ea9767aed21890f220994']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c63-e1e8-487b-a4c6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'httpo.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c64-efa0-4bb5-82de-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f656709ebd6b4d84f055f9c74350c0b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c65-6bc0-45f5-9201-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '55aad2c3a602a4c23413849ca7902262']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c65-ffc4-467b-8330-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.117.155']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c67-6c20-48a7-b686-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6d012a3d1c6363694c25d812c01ecab5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c67-b800-406a-b15f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'menaechmus.ambitionrover.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c68-0cd4-46ea-87a2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f6857316c5d46b79fdb72e4fda2ce2e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c68-7fec-44e4-a008-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.21.189.99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c68-30f8-4c58-a856-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '766c4d534ff8a1b5d048bcbade4a4865']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c69-ef34-4f22-b3c2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '096a7edd61dbe7f7399b02a72b66e833']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6a-4c98-4e04-b56a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 's6.purevpn.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6b-b440-48f5-a9e9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.152.111']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6b-04d4-415d-b144-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '52f716a9cd69d1a50d16f400780b6bc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6c-0df0-41d1-a771-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'efc94d17c03230de33f5a10400dff120']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6c-4ea0-4f1d-b717-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.9.146.59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6c-45ec-4750-8160-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'nisanyapi.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6d-5954-4628-88af-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '057acd44646bf40db547d744a84e8074']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c6e-4d80-4410-b15d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c6e-4d80-4410-b15d-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c6e-4d80-4410-b15d-3798950d210b",
|
|
"value": "ip-50-63-202-94.ip.secureserver.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6f-879c-436d-9bbd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '06d35502fa814a53f75ba5f312fdf156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6f-78ac-4d14-b5b1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.61.41.49.choopa.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6f-98f4-479c-b4e7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.227.163.30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c70-abe4-4eb1-835b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.208.164.166']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c70-2200-4e09-836a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.127.22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c71-3e0c-4eb7-9a81-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ab6bfabe3a411acb3143b096091f559b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c71-d754-45b3-85e8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '93-89-16-140.static.internetadresi.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c72-8dc0-45f6-b0a4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '1.counter.a.statcounter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c72-e1c4-4074-be03-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0fcb7d51091cc468f06a927a51c2eff2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c73-d9ec-48ff-9069-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '123xperia.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c73-9114-482d-bf1e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'whatsnew.pchome-shop.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c74-eaec-4e6a-886c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '176.162.120.106.static.bjtelecom.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c74-430c-4cfe-bb63-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.226.11.125']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c75-7bb4-4a05-9546-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fca1eb4ed2f00b2acba8dccc1015d345']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c75-554c-4d75-91eb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '46.185.x.37.go.com.jo']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c75-4fe8-496a-98d5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.88.48.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c76-eef0-4e96-a1fa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'substitution.ambitionrover.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c76-2004-4702-a768-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ce4013c797535dc0d4af791238234b60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-11-20T15:12:25.000Z",
|
|
"modified": "2017-11-20T15:12:25.000Z",
|
|
"first_observed": "2017-11-20T15:12:25Z",
|
|
"last_observed": "2017-11-20T15:12:25Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"ipv4-addr--563b5c77-b4b0-46ec-9a52-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"dst_ref": "ipv4-addr--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--563b5c77-b4b0-46ec-9a52-3798950d210b",
|
|
"value": "67.215.253.140"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c78-7700-443d-9e6c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.44.145.246']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c78-c7d8-4b61-881a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '55786af6b0841cc2ee630d3ca5b380d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c79-dc48-4f45-a66e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd1db17b781e887a420880ea7aa78767e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-06-28T07:10:55.000Z",
|
|
"modified": "2016-06-28T07:10:55.000Z",
|
|
"first_observed": "2016-06-28T07:10:55Z",
|
|
"last_observed": "2016-06-28T07:10:55Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"ipv4-addr--563b5c79-6c10-4d5e-b8ae-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"dst_ref": "ipv4-addr--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--563b5c79-6c10-4d5e-b8ae-3798950d210b",
|
|
"value": "216.59.38.124"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7a-34b4-46a2-b1be-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0dccd70acd8161fa4964f900c0f1bdcd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c7a-1164-43d0-9eba-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c7a-1164-43d0-9eba-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c7a-1164-43d0-9eba-3798950d210b",
|
|
"value": "ec2-174-129-10-193.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7b-b804-496a-9265-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b36ac0be80de2cea6aec432b774a2f81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7b-0b70-4f2d-8aba-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '01cbd90ba5cf7e9595b208e4ca2d2d15']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7c-c1b4-4f48-a334-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8a4f9439d1c947491e4351c53dfba2cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7c-7a6c-402a-ae56-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.48.59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7c-0798-4eed-9d04-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'xa.xingcloud.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7d-6840-4084-8edf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd8495fb346e1782b930b3681e88ac469']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7e-c1f0-4dd9-953f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '007c069fb1ee9069dc8092c4dcfd91f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7e-a014-4bb8-a2c0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'fireblade.vivawebhost.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7e-1014-46bc-a18f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '2.counter.a.statcounter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7f-62dc-4f68-a42b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '177-139-111-49.dsl.telesp.net.br']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7f-dd58-41dd-a6f6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.95.99.130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c80-c0a4-489f-9a5e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f8cb854597c18887433265702a72cfd4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c80-5468-4c22-acf2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '021192d06dbc734960ad8fa9c9209961']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c81-3b68-4acc-8235-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2d4382d9b091ce47fe8aa4a77eda7ac0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c81-e8d4-4c50-9a43-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'static.vdc.vn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c82-ff00-4e0e-b625-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1a53797e35b741f771116a29ef9dc5ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c82-1904-4460-b45d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a2aff44c0463142278188d65af971780']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c83-8590-440f-b6d0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '762ddaef779662fa3dcc3fff30e0e702']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c83-60b8-4413-aa10-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.73.214.203']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c84-01d8-40ea-9b1d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '646b609c0e57b133daf5ad35d69da081']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c85-cf98-44ea-860d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.225.170.127']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c86-39cc-4189-9925-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'okd0xk8c7686ei1304qbo5hnd21ttk.ipgreat.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c87-3cec-4b08-8463-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e3cc4d0e7ca1385f1a289fb6effdaa63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c88-7efc-4290-9526-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'interlanguage.ironmarsnews.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8a-b00c-4584-a8f5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'valnteeno2000.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c8a-5b40-4a14-bcf8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-02-22T10:01:15.000Z",
|
|
"modified": "2017-02-22T10:01:15.000Z",
|
|
"first_observed": "2017-02-22T10:01:15Z",
|
|
"last_observed": "2017-02-22T10:01:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c8a-5b40-4a14-bcf8-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c8a-5b40-4a14-bcf8-3798950d210b",
|
|
"value": "no.rdns-yet.ukservers.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8b-5e18-488d-bd3a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.129.202.211']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8b-c95c-4666-834e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '84536c2157e9b22ac9d17b3a6e032121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8c-a638-4d33-8f9b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6691b9019fc8efc2ad72078ae3f889d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8c-6724-4446-b774-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.62.213.251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8d-4b7c-4702-9b93-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f6857c106c99a85f1f84221500591ea4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8d-adf4-46f6-ace6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '185.189.255.173.client.dyn.strong-mf35.as54203.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8e-0b60-44dc-a6e7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0ba40633682e979568d1d2fb3892b766']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8e-2414-44e2-8c7d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '67d9c9cb90392da7a5172a8bf6b66bc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c8f-d9b8-4ed4-83d3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '750a96a422a2bda359a5a93c45f46cac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c8f-1308-4c93-8dcf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c8f-1308-4c93-8dcf-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c8f-1308-4c93-8dcf-3798950d210b",
|
|
"value": "ec2-184-72-238-223.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c90-6a1c-46b3-a423-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0a815b599876e96b760e8611a1235ad0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c90-9c7c-4066-a2ee-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.177.96.113']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c91-3c08-44e3-bb03-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.154.155.7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c91-2030-4367-85e8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.154.42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c92-81b0-4fd5-aac7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7951eff6c6bb6b756281a806196f94a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c92-d45c-4796-8bf4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c8c464e728166f753d95429d4a8afe71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c94-9e28-4a10-a838-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5117f450b2880a2a98880f30d17d4e25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c96-26d8-4c2f-9ce2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1896e3304f95bfd72367e41f31370828']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c96-42ac-46c5-b121-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ed3103922116c5b34bf701159cc4421b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c96-9240-47b5-b698-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'forerunner2-no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c97-582c-4ea0-a7a6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c97-582c-4ea0-a7a6-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c97-582c-4ea0-a7a6-3798950d210b",
|
|
"value": "ec2-184-72-254-125.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c98-4590-41ac-8826-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd429b11731898bc0226464a1382a71d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c98-a6a4-414f-b1f3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '214b1512d9d1cf1b556ef011144d9d4d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c99-87f8-4a45-847f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.255.87.156']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9a-ac58-4580-a56c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '207-23-200-109.rackcentre.redstation.net.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9a-d624-4bec-8cf8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fe9962483b512d0caa81471d4aa17734']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9b-f87c-4dc1-a180-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.72.254.125']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9c-059c-4c4f-a69e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'updatee.serveblog.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9c-760c-4a3f-8234-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '098f1a47baff41016012647cafe28b64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9e-3c5c-454a-9404-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '75e9d709e0ac32d1b456608be3f3f71b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c9e-0a18-4e06-af5e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c9e-0a18-4e06-af5e-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c9e-0a18-4e06-af5e-3798950d210b",
|
|
"value": "ec2-184-169-144-229.us-west-1.compute.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9f-38f0-42c4-86ac-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.63.202.94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca0-c138-4c64-abd3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '114c8d4316248de8630364cf4c24a754']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca0-e880-41da-929e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '50fe80d58eb595d44d389b02d3e550e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca0-0ecc-442f-ae81-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6a85efe5ca61a37550d40f16f8d6f8ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca2-f9d8-44ba-a434-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c9f058db9d291af766b9911d2735d823']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca3-d7f8-4989-8ffa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'aec700735b1d6ecd063083e35e5a65bc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca4-9b34-4a44-951a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '145.189.255.173.client.dyn.strong-mf35.as54203.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca4-8618-4d9d-aa53-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '62d6995e6a22e517f496f24d4ae6b2c0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca5-65d4-455d-b3f4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.4.11.42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca5-1c48-4d31-926c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f9d8e71b77eea56e2dbad8694ae96905']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca5-0bb8-4bed-a95f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6eed07fcad31e9fee3b1db1a4c664eaa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca6-c240-4ce0-ae0c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'up.uae.kim']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca6-8738-4a3c-9c62-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.26.231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca7-b774-4122-bf6f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '283054d26362bab50bbf1ff4bc1ec16f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca7-3e14-416b-8dec-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '4h8kot521g10z0phqz9w79an0ul4x6.ipcheker.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca8-4858-4413-8fd2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca8-8ed0-4fdf-abd9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.95.99.52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca8-0394-4f0f-8852-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.9651.net.cn']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca9-9510-4be7-869b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0b59800013332b2cc0aaae1c30af31d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca9-b720-455c-a415-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.107.231.14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5caa-ac9c-4ded-8683-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0488bbd604117f88f9d1a91f6c5034b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5caa-a954-4481-91c0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c21d7165b25caf65d7f92ff758c1b5b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5caa-2f48-4de0-8a5f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.kukutrustnet666.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cab-20f8-46f4-92bf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.116.227']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cac-e190-4f98-ada5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hoiandesign.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cad-e2a0-4816-bd0a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.187.105.230']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cad-4a1c-464a-abf4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '20f1b997e321a9e971c4955d866a4dc5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cae-1c20-405a-95bf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2ddadf338a58337d51c70f2b3105a5b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cae-75f8-402c-9821-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '101702f7acfc44223b82def5a1ef4d05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5caf-7e50-4fbe-9471-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'mome10000.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5caf-1aa8-4135-aafb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7d0ce774b30cb2a79a1409d07d874774']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb0-5fe4-4982-8cfe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.117.120.251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cb1-5600-4d6c-920c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cb1-5600-4d6c-920c-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cb1-5600-4d6c-920c-3798950d210b",
|
|
"value": "ec2-23-21-215-132.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cb1-2364-4a75-aa66-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-02-22T10:01:19.000Z",
|
|
"modified": "2017-02-22T10:01:19.000Z",
|
|
"first_observed": "2017-02-22T10:01:19Z",
|
|
"last_observed": "2017-02-22T10:01:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cb1-2364-4a75-aa66-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cb1-2364-4a75-aa66-3798950d210b",
|
|
"value": "www.a.shifen.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb2-8d30-449c-aa9d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f38c19a8e9f9098b7861c7e279b8b082']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb3-d9bc-4242-8cf7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.120.234.150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb3-1ea0-413c-b172-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c62ccea3662152551c45deea728a4c2f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb4-0070-4f65-9edf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.117.159']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb4-23d4-4495-ae39-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.255.148.191']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb5-fdec-43fd-962b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'af1429f76903666829266a90386c6bfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb5-fb9c-43be-afb7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '51a3c0cbf6cd201396dcf2f5f3612af7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"first_observed": "2015-11-05T13:56:14Z",
|
|
"last_observed": "2015-11-05T13:56:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"ipv4-addr--563b5cb6-2038-44bc-aeff-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"dst_ref": "ipv4-addr--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--563b5cb6-2038-44bc-aeff-3798950d210b",
|
|
"value": "127.0.0.2"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb6-0ce0-45ee-8d66-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '20796c0ee725d14db505163769131e51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb6-a2ec-462a-b07e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.170.79.229']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb7-0f34-4b70-ad79-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4e2cbe3a10a337b9d8f6e1b277e1f5ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb8-e118-4e0d-a723-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.28.58.55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb8-5fe0-4ef8-b155-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.30.118.9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb8-d898-49a0-a7fd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '177-9-115-62.dsl.telesp.net.br']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cb9-ffbc-4093-82f4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e00837fee3bb069ee1882850fb368da5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cba-6804-4e3d-ab4c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '53448a2a71dd3d72fb5dad2ee523d472']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cba-a528-4e67-9e72-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.80.107.67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cba-7f7c-4473-a048-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '41.252.157.102.adsl.km4.dynamic.ltt.ly']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbb-1ddc-4db9-aaea-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4b51ad281aeede3e97efcf47bf4e6c61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cbb-cc04-4d98-b522-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2017-06-22T19:56:23.000Z",
|
|
"modified": "2017-06-22T19:56:23.000Z",
|
|
"first_observed": "2017-06-22T19:56:23Z",
|
|
"last_observed": "2017-06-22T19:56:23Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cbb-cc04-4d98-b522-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cbb-cc04-4d98-b522-3798950d210b",
|
|
"value": "www.usa.gov"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbc-23d8-48e7-a6ac-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0e95086162a9114c4288e155cebe88e2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbd-5e14-49ed-9608-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f785daae9c9f544ce91100c39640bd68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbe-6564-4638-b009-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4948a0e1bec9d99308ba812aaf449c61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbe-96dc-477d-8739-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a2368132d9c4253346545a0a571e1e36']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbe-b658-428b-85af-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'mda.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbf-ac30-417c-ac87-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.226.11.123']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbf-777c-4853-ba26-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '2.counter.b.statcounter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cc0-6fd0-48ad-960f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cc0-6fd0-48ad-960f-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cc0-6fd0-48ad-960f-3798950d210b",
|
|
"value": "conf.f.360.cn"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc1-3f10-4b10-b236-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.65.252.12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc2-ab84-4d0f-9247-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '50691c311758b6b41a7ffa5e7059e423']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc2-2540-40a6-a9ba-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '96414fb7b881a9a6b59f0f4f9d5ad7ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc4-fc00-443b-921e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'dreem1911.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc4-2630-4236-919e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6c39cd8b0ce9e8901dc4f3ac871b4f7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc5-aaa8-4bfc-8b96-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '6o408m92863d88dd7dx66w3e18w8vb.ipcheker.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc7-ba58-47e4-b963-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd4f4ae3286c3f6a3021827c9b628cbf2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc8-6e00-4a80-945a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '105.111.173.69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc8-8ec4-4d76-aa1f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2da1270af6c4b4f416d92dc2a6085d30']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc9-f208-456a-8d6c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '93a0f87452a72dc23e6baa4783204037']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cc9-4724-45cd-9bdc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'zxax.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cca-b014-455b-b9a7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.131.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cca-c2a8-4590-9ffb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '866f540648213132472a49ccdde080b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cca-9720-4c2a-8a62-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cca-9720-4c2a-8a62-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cca-9720-4c2a-8a62-3798950d210b",
|
|
"value": "ec2-107-22-210-32.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ccb-aa78-4f95-85ca-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '8671638f370fcb5da193ed709410f784']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ccc-9d40-4429-8971-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '63.142.245.12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ccd-cfc0-4941-9af7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.99.60.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ccd-2fc8-4e33-8295-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.225.115.250']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ccd-4fa4-4ad7-aa26-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f9240c8607db3563502b1df1be12839c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cce-16b8-4c81-bae5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'roma300.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ccf-c1d8-45f0-b2c3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.7.198.45']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ccf-2ba4-4c01-a252-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3a682230e72ed0bb8a1e4bdb9fe8c633']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd0-5334-4166-86f0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '3.wap517.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd0-d950-46f6-8a46-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a8361240ccfbefed889fe911a3b5ebe8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd0-ee70-4f9d-987c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e7afcad0aa38ceaa100b68f6558351a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd1-9b80-4aa1-a9b7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '17dcf0e20b0ba6628066aafe70220ab1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd2-72a0-4945-97c3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'mark2.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd2-9088-4bf0-8243-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.238.253.88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd3-a88c-4791-adc5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'fadd3121f787174e39c20c358838d0b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd4-f878-4003-9cdb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4d2c7fc6cad64adea1aaed0dfadd39a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd4-0ca4-40ce-b3c3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.30.135.77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd5-0cd8-4e72-9010-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'tony89236001.noip.me']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd6-9fb8-4074-b7f0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '162.220.244.48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd7-f4f8-4454-bd35-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.255.82.67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd8-798c-422c-9e47-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '5fb934c41c05d855305a6a5386200ea2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd8-ee4c-4a66-b022-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '73712259eecbe59245b03f6d8dbdd402']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd9-689c-429c-97da-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7273a48b8384cba86da22f032be4f5a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd9-b438-4ba4-907b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ada6522a69a7d59b63133a96820f041']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdb-6ab8-45d1-959c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'bagdor89.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdc-3138-4aff-9975-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '58x158x177x102.ap58.ftth.ucom.ne.jp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdc-f33c-4cee-a17c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '1.252.127.199.client.static.strong-in66.as13926.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdc-015c-4b7a-a6b3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '90161ff7b3b397983dd924afd33b3cd1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdd-2f4c-4f1e-bf0d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.101.230.226']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdd-45b4-46ed-ab47-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.200.39.68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cde-e7f8-4a3c-ae09-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e85fc76362c2e9dc7329fddda8acc89e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cde-f170-4806-8baa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '141.8.247.105']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdf-a700-4608-949c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '21.126.158.98.client.static.strong-in25.as13926.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cdf-7d70-4d8f-9597-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '892a798170c6b7fac35fffe01a914c50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce0-9808-4f41-a67c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.43.241.179']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce0-3274-477c-b173-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2a973ae6b8e0046ef9585b78a90e837e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce1-118c-4319-8247-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4f287533eac9a5e6ce82fae9e5a5c012']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce2-e974-4d15-9e31-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0ba0cccd095c25ac796fec9f0950730a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5ce2-4af0-4ef3-9d04-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5ce2-4af0-4ef3-9d04-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5ce2-4af0-4ef3-9d04-3798950d210b",
|
|
"value": "ec2-23-21-235-94.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce2-3330-4d29-bf6b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '0x00c.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce3-a320-4c9f-a25f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '02f778d1712672722a18a37350d819e6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce3-44b8-428c-a7c3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'esprit13000.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce4-8eb4-49ec-825d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.223.19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce4-7920-42cc-9c45-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e30c8e146173052eda7993a571446e6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce5-9ed0-4797-b46a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '205.189.255.173.client.dyn.strong-mf35.as54203.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce5-a534-4429-8c7b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.148']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce7-836c-47f8-826b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a5cf2ca6e4a80ddc9274cf7b68af645d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce7-d2f8-46cb-a28a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'double4.holm.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5ce7-cdf8-4655-8d12-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5ce7-cdf8-4655-8d12-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5ce7-cdf8-4655-8d12-3798950d210b",
|
|
"value": "qurl.f.360.cn"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce8-9b7c-4e77-9511-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '183.136.132.170']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce8-01fc-4457-ab9b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.h7smcnr1wlsdn34fgv.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce9-a658-4ebf-b824-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3fad1569fba1523e72054a31d18ffa59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce9-1f8c-4b2c-a866-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.43.241.181']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cea-a898-4191-b83a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.226.163.8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cea-6e44-4f0f-9f98-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.kukutrustnet7.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cea-f26c-4d25-849e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-10-06T16:17:47.000Z",
|
|
"modified": "2016-10-06T16:17:47.000Z",
|
|
"first_observed": "2016-10-06T16:17:47Z",
|
|
"last_observed": "2016-10-06T16:17:47Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cea-f26c-4d25-849e-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cea-f26c-4d25-849e-3798950d210b",
|
|
"value": "icanhazip.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ceb-0420-449b-93bc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'pairs.plusmarsnews.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ceb-66b4-4473-89fe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '128.177.96.90.ipyx-074089-900-zyo.zip.zayo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cec-3e6c-41d6-a7ae-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'sin-0.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cee-71cc-4e77-9ae8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '47c5bdec5415c7ddb2914c6b17c0cfa2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cee-1038-4fdf-9ad2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ef143feaf03dd315aa203cc323602c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cef-53a4-433b-b0e9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.237']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf0-ac20-4fe6-82a6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.117.235.140']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf1-dfa8-4fe2-9e71-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '00048cbac6650e95b7cd270e8a7f4ea2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf1-6928-4502-954a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '6c2ce202702e3ffd23c0380a3e33afa5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf2-984c-4e5e-b246-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.253.72.81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf3-99d4-4ec4-98fc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '696c4cce7a972fdd25df7257baff400e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf3-c15c-422f-b6bf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c6b2674b1a9d39cfc7a61e0e117ca3d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf4-c3dc-42fd-8702-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'vps1.mateistvan.hu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf5-17a8-4f49-882a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9f92f2f5e8be7031b4597b52dd3f96b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf6-d0dc-4467-a9af-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '71b65e8591d343e104cce125208a7698']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf6-f4a0-467d-8adf-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'abhcsuat.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf7-a118-4aec-893b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.229.3.49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf8-5cbc-422e-af36-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '52.28.3.6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf8-beac-4508-9a81-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.252.157.102']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf9-2e30-4ef9-87e9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.77.142.251']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf9-e0bc-4644-b13a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '10dc90d9477b5fbd25d37eefd254570b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cfa-efa0-481c-af6d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '128.177.96.75.ipyx-074089-900-zyo.zip.zayo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cfb-19a8-47a3-aaed-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.8.179.25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cfd-4c44-4eb6-ac3e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '48f9e69bddeced9433a2a01c9254e98f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cfe-5ea8-4858-a51a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b7971cc6b9e8b71279dbfb0d41bf3d8b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cff-bfd4-4cc8-a47d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'cba3c005f20231257bc5b01e71439f10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d00-4a80-4f1b-9003-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.67.84.228']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d00-baac-4c0d-9105-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.14.32.27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d00-a1ec-4498-bba2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4c91e68ef0985b1ad147ee1dfd49367c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d01-aaa4-4224-889c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.172.154.34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d01-f984-4464-98cd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0c9286149e30986233391aa87cca7876']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d02-b738-4820-a77d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '58.96.171.108.client.static.strong39.as22781.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d02-e794-475a-93b8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'ip178-77-142-251.mada.jo']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d03-97dc-46e2-9300-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0c35847f5fc5634850dabe8051838b44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d04-9708-4618-910f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '19ad6b91ae454dab983ec23eaf1c6906']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d05-d7d8-4384-9f86-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '06a05686bac7ad65ba531bfa8da018f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d05-91b4-4b08-ac27-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'toornt.servegame.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d06-2848-4956-a489-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ea418a6af186c2d68ce9d9675e038f5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d06-3360-4ada-be23-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'bfbd56c546fa4430e874a683d735b8a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d07-5c04-446f-8d36-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.169.144.229']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d08-77c8-4ac0-9459-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.63.120.84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5d08-e3a4-49ef-b0a9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5d08-e3a4-49ef-b0a9-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5d08-e3a4-49ef-b0a9-3798950d210b",
|
|
"value": "qup.f.360.cn"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d08-76c0-4389-a87d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.29.234.127']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0a-cb30-449b-8db1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'cpe-124-187-105-230.lns11.woo.bigpond.net.au']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0a-e144-427d-a4cb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.26.253']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0b-f0dc-4dc5-aec0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '111-152-255-141.dynip.ipjetable.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0b-6a98-48a3-9aef-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'sun-0000.no-ip.biz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0c-5450-4d99-98b2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'be00bdad4719a15e17d933292cc72541']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0c-6eec-4453-92c5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.177.96.131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0d-9770-4b6b-8969-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '149-210-139-8.colo.transip.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0d-7c9c-48d0-94e0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '583712cb32000507e1157ea68bf0d961']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0e-0218-4bd9-b7c2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hommilk.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0e-ace8-4335-a49c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'googleupdate.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0f-8530-4959-8e89-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a20f40fe33eab25896fd32303f674ee3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d0f-1988-41e5-9a30-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4ec51012233e45e8e293c61250b080ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d10-3620-47a4-9b73-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0498f74a658fd2efadb224035444cc01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d11-cee4-4bd5-a343-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'af583993828aba02e04f3b6a103abfa2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d11-50cc-4d5e-a05f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '958e105937178056f8fbb55b55400c09']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d12-6cd4-455e-8281-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'dot.faawan.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d13-f698-4566-9a24-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.199.78.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d13-3dac-4cdb-988b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a1cd2a3bbe224bde828c4e2f5b62f601']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d14-6ea8-4ab7-8095-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.117.231.21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d14-9b28-46ff-8182-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.21.215.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d15-d34c-4152-bb4f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '07c571aa60d66fb8de6024ff2bd9ac7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d15-bc98-4492-946d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.175.223.14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d15-d958-48dd-8c77-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'theartofhair.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d16-21f8-4466-8112-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.146.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d16-4f60-40a0-9a67-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '177.139.111.49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d17-99fc-49f1-aefd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'microgenuinsman.servebeer.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d17-acf0-4ae7-81fc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '23e954010394331c8787b07b9400ed26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d18-23d4-4436-b2c8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '159e488358ca72d9850b3874a492eab6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d18-3e78-4c07-bafd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '7cd4ac924592270d75fad9ee07217582']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d19-10c4-4ed3-b5cc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '30-163-227-188.rackcentre.redstation.net.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d19-2d88-403b-a8a0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f5ca13562fb1b3cec45358021a3b4a25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1a-bd14-4b83-92de-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '192241126253.b2b-newsbox.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1b-564c-4a44-902a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '3abeab135f47e097140d96ad5ed8ba8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1c-fe94-4d39-a63d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'goodday.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1c-3ab4-40ef-904c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '425863f1796eafa9d23986a74ed6532a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1d-32c0-43a2-8e82-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd3483dc296ca1c7d786ca117eda5c136']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1d-0190-47b9-9bdd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.62.200.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5d1e-b5b8-4523-9a70-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5d1e-b5b8-4523-9a70-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5d1e-b5b8-4523-9a70-3798950d210b",
|
|
"value": "ec2-174-129-202-211.compute-1.amazonaws.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1e-cae0-433d-a93d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.hkukud123ncs.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1f-8a90-4b1b-831a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'eddfbf35ac07fa9ab25cc4c421e205fe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d1f-ecb0-41f8-b734-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.241.126.50']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d21-f310-4152-a6be-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '128.177.96.113.ipyx-074089-900-zyo.zip.zayo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d22-8a4c-4445-bbf5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.76.40.124']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d22-3374-491f-b8fd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '27384fa33eb687c18bb634241380b11b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d23-fc44-4317-9188-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e3eae5ec827bc0e48caa16d7319e37e1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d24-81c0-4f61-ad6a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a9fb7f9d96e1c99142c6c61447c3e540']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d25-b934-4d7b-a7fa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.226.11.121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d25-1c68-4f22-8cda-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'faisal-00.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d25-d634-4222-93fa-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0a67104c58d31ad2183b178a802c5486']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d26-88d0-4f35-8725-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.185.226.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d26-6aa0-4abd-a320-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ce52e16dca018089a25fbc506aba3b12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d27-e090-41e6-a0ae-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.105.117.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d27-5ad4-401e-93f1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a8714aac274a18f1724d9702d40030bf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d28-bd8c-4846-a19a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '1520574f77b1c1318b368f103e0633f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d29-13d0-4d33-a853-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '690bc0267bdc800a672da864a774bc01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2a-cfa0-4ee9-9649-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'bodycontent.hybridcrowdsource.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2a-48d4-42d0-96bc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'c04e973dd5b35836f02beabfd6385fc5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2a-6340-4be7-a94b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.22.26.254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2b-78b0-42e1-8f80-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'codec.servepics.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2c-0818-4235-ba10-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.89.16.140']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2c-ad14-4bf8-8795-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '94331d78fcfab83aec3af1537633b523']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2e-be68-409b-a13f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b90cc4900f53e8f4ad5b822eea49fb62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2f-8b64-4595-83a2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.68.131.39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2f-7b90-495c-8838-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'g20news.ns01.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2f-af10-459a-b71e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b7d65e15fd343ed23ecb031383b82322']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d30-2190-4730-bdba-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'esd.baixaki.com.br']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d30-f8f8-438c-8248-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '498764fdba556b9dc0314030bcb92785']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d31-fc50-4468-a6a9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f7f08f8fbc742a86c2ca68a4426eb583']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d32-5d88-4854-9a44-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'f9ebb57a8c32ab7ebd6b013dd1ee4092']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d32-f0a4-4c0b-9932-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.220.117.103']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d33-66cc-4b33-8404-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '128.177.96.75']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d33-c89c-411b-9cd1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.inform1ongung.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d34-54b0-47dd-a31f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'd4a0f44d3f6464b7459641e4c6039094']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d34-7194-450e-bdf5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.174.148.86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d35-9e5c-49cb-a872-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'frutasrat.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d36-6a84-4953-8eb1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '98e94fc3e873c315622db695c02520a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d38-686c-4a13-8d42-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hut2.hut.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3a-1a58-47f1-9e1a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.209.222.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3a-f950-4334-a210-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ba263f56c138bc189ae74d86f9eec9ec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3a-4e48-4199-84be-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'b3f33e30ceadababf1ffc315004ee1a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3b-b150-4afe-9a19-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '108.62.213.237.rdns.ubiquityservers.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3b-3778-4fca-b3dc-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'hussainalansara.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3c-75a8-45ef-bc21-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.testmy.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3c-9cf0-4b53-a364-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'cccam.serveblog.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3d-cb18-4268-9f95-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '0d8c6de83a5b1f0cb50bace3dee13198']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3d-eb2c-4b55-94f0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '55b33cbe7a2dea21aa40ee28418c8561']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3d-bfa0-4603-9ec8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'e57cdf6eb2900309f30c5f02b4216239']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3e-c19c-4f17-877e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '2155a93a255356bc134ec3cca30a5d10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3e-4448-4bcc-aac9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'www.kukutrustnet.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3f-5714-4cf3-8860-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '563b488ebfbb554334dad9fd524a3e53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d40-2904-4a38-82f7-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '13cdf1069849651db157adad2ea52981']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d40-4fa4-42b2-bbe4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'unregistered.netregistry.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d41-4194-41cd-a09a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'a303d27bb67ffb860e5a9c4688f9f261']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d42-bbf8-4e9a-8bda-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '207.207.22.175']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d42-a310-40a7-8b7f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'service1000.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d43-5a6c-438d-8d84-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '00876e6df7825d756199dd3835d41a4e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d43-3584-408d-b5a4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '645b70a4bfa3519e7758c65b0a6cfc3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d44-7670-469d-a70f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[file:hashes.MD5 = '75956e776c6f27e39394ba6f6895941a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d44-f9e4-4b1b-92dd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'btzsoft.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d45-81e0-46a3-a23c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.253.252.34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795408-52f8-4e39-ac70-4d7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:44.000Z",
|
|
"modified": "2015-12-22T13:45:44.000Z",
|
|
"description": "- Xchecked via VT: 75956e776c6f27e39394ba6f6895941a",
|
|
"pattern": "[file:hashes.SHA256 = 'eae1396f00df5d093b6a60f206db8d0ed209bca625f158244dc27a2246861adf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795409-dc5c-45a2-8075-4d0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:45.000Z",
|
|
"modified": "2015-12-22T13:45:45.000Z",
|
|
"description": "- Xchecked via VT: 75956e776c6f27e39394ba6f6895941a",
|
|
"pattern": "[file:hashes.SHA1 = '1ca7cf88d0e97357282a8c5b28ef80a15d28409a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795409-4410-4f5a-bc93-4901950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:45.000Z",
|
|
"modified": "2015-12-22T13:45:45.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/eae1396f00df5d093b6a60f206db8d0ed209bca625f158244dc27a2246861adf/analysis/1442750996/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795409-2ff8-45c7-bdae-461e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:45.000Z",
|
|
"modified": "2015-12-22T13:45:45.000Z",
|
|
"description": "- Xchecked via VT: 00876e6df7825d756199dd3835d41a4e",
|
|
"pattern": "[file:hashes.SHA256 = '77fb7d709f2c224e4bcc09f64b969c4c8cc2d706e30a53b2357e81b2b921de13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795409-7628-4970-a04e-4514950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:45.000Z",
|
|
"modified": "2015-12-22T13:45:45.000Z",
|
|
"description": "- Xchecked via VT: 00876e6df7825d756199dd3835d41a4e",
|
|
"pattern": "[file:hashes.SHA1 = '0824ade158f92dab71db8ef701bb4df621d7f9ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540a-d354-410d-8865-4fa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:46.000Z",
|
|
"modified": "2015-12-22T13:45:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/77fb7d709f2c224e4bcc09f64b969c4c8cc2d706e30a53b2357e81b2b921de13/analysis/1338885439/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540a-4430-4f48-8cf3-4632950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:46.000Z",
|
|
"modified": "2015-12-22T13:45:46.000Z",
|
|
"description": "- Xchecked via VT: a303d27bb67ffb860e5a9c4688f9f261",
|
|
"pattern": "[file:hashes.SHA256 = '9d15259a7e8b5582ce245cfbdffeb1007d72c0b3054dd6d96d2479cb6e1fd201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540a-7e78-40cb-98f5-4c40950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:46.000Z",
|
|
"modified": "2015-12-22T13:45:46.000Z",
|
|
"description": "- Xchecked via VT: a303d27bb67ffb860e5a9c4688f9f261",
|
|
"pattern": "[file:hashes.SHA1 = '242252d4a585333c907a5ec79bd4551d629c7678']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540b-877c-445b-97a7-4de6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:47.000Z",
|
|
"modified": "2015-12-22T13:45:47.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/9d15259a7e8b5582ce245cfbdffeb1007d72c0b3054dd6d96d2479cb6e1fd201/analysis/1395721328/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540b-6b44-4e77-a9c3-43d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:47.000Z",
|
|
"modified": "2015-12-22T13:45:47.000Z",
|
|
"description": "- Xchecked via VT: 13cdf1069849651db157adad2ea52981",
|
|
"pattern": "[file:hashes.SHA256 = 'edbbf4ebb801bcab5de1eb1f0d3baba178a5a013e8442e9d199878aad47ed59a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540b-1a14-4056-83c9-46dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:47.000Z",
|
|
"modified": "2015-12-22T13:45:47.000Z",
|
|
"description": "- Xchecked via VT: 13cdf1069849651db157adad2ea52981",
|
|
"pattern": "[file:hashes.SHA1 = '74bb610b30bd20d955856800262b5acb0a7242d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540b-3320-4683-8bb7-4b0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:47.000Z",
|
|
"modified": "2015-12-22T13:45:47.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/edbbf4ebb801bcab5de1eb1f0d3baba178a5a013e8442e9d199878aad47ed59a/analysis/1443304750/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540c-e928-4891-a4bf-4014950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:48.000Z",
|
|
"modified": "2015-12-22T13:45:48.000Z",
|
|
"description": "- Xchecked via VT: 563b488ebfbb554334dad9fd524a3e53",
|
|
"pattern": "[file:hashes.SHA256 = '96b6085cd69bef74f1427882d0fec668b661327b05a503c1ffbc42929bacaa1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540c-616c-4feb-8a53-417f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:48.000Z",
|
|
"modified": "2015-12-22T13:45:48.000Z",
|
|
"description": "- Xchecked via VT: 563b488ebfbb554334dad9fd524a3e53",
|
|
"pattern": "[file:hashes.SHA1 = '545577a2dc15ec315d9ea8fa1cc84d30cf78170a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540c-5240-4578-b677-4c47950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:48.000Z",
|
|
"modified": "2015-12-22T13:45:48.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/96b6085cd69bef74f1427882d0fec668b661327b05a503c1ffbc42929bacaa1b/analysis/1376176267/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540c-1cd0-4c9a-bf64-472a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:48.000Z",
|
|
"modified": "2015-12-22T13:45:48.000Z",
|
|
"description": "- Xchecked via VT: 2155a93a255356bc134ec3cca30a5d10",
|
|
"pattern": "[file:hashes.SHA256 = '2b0eb81cbcfdef7f446b8eae8468a1e0952fa95b019b976d0ec27472ac66d526']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540d-3854-4536-9ed7-426f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:49.000Z",
|
|
"modified": "2015-12-22T13:45:49.000Z",
|
|
"description": "- Xchecked via VT: 2155a93a255356bc134ec3cca30a5d10",
|
|
"pattern": "[file:hashes.SHA1 = '24fefeb92ad27419880d0626ee0447c5278eb73e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540d-fc34-4423-88fb-42e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:49.000Z",
|
|
"modified": "2015-12-22T13:45:49.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2b0eb81cbcfdef7f446b8eae8468a1e0952fa95b019b976d0ec27472ac66d526/analysis/1446634761/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540d-f4a4-46d2-8c3d-443f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:49.000Z",
|
|
"modified": "2015-12-22T13:45:49.000Z",
|
|
"description": "- Xchecked via VT: e57cdf6eb2900309f30c5f02b4216239",
|
|
"pattern": "[file:hashes.SHA256 = '8d754c0a37a76b1b722a19403d9518ad5fd03caed845ceb19d7d51eee449d17e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540e-b20c-47af-85bf-4ef3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:50.000Z",
|
|
"modified": "2015-12-22T13:45:50.000Z",
|
|
"description": "- Xchecked via VT: e57cdf6eb2900309f30c5f02b4216239",
|
|
"pattern": "[file:hashes.SHA1 = '95737ab201df539ec12c2c09d0221bb6fd9ae8ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540e-47fc-4dab-a1b9-433b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:50.000Z",
|
|
"modified": "2015-12-22T13:45:50.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8d754c0a37a76b1b722a19403d9518ad5fd03caed845ceb19d7d51eee449d17e/analysis/1445862917/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540e-0840-42de-9077-47c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:50.000Z",
|
|
"modified": "2015-12-22T13:45:50.000Z",
|
|
"description": "- Xchecked via VT: 55b33cbe7a2dea21aa40ee28418c8561",
|
|
"pattern": "[file:hashes.SHA256 = '1f38ca55670746345b719582e93b0d23438451e980a808ab20541a95cf9e42d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540e-cc94-4645-ad37-462d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:50.000Z",
|
|
"modified": "2015-12-22T13:45:50.000Z",
|
|
"description": "- Xchecked via VT: 55b33cbe7a2dea21aa40ee28418c8561",
|
|
"pattern": "[file:hashes.SHA1 = '7968aa8344b5cf435c54ce11ea81831eceb2167c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540f-64e0-461f-afdf-4879950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:51.000Z",
|
|
"modified": "2015-12-22T13:45:51.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1f38ca55670746345b719582e93b0d23438451e980a808ab20541a95cf9e42d2/analysis/1375928229/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540f-b480-4ef2-8bcd-4a3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:51.000Z",
|
|
"modified": "2015-12-22T13:45:51.000Z",
|
|
"description": "- Xchecked via VT: 0d8c6de83a5b1f0cb50bace3dee13198",
|
|
"pattern": "[file:hashes.SHA256 = 'f34c313059b4f273affcda3ffe67a45ae94a2b0e9e33e524e9e3f70ad667eb25']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679540f-126c-4c75-9043-450d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:51.000Z",
|
|
"modified": "2015-12-22T13:45:51.000Z",
|
|
"description": "- Xchecked via VT: 0d8c6de83a5b1f0cb50bace3dee13198",
|
|
"pattern": "[file:hashes.SHA1 = 'f32f5de1ea20a543601a84e54dc767d000c7d997']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795410-5aec-4b36-91e1-49b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:52.000Z",
|
|
"modified": "2015-12-22T13:45:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f34c313059b4f273affcda3ffe67a45ae94a2b0e9e33e524e9e3f70ad667eb25/analysis/1445789048/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795410-9138-47a3-adc9-4000950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:52.000Z",
|
|
"modified": "2015-12-22T13:45:52.000Z",
|
|
"description": "- Xchecked via VT: b3f33e30ceadababf1ffc315004ee1a9",
|
|
"pattern": "[file:hashes.SHA256 = '3a994cc671a149ec832d4987ec5644b155f1f27380fe626b8637cfc38602874e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795410-9c1c-4a2f-a6ad-4ca3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:52.000Z",
|
|
"modified": "2015-12-22T13:45:52.000Z",
|
|
"description": "- Xchecked via VT: b3f33e30ceadababf1ffc315004ee1a9",
|
|
"pattern": "[file:hashes.SHA1 = '6acccad851000f99e729fb7ac074a6d0cf043b1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795410-3810-4d4c-83fe-4cc7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:52.000Z",
|
|
"modified": "2015-12-22T13:45:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3a994cc671a149ec832d4987ec5644b155f1f27380fe626b8637cfc38602874e/analysis/1395201983/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795411-fb18-4579-abf2-434e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:53.000Z",
|
|
"modified": "2015-12-22T13:45:53.000Z",
|
|
"description": "- Xchecked via VT: ba263f56c138bc189ae74d86f9eec9ec",
|
|
"pattern": "[file:hashes.SHA256 = '24e852d8dc99ee1ae16fc270e79133d8750aa62945c75f20338f77df69813ad4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795411-baac-412a-9a29-4c04950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:53.000Z",
|
|
"modified": "2015-12-22T13:45:53.000Z",
|
|
"description": "- Xchecked via VT: ba263f56c138bc189ae74d86f9eec9ec",
|
|
"pattern": "[file:hashes.SHA1 = 'c85f9a0631c639004c78969d6fa94c1f479da2ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795411-0a00-4d89-8200-422b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:53.000Z",
|
|
"modified": "2015-12-22T13:45:53.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/24e852d8dc99ee1ae16fc270e79133d8750aa62945c75f20338f77df69813ad4/analysis/1390479984/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795412-4b2c-452d-b05b-4c86950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:54.000Z",
|
|
"modified": "2015-12-22T13:45:54.000Z",
|
|
"description": "- Xchecked via VT: 98e94fc3e873c315622db695c02520a4",
|
|
"pattern": "[file:hashes.SHA256 = 'e5bc5822616fec6831ea2644a8e5c2ad42ab44b62c1bc6228d58fd65f1ba7668']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795412-aa84-4b33-898b-4d15950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:54.000Z",
|
|
"modified": "2015-12-22T13:45:54.000Z",
|
|
"description": "- Xchecked via VT: 98e94fc3e873c315622db695c02520a4",
|
|
"pattern": "[file:hashes.SHA1 = 'cb42e784cf61c19c5d0e8ee7b228a0a576b07cfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795412-c580-4d1e-925e-4d86950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:54.000Z",
|
|
"modified": "2015-12-22T13:45:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e5bc5822616fec6831ea2644a8e5c2ad42ab44b62c1bc6228d58fd65f1ba7668/analysis/1378777355/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795413-1d0c-4658-897d-46ab950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:55.000Z",
|
|
"modified": "2015-12-22T13:45:55.000Z",
|
|
"description": "- Xchecked via VT: d4a0f44d3f6464b7459641e4c6039094",
|
|
"pattern": "[file:hashes.SHA256 = '85ecde2be890ca3f7dd80bbfaa33ace8adb38feb8b0eff19d28917ce32090309']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795413-7ad8-4e7b-bcf1-418f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:55.000Z",
|
|
"modified": "2015-12-22T13:45:55.000Z",
|
|
"description": "- Xchecked via VT: d4a0f44d3f6464b7459641e4c6039094",
|
|
"pattern": "[file:hashes.SHA1 = 'a8efedca26d23e9e79c2acc08d57f917180b9165']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795413-8fb0-46e0-8f56-4367950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:55.000Z",
|
|
"modified": "2015-12-22T13:45:55.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/85ecde2be890ca3f7dd80bbfaa33ace8adb38feb8b0eff19d28917ce32090309/analysis/1445527484/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795413-e360-4f2b-977b-449c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:55.000Z",
|
|
"modified": "2015-12-22T13:45:55.000Z",
|
|
"description": "- Xchecked via VT: f9ebb57a8c32ab7ebd6b013dd1ee4092",
|
|
"pattern": "[file:hashes.SHA256 = '47e96fbf036411ffc85e5851675f6a356ca7830bb8d9fb4c8c81c42bb00f3fea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795414-29c4-4db2-87bc-4e5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:56.000Z",
|
|
"modified": "2015-12-22T13:45:56.000Z",
|
|
"description": "- Xchecked via VT: f9ebb57a8c32ab7ebd6b013dd1ee4092",
|
|
"pattern": "[file:hashes.SHA1 = 'd65d549ac3bb712769e3950df860701ca982aae7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795414-581c-4ace-a0ab-4141950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:56.000Z",
|
|
"modified": "2015-12-22T13:45:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/47e96fbf036411ffc85e5851675f6a356ca7830bb8d9fb4c8c81c42bb00f3fea/analysis/1378460453/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795414-cebc-4264-a95b-43d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:56.000Z",
|
|
"modified": "2015-12-22T13:45:56.000Z",
|
|
"description": "- Xchecked via VT: f7f08f8fbc742a86c2ca68a4426eb583",
|
|
"pattern": "[file:hashes.SHA256 = '016d82c7c6425f1d04f88e7f36b1f210fd80321b70d1ef6306fcf2536051184f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795414-d3d8-4c7a-8654-447e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:56.000Z",
|
|
"modified": "2015-12-22T13:45:56.000Z",
|
|
"description": "- Xchecked via VT: f7f08f8fbc742a86c2ca68a4426eb583",
|
|
"pattern": "[file:hashes.SHA1 = '1ff4d383122d6bfbd6e49a39407d6b21200ebd9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795415-3e0c-41e3-a741-4b4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:57.000Z",
|
|
"modified": "2015-12-22T13:45:57.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/016d82c7c6425f1d04f88e7f36b1f210fd80321b70d1ef6306fcf2536051184f/analysis/1431106886/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795415-9308-4bc2-94b5-4ea7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:57.000Z",
|
|
"modified": "2015-12-22T13:45:57.000Z",
|
|
"description": "- Xchecked via VT: b7d65e15fd343ed23ecb031383b82322",
|
|
"pattern": "[file:hashes.SHA256 = 'eb5a3be75ee1c78cdd77a37a7a40e7a9ad6e8cf0a07d2f1b77e26c2ab21546ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795415-9c74-48c7-9ca7-4026950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:57.000Z",
|
|
"modified": "2015-12-22T13:45:57.000Z",
|
|
"description": "- Xchecked via VT: b7d65e15fd343ed23ecb031383b82322",
|
|
"pattern": "[file:hashes.SHA1 = '0a04c512bc245ea814937f8b67b0ddf3aa89b466']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795416-cd50-4d30-adf4-4b49950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:58.000Z",
|
|
"modified": "2015-12-22T13:45:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/eb5a3be75ee1c78cdd77a37a7a40e7a9ad6e8cf0a07d2f1b77e26c2ab21546ac/analysis/1375839202/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795416-86c8-4a0a-a080-4551950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:58.000Z",
|
|
"modified": "2015-12-22T13:45:58.000Z",
|
|
"description": "- Xchecked via VT: b90cc4900f53e8f4ad5b822eea49fb62",
|
|
"pattern": "[file:hashes.SHA256 = '24db45969710bfd418f81f89aebf36d4f96d182856de247ac45b4b33f09d4ae9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795416-6054-4e2e-8eaa-4f5c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:58.000Z",
|
|
"modified": "2015-12-22T13:45:58.000Z",
|
|
"description": "- Xchecked via VT: b90cc4900f53e8f4ad5b822eea49fb62",
|
|
"pattern": "[file:hashes.SHA1 = '74289fe15c6392cf71cb5f2a3790114e8de52776']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795416-1aa8-4ff3-94b8-44e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:58.000Z",
|
|
"modified": "2015-12-22T13:45:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/24db45969710bfd418f81f89aebf36d4f96d182856de247ac45b4b33f09d4ae9/analysis/1377396634/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795417-62a8-4b3d-9d1b-4aa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:59.000Z",
|
|
"modified": "2015-12-22T13:45:59.000Z",
|
|
"description": "- Xchecked via VT: 94331d78fcfab83aec3af1537633b523",
|
|
"pattern": "[file:hashes.SHA256 = '953b2617e5dd3160ae2c0a28a7cbfffc9bac409ff09bf8a6686dbadc093829e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795417-2fd4-445f-a07c-469e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:59.000Z",
|
|
"modified": "2015-12-22T13:45:59.000Z",
|
|
"description": "- Xchecked via VT: 94331d78fcfab83aec3af1537633b523",
|
|
"pattern": "[file:hashes.SHA1 = '247497944e7a4fd03fc1185646a1fedf429ec5d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795417-0508-46e4-b56b-4020950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:45:59.000Z",
|
|
"modified": "2015-12-22T13:45:59.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/953b2617e5dd3160ae2c0a28a7cbfffc9bac409ff09bf8a6686dbadc093829e0/analysis/1423427863/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:45:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795418-0dbc-43e0-bd5c-4b0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:00.000Z",
|
|
"modified": "2015-12-22T13:46:00.000Z",
|
|
"description": "- Xchecked via VT: 690bc0267bdc800a672da864a774bc01",
|
|
"pattern": "[file:hashes.SHA256 = '6997fabc501215e04786292ce1900be0de6974e474ecaa4a25461df8708ae3f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795418-42a4-4231-91e5-448c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:00.000Z",
|
|
"modified": "2015-12-22T13:46:00.000Z",
|
|
"description": "- Xchecked via VT: 690bc0267bdc800a672da864a774bc01",
|
|
"pattern": "[file:hashes.SHA1 = '2d7f50f026c2e401c45d09bc2dd641b895ee2675']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795418-b898-4455-ad2e-4e39950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:00.000Z",
|
|
"modified": "2015-12-22T13:46:00.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6997fabc501215e04786292ce1900be0de6974e474ecaa4a25461df8708ae3f0/analysis/1376102652/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795419-db80-4817-8d92-43d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:01.000Z",
|
|
"modified": "2015-12-22T13:46:01.000Z",
|
|
"description": "- Xchecked via VT: 1520574f77b1c1318b368f103e0633f4",
|
|
"pattern": "[file:hashes.SHA256 = '180672f5e69c95d9be20458b9d0f985b913a5d2bb4621069066babaaafc96522']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795419-7e08-4f23-8ceb-46a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:01.000Z",
|
|
"modified": "2015-12-22T13:46:01.000Z",
|
|
"description": "- Xchecked via VT: 1520574f77b1c1318b368f103e0633f4",
|
|
"pattern": "[file:hashes.SHA1 = 'fbe00995d86e274ae5ccd80cd0854dfe888145b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795419-f628-49eb-8888-471f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:01.000Z",
|
|
"modified": "2015-12-22T13:46:01.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/180672f5e69c95d9be20458b9d0f985b913a5d2bb4621069066babaaafc96522/analysis/1376725511/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795419-30e4-41a2-b4a8-4368950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:01.000Z",
|
|
"modified": "2015-12-22T13:46:01.000Z",
|
|
"description": "- Xchecked via VT: a8714aac274a18f1724d9702d40030bf",
|
|
"pattern": "[file:hashes.SHA256 = '4f3bd6a74ddb04a5c4ae2f0b7290e1fe06123fbb681039962b3b291d143ebbc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541a-1e74-4920-80dc-4cff950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:02.000Z",
|
|
"modified": "2015-12-22T13:46:02.000Z",
|
|
"description": "- Xchecked via VT: a8714aac274a18f1724d9702d40030bf",
|
|
"pattern": "[file:hashes.SHA1 = 'd5da2c4e6024056ca07958d8b6336d17f7109cf8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541a-5aa4-4087-9f28-4c76950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:02.000Z",
|
|
"modified": "2015-12-22T13:46:02.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4f3bd6a74ddb04a5c4ae2f0b7290e1fe06123fbb681039962b3b291d143ebbc3/analysis/1418920628/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541a-e56c-48bb-9683-4741950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:02.000Z",
|
|
"modified": "2015-12-22T13:46:02.000Z",
|
|
"description": "- Xchecked via VT: ce52e16dca018089a25fbc506aba3b12",
|
|
"pattern": "[file:hashes.SHA256 = 'cf405d96aab5de5677c65e173fb7b9c684177bf3625bc90831b8c2a8e5e4f889']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541b-210c-45b7-ad30-4993950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:03.000Z",
|
|
"modified": "2015-12-22T13:46:03.000Z",
|
|
"description": "- Xchecked via VT: ce52e16dca018089a25fbc506aba3b12",
|
|
"pattern": "[file:hashes.SHA1 = 'd065fdef54b374fc900023fcb4d16398ec2918a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541b-5d24-4cce-8d79-412e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:03.000Z",
|
|
"modified": "2015-12-22T13:46:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/cf405d96aab5de5677c65e173fb7b9c684177bf3625bc90831b8c2a8e5e4f889/analysis/1390183466/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541b-1510-42c3-bd84-44d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:03.000Z",
|
|
"modified": "2015-12-22T13:46:03.000Z",
|
|
"description": "- Xchecked via VT: 0a67104c58d31ad2183b178a802c5486",
|
|
"pattern": "[file:hashes.SHA256 = 'b5665901b8d2dc68b28bdb01bb8e4e5418a7624dccc1cf0e4262729593e92be1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541b-b134-47f4-bd43-4ba9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:03.000Z",
|
|
"modified": "2015-12-22T13:46:03.000Z",
|
|
"description": "- Xchecked via VT: 0a67104c58d31ad2183b178a802c5486",
|
|
"pattern": "[file:hashes.SHA1 = '0f588492641fc04d848e4c704377c7beba0c0e3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541c-3e24-4845-b2f3-4c56950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:04.000Z",
|
|
"modified": "2015-12-22T13:46:04.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b5665901b8d2dc68b28bdb01bb8e4e5418a7624dccc1cf0e4262729593e92be1/analysis/1443101679/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541c-501c-428e-8278-4fb0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:04.000Z",
|
|
"modified": "2015-12-22T13:46:04.000Z",
|
|
"description": "- Xchecked via VT: e3eae5ec827bc0e48caa16d7319e37e1",
|
|
"pattern": "[file:hashes.SHA256 = '437a380c780f022e355ebfa55160ea71fcdd70cca394fa31d652c87a5762fbdb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541c-ce04-4859-a62a-4a7c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:04.000Z",
|
|
"modified": "2015-12-22T13:46:04.000Z",
|
|
"description": "- Xchecked via VT: e3eae5ec827bc0e48caa16d7319e37e1",
|
|
"pattern": "[file:hashes.SHA1 = '7d6f232e3c7434dad5b0c2339f42a1461915b32b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541d-fcc8-41f1-b39c-466e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:05.000Z",
|
|
"modified": "2015-12-22T13:46:05.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/437a380c780f022e355ebfa55160ea71fcdd70cca394fa31d652c87a5762fbdb/analysis/1395391995/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541d-6198-4fa5-8b31-4c45950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:05.000Z",
|
|
"modified": "2015-12-22T13:46:05.000Z",
|
|
"description": "- Xchecked via VT: 27384fa33eb687c18bb634241380b11b",
|
|
"pattern": "[file:hashes.SHA256 = '7a2740ecc1ccccc8e3a8f0cb78d7288a72a97572792a1fa27bd2f7009fa96204']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541d-a8f0-4f82-a3e1-416b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:05.000Z",
|
|
"modified": "2015-12-22T13:46:05.000Z",
|
|
"description": "- Xchecked via VT: 27384fa33eb687c18bb634241380b11b",
|
|
"pattern": "[file:hashes.SHA1 = '643d063764ded6f8fb8b3faf74f0dbdd5c047552']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541e-d87c-4227-bd05-489a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:06.000Z",
|
|
"modified": "2015-12-22T13:46:06.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7a2740ecc1ccccc8e3a8f0cb78d7288a72a97572792a1fa27bd2f7009fa96204/analysis/1445533548/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541e-a55c-467f-8362-4d5c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:06.000Z",
|
|
"modified": "2015-12-22T13:46:06.000Z",
|
|
"description": "- Xchecked via VT: eddfbf35ac07fa9ab25cc4c421e205fe",
|
|
"pattern": "[file:hashes.SHA256 = 'bc90535f3412fce0092c69424700a36e4f006ee79729897a5f443752301850ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541e-e714-4c9a-bcab-4efe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:06.000Z",
|
|
"modified": "2015-12-22T13:46:06.000Z",
|
|
"description": "- Xchecked via VT: eddfbf35ac07fa9ab25cc4c421e205fe",
|
|
"pattern": "[file:hashes.SHA1 = 'e6cc91c0358db79048fce805fae90f9023f789f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541f-c038-4612-a595-48a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:07.000Z",
|
|
"modified": "2015-12-22T13:46:07.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bc90535f3412fce0092c69424700a36e4f006ee79729897a5f443752301850ca/analysis/1438874414/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541f-d6d0-451e-82cb-470a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:07.000Z",
|
|
"modified": "2015-12-22T13:46:07.000Z",
|
|
"description": "- Xchecked via VT: d3483dc296ca1c7d786ca117eda5c136",
|
|
"pattern": "[file:hashes.SHA256 = '3746fe21e75ecd84ae124f3b3b1f8cd4fd37945995134d289591983a2e592599']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541f-1ef8-470e-bc08-4efd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:07.000Z",
|
|
"modified": "2015-12-22T13:46:07.000Z",
|
|
"description": "- Xchecked via VT: d3483dc296ca1c7d786ca117eda5c136",
|
|
"pattern": "[file:hashes.SHA1 = '8fa9ec4bfce21cc7f7df00b4ae075b03aebac83f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679541f-bfcc-4ee7-89b9-4be1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:07.000Z",
|
|
"modified": "2015-12-22T13:46:07.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3746fe21e75ecd84ae124f3b3b1f8cd4fd37945995134d289591983a2e592599/analysis/1446040381/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795420-1f8c-44dc-be43-46e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:08.000Z",
|
|
"modified": "2015-12-22T13:46:08.000Z",
|
|
"description": "- Xchecked via VT: 425863f1796eafa9d23986a74ed6532a",
|
|
"pattern": "[file:hashes.SHA256 = '0495531f7061bfd4678a8bc9f31515bdafb676363475c3ef6585c98ff55ccdda']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795420-5fe4-4056-915b-4846950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:08.000Z",
|
|
"modified": "2015-12-22T13:46:08.000Z",
|
|
"description": "- Xchecked via VT: 425863f1796eafa9d23986a74ed6532a",
|
|
"pattern": "[file:hashes.SHA1 = '13572e472684597a2be67b94cd0bb54f3351dad2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795420-bcf8-4043-8916-4b9a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:08.000Z",
|
|
"modified": "2015-12-22T13:46:08.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0495531f7061bfd4678a8bc9f31515bdafb676363475c3ef6585c98ff55ccdda/analysis/1445745210/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795421-679c-418d-aed4-44b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:09.000Z",
|
|
"modified": "2015-12-22T13:46:09.000Z",
|
|
"description": "- Xchecked via VT: 3abeab135f47e097140d96ad5ed8ba8f",
|
|
"pattern": "[file:hashes.SHA256 = '8ed78cac79ea59866f9237e3665f3c3c991ed4dcf6da06b0e989b5399b1ef29c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795421-16ec-49e2-8d83-47bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:09.000Z",
|
|
"modified": "2015-12-22T13:46:09.000Z",
|
|
"description": "- Xchecked via VT: 3abeab135f47e097140d96ad5ed8ba8f",
|
|
"pattern": "[file:hashes.SHA1 = '35ae91dfb1700d228799f4770baafc2921d80408']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795421-9e4c-40c2-b7ae-4e31950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:09.000Z",
|
|
"modified": "2015-12-22T13:46:09.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8ed78cac79ea59866f9237e3665f3c3c991ed4dcf6da06b0e989b5399b1ef29c/analysis/1445845842/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795421-eff4-4ddb-84cb-45b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:09.000Z",
|
|
"modified": "2015-12-22T13:46:09.000Z",
|
|
"description": "- Xchecked via VT: f5ca13562fb1b3cec45358021a3b4a25",
|
|
"pattern": "[file:hashes.SHA256 = '3bbf801f938e3a8946ed4500cd391a381fc0eb1c4028fdb5c99008438ab72e5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795422-4108-4fc3-965a-4955950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:10.000Z",
|
|
"modified": "2015-12-22T13:46:10.000Z",
|
|
"description": "- Xchecked via VT: f5ca13562fb1b3cec45358021a3b4a25",
|
|
"pattern": "[file:hashes.SHA1 = 'e8c922d420f9ebcfe0cfe353735d728b8fac862f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795422-8984-4998-b10c-4c6b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:10.000Z",
|
|
"modified": "2015-12-22T13:46:10.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3bbf801f938e3a8946ed4500cd391a381fc0eb1c4028fdb5c99008438ab72e5a/analysis/1385246109/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795422-d1f0-47e1-937e-4693950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:10.000Z",
|
|
"modified": "2015-12-22T13:46:10.000Z",
|
|
"description": "- Xchecked via VT: 7cd4ac924592270d75fad9ee07217582",
|
|
"pattern": "[file:hashes.SHA256 = '570623d2c857f660f619d7910888950014a5c39a4609e5223e5bbfd539495fae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795422-f798-42ae-b25a-4b3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:10.000Z",
|
|
"modified": "2015-12-22T13:46:10.000Z",
|
|
"description": "- Xchecked via VT: 7cd4ac924592270d75fad9ee07217582",
|
|
"pattern": "[file:hashes.SHA1 = 'e96fd46c8114129b0ba598e3558e653ba1ee35f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795423-a438-4885-a7ac-4060950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:11.000Z",
|
|
"modified": "2015-12-22T13:46:11.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/570623d2c857f660f619d7910888950014a5c39a4609e5223e5bbfd539495fae/analysis/1385927360/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795423-350c-43fb-a7e3-4992950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:11.000Z",
|
|
"modified": "2015-12-22T13:46:11.000Z",
|
|
"description": "- Xchecked via VT: 159e488358ca72d9850b3874a492eab6",
|
|
"pattern": "[file:hashes.SHA256 = 'f59ee8085b05208c783d232bb24cc5e4c00bb4d67d69f7fc57623453239dd703']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795423-0480-48f1-97f1-479b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:11.000Z",
|
|
"modified": "2015-12-22T13:46:11.000Z",
|
|
"description": "- Xchecked via VT: 159e488358ca72d9850b3874a492eab6",
|
|
"pattern": "[file:hashes.SHA1 = '3796cb58a223bc6c1851ff1cbb6ce7f468c169dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795424-edfc-4322-a69d-492e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:12.000Z",
|
|
"modified": "2015-12-22T13:46:12.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f59ee8085b05208c783d232bb24cc5e4c00bb4d67d69f7fc57623453239dd703/analysis/1416122910/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795424-7234-4557-8e46-43e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:12.000Z",
|
|
"modified": "2015-12-22T13:46:12.000Z",
|
|
"description": "- Xchecked via VT: 23e954010394331c8787b07b9400ed26",
|
|
"pattern": "[file:hashes.SHA256 = 'd3fedaa8a14b172d0f082fc23b2b7046a1e0b77db1c3b1bc9cfedfa861b3a3a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795424-e428-4987-8deb-408f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:12.000Z",
|
|
"modified": "2015-12-22T13:46:12.000Z",
|
|
"description": "- Xchecked via VT: 23e954010394331c8787b07b9400ed26",
|
|
"pattern": "[file:hashes.SHA1 = '63ebfdba09cd25b3ecb19cd7a4af92dfeaaa37c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795424-45fc-4ba1-9bd1-42e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:12.000Z",
|
|
"modified": "2015-12-22T13:46:12.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/d3fedaa8a14b172d0f082fc23b2b7046a1e0b77db1c3b1bc9cfedfa861b3a3a1/analysis/1446252161/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795425-2a94-4203-971f-4463950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:13.000Z",
|
|
"modified": "2015-12-22T13:46:13.000Z",
|
|
"description": "- Xchecked via VT: 07c571aa60d66fb8de6024ff2bd9ac7c",
|
|
"pattern": "[file:hashes.SHA256 = '17bd386758aa66d2d3784f6c4b3a074f7c49fc6da001e448ea74962e4ba76eef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795425-6c7c-4e38-ae1a-4dfa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:13.000Z",
|
|
"modified": "2015-12-22T13:46:13.000Z",
|
|
"description": "- Xchecked via VT: 07c571aa60d66fb8de6024ff2bd9ac7c",
|
|
"pattern": "[file:hashes.SHA1 = '7f3985307c76c77a8a2c4b7cdb791855563e9ad3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795425-4338-4975-8b05-491d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:13.000Z",
|
|
"modified": "2015-12-22T13:46:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/17bd386758aa66d2d3784f6c4b3a074f7c49fc6da001e448ea74962e4ba76eef/analysis/1441887955/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795426-48b8-416b-a920-4eb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:14.000Z",
|
|
"modified": "2015-12-22T13:46:14.000Z",
|
|
"description": "- Xchecked via VT: a1cd2a3bbe224bde828c4e2f5b62f601",
|
|
"pattern": "[file:hashes.SHA256 = '6ce53e7f021b363b52ee4506c512e6bf32c877b12304bf16f7113f75f705a2ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795426-6000-4571-9140-47e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:14.000Z",
|
|
"modified": "2015-12-22T13:46:14.000Z",
|
|
"description": "- Xchecked via VT: a1cd2a3bbe224bde828c4e2f5b62f601",
|
|
"pattern": "[file:hashes.SHA1 = '400115dbea80759c4d7617b50b74da1086ebc3fd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795426-b360-4e31-b25e-4b84950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:14.000Z",
|
|
"modified": "2015-12-22T13:46:14.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6ce53e7f021b363b52ee4506c512e6bf32c877b12304bf16f7113f75f705a2ae/analysis/1393852126/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795426-6760-4b01-b591-42a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:14.000Z",
|
|
"modified": "2015-12-22T13:46:14.000Z",
|
|
"description": "- Xchecked via VT: 958e105937178056f8fbb55b55400c09",
|
|
"pattern": "[file:hashes.SHA256 = 'fb605d211268191572458ef81b7051d32235f5ed8494eb31eb3ec5315813c475']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795427-1e5c-474c-b96e-4231950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:15.000Z",
|
|
"modified": "2015-12-22T13:46:15.000Z",
|
|
"description": "- Xchecked via VT: 958e105937178056f8fbb55b55400c09",
|
|
"pattern": "[file:hashes.SHA1 = 'b33cc8bfe2d366b25d3f4f03aa2c46592e4f4550']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795427-2978-4a01-aa6b-4bfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:15.000Z",
|
|
"modified": "2015-12-22T13:46:15.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fb605d211268191572458ef81b7051d32235f5ed8494eb31eb3ec5315813c475/analysis/1395700557/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795427-c3d0-4ecf-98d3-442a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:15.000Z",
|
|
"modified": "2015-12-22T13:46:15.000Z",
|
|
"description": "- Xchecked via VT: af583993828aba02e04f3b6a103abfa2",
|
|
"pattern": "[file:hashes.SHA256 = '2895e4cdb3d440bf5b7c98a0dc067b6691476b73d8d34a3a138d38183ccbfba1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795428-e310-4585-8d9a-4365950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:16.000Z",
|
|
"modified": "2015-12-22T13:46:16.000Z",
|
|
"description": "- Xchecked via VT: af583993828aba02e04f3b6a103abfa2",
|
|
"pattern": "[file:hashes.SHA1 = 'bbdb1658c0eb87d10bfda60e431972ca011556fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795428-3bcc-4f56-b9d8-406e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:16.000Z",
|
|
"modified": "2015-12-22T13:46:16.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2895e4cdb3d440bf5b7c98a0dc067b6691476b73d8d34a3a138d38183ccbfba1/analysis/1399601935/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795428-e308-49ac-adac-401b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:16.000Z",
|
|
"modified": "2015-12-22T13:46:16.000Z",
|
|
"description": "- Xchecked via VT: 0498f74a658fd2efadb224035444cc01",
|
|
"pattern": "[file:hashes.SHA256 = '6ebd1cb6c6476e748b6b00a86f7189875c3b5f2477fc5e97f9861df0683c27a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795428-4d9c-4ae3-b390-4595950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:16.000Z",
|
|
"modified": "2015-12-22T13:46:16.000Z",
|
|
"description": "- Xchecked via VT: 0498f74a658fd2efadb224035444cc01",
|
|
"pattern": "[file:hashes.SHA1 = '568a99da47d650feebc927bb1e12bb658b22b68e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795429-6ab0-4407-a818-4922950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:17.000Z",
|
|
"modified": "2015-12-22T13:46:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6ebd1cb6c6476e748b6b00a86f7189875c3b5f2477fc5e97f9861df0683c27a2/analysis/1443046749/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795429-6d1c-48ee-8bd8-4575950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:17.000Z",
|
|
"modified": "2015-12-22T13:46:17.000Z",
|
|
"description": "- Xchecked via VT: 4ec51012233e45e8e293c61250b080ac",
|
|
"pattern": "[file:hashes.SHA256 = '5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795429-18a0-46b0-bc96-4eb4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:17.000Z",
|
|
"modified": "2015-12-22T13:46:17.000Z",
|
|
"description": "- Xchecked via VT: 4ec51012233e45e8e293c61250b080ac",
|
|
"pattern": "[file:hashes.SHA1 = '777ba38c219d5c0251571b00d630fa3c5a59c9ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542a-e840-4f04-94f6-4ff3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:18.000Z",
|
|
"modified": "2015-12-22T13:46:18.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/5dce01ec5e1bc1b4f5012e0b4bf16532206284fc8c64cfb8dcf907f45caf98fc/analysis/1445845243/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542a-dcc0-463a-a545-4329950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:18.000Z",
|
|
"modified": "2015-12-22T13:46:18.000Z",
|
|
"description": "- Xchecked via VT: a20f40fe33eab25896fd32303f674ee3",
|
|
"pattern": "[file:hashes.SHA256 = 'c4ac07efc8485283cba4cfb2424c6bec6aea4b24fee336330bd0c37e0803acde']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542a-5580-41f5-82fd-41cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:18.000Z",
|
|
"modified": "2015-12-22T13:46:18.000Z",
|
|
"description": "- Xchecked via VT: a20f40fe33eab25896fd32303f674ee3",
|
|
"pattern": "[file:hashes.SHA1 = 'c68f10d8ac10f1be73a8b3e72b59d73a1241f6b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542a-2ff8-4c97-882b-4087950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:18.000Z",
|
|
"modified": "2015-12-22T13:46:18.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c4ac07efc8485283cba4cfb2424c6bec6aea4b24fee336330bd0c37e0803acde/analysis/1445526286/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542b-1288-4870-a75b-4849950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:19.000Z",
|
|
"modified": "2015-12-22T13:46:19.000Z",
|
|
"description": "- Xchecked via VT: 583712cb32000507e1157ea68bf0d961",
|
|
"pattern": "[file:hashes.SHA256 = '7c2a00a11a42c1e1131b65be5eca49fc543e96e9fe49c26922c8bfcfcf34b122']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542b-aa58-40cf-a324-400f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:19.000Z",
|
|
"modified": "2015-12-22T13:46:19.000Z",
|
|
"description": "- Xchecked via VT: 583712cb32000507e1157ea68bf0d961",
|
|
"pattern": "[file:hashes.SHA1 = 'ba43098cbbb8f3d26db42fe9b8f7cf9578b9023e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542b-fc8c-445a-b708-485e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:19.000Z",
|
|
"modified": "2015-12-22T13:46:19.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7c2a00a11a42c1e1131b65be5eca49fc543e96e9fe49c26922c8bfcfcf34b122/analysis/1443253269/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542c-bb14-4a1d-9bde-4f7a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:20.000Z",
|
|
"modified": "2015-12-22T13:46:20.000Z",
|
|
"description": "- Xchecked via VT: be00bdad4719a15e17d933292cc72541",
|
|
"pattern": "[file:hashes.SHA256 = 'e8f15d826e85a0d0c72e44ad55dde337d784969d29ffa77adbe88f620efdf272']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542c-dcf4-4047-a581-4c66950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:20.000Z",
|
|
"modified": "2015-12-22T13:46:20.000Z",
|
|
"description": "- Xchecked via VT: be00bdad4719a15e17d933292cc72541",
|
|
"pattern": "[file:hashes.SHA1 = '88b8bb877a3df99473c126132a6e812ba425cc22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542c-1a10-4f0a-bbf0-48e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:20.000Z",
|
|
"modified": "2015-12-22T13:46:20.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e8f15d826e85a0d0c72e44ad55dde337d784969d29ffa77adbe88f620efdf272/analysis/1436484565/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542d-9318-4e71-a7e6-4e36950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:21.000Z",
|
|
"modified": "2015-12-22T13:46:21.000Z",
|
|
"description": "- Xchecked via VT: bfbd56c546fa4430e874a683d735b8a4",
|
|
"pattern": "[file:hashes.SHA256 = 'd0dc04665f15fc0942dc36105f133efadb31d52e114fb414f615a2359313141a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542d-b01c-40ad-83e9-450d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:21.000Z",
|
|
"modified": "2015-12-22T13:46:21.000Z",
|
|
"description": "- Xchecked via VT: bfbd56c546fa4430e874a683d735b8a4",
|
|
"pattern": "[file:hashes.SHA1 = '843164ea5d628bc7321e41e22a11a063c3514485']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542d-4d6c-4b84-bbe9-4605950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:21.000Z",
|
|
"modified": "2015-12-22T13:46:21.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/d0dc04665f15fc0942dc36105f133efadb31d52e114fb414f615a2359313141a/analysis/1445750260/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542d-2308-4a29-8b5f-4a68950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:21.000Z",
|
|
"modified": "2015-12-22T13:46:21.000Z",
|
|
"description": "- Xchecked via VT: ea418a6af186c2d68ce9d9675e038f5a",
|
|
"pattern": "[file:hashes.SHA256 = '933bbcf3bb18f29d8d41a87ffa0085a1d88713d6d901313c75599e28e3826394']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542e-5bf0-4e81-b993-4a4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:22.000Z",
|
|
"modified": "2015-12-22T13:46:22.000Z",
|
|
"description": "- Xchecked via VT: ea418a6af186c2d68ce9d9675e038f5a",
|
|
"pattern": "[file:hashes.SHA1 = 'd01e3b6a32cdd01233ec5fdfdac9dfc63de97131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542e-1db0-4adf-a8d2-42d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:22.000Z",
|
|
"modified": "2015-12-22T13:46:22.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/933bbcf3bb18f29d8d41a87ffa0085a1d88713d6d901313c75599e28e3826394/analysis/1381487999/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542e-bc1c-4991-81c4-45a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:22.000Z",
|
|
"modified": "2015-12-22T13:46:22.000Z",
|
|
"description": "- Xchecked via VT: 06a05686bac7ad65ba531bfa8da018f3",
|
|
"pattern": "[file:hashes.SHA256 = '35ba9093ec059a6fd1da213920c5cf695a1c6648f6fcc5af17f3640233a37124']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542f-3d54-4f79-ba08-4d2e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:23.000Z",
|
|
"modified": "2015-12-22T13:46:23.000Z",
|
|
"description": "- Xchecked via VT: 06a05686bac7ad65ba531bfa8da018f3",
|
|
"pattern": "[file:hashes.SHA1 = '83584b942d80880b2d0260199c8248f1dda2bac4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542f-76c8-440d-afed-4867950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:23.000Z",
|
|
"modified": "2015-12-22T13:46:23.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/35ba9093ec059a6fd1da213920c5cf695a1c6648f6fcc5af17f3640233a37124/analysis/1385479815/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679542f-8c50-47c6-9dc2-40d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:23.000Z",
|
|
"modified": "2015-12-22T13:46:23.000Z",
|
|
"description": "- Xchecked via VT: 19ad6b91ae454dab983ec23eaf1c6906",
|
|
"pattern": "[file:hashes.SHA256 = '18623e8506cba7ce7d0c20af9478f7c9b57100b8fe88f4b6a4695a6bd5e70063']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795430-ef00-4137-a446-4d66950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:24.000Z",
|
|
"modified": "2015-12-22T13:46:24.000Z",
|
|
"description": "- Xchecked via VT: 19ad6b91ae454dab983ec23eaf1c6906",
|
|
"pattern": "[file:hashes.SHA1 = 'aface251486da571bf555fd519a22b8ce7f17c55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795430-44a4-4077-9724-4601950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:24.000Z",
|
|
"modified": "2015-12-22T13:46:24.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/18623e8506cba7ce7d0c20af9478f7c9b57100b8fe88f4b6a4695a6bd5e70063/analysis/1406766670/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795430-90e4-4b1a-88d0-4be1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:24.000Z",
|
|
"modified": "2015-12-22T13:46:24.000Z",
|
|
"description": "- Xchecked via VT: 0c35847f5fc5634850dabe8051838b44",
|
|
"pattern": "[file:hashes.SHA256 = 'b4d33041c35b44b44f56ee7bcd84c54df3b183711395ca32e76f2802a1df5d55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795430-5240-4877-b0f7-467d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:24.000Z",
|
|
"modified": "2015-12-22T13:46:24.000Z",
|
|
"description": "- Xchecked via VT: 0c35847f5fc5634850dabe8051838b44",
|
|
"pattern": "[file:hashes.SHA1 = 'd70244fc217af2bb0ec27f59b92dc683c99f1e69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795431-a368-4c3b-970f-48ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:25.000Z",
|
|
"modified": "2015-12-22T13:46:25.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b4d33041c35b44b44f56ee7bcd84c54df3b183711395ca32e76f2802a1df5d55/analysis/1385616869/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795431-77fc-4b0d-8d0c-4265950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:25.000Z",
|
|
"modified": "2015-12-22T13:46:25.000Z",
|
|
"description": "- Xchecked via VT: 0c9286149e30986233391aa87cca7876",
|
|
"pattern": "[file:hashes.SHA256 = 'e1369020605769431561d999fe0d7b02e26657662778b13c3e6b6e4b56fe45d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795431-c7fc-4092-8439-494c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:25.000Z",
|
|
"modified": "2015-12-22T13:46:25.000Z",
|
|
"description": "- Xchecked via VT: 0c9286149e30986233391aa87cca7876",
|
|
"pattern": "[file:hashes.SHA1 = '03f0e0819dea6976170b59e13ab0073dbae24586']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795431-d854-4440-b9a3-4899950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:25.000Z",
|
|
"modified": "2015-12-22T13:46:25.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e1369020605769431561d999fe0d7b02e26657662778b13c3e6b6e4b56fe45d5/analysis/1407186146/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795432-7578-41bd-b09c-4949950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:26.000Z",
|
|
"modified": "2015-12-22T13:46:26.000Z",
|
|
"description": "- Xchecked via VT: 4c91e68ef0985b1ad147ee1dfd49367c",
|
|
"pattern": "[file:hashes.SHA256 = '1d89342671567e6dc8f7734b7f6eff12e11f3695e7144cc312cf749eddf59b35']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795432-2c98-4c0c-9296-418c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:26.000Z",
|
|
"modified": "2015-12-22T13:46:26.000Z",
|
|
"description": "- Xchecked via VT: 4c91e68ef0985b1ad147ee1dfd49367c",
|
|
"pattern": "[file:hashes.SHA1 = '38b00d59c365643626339410afcf0552441fc63b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795432-de98-487c-a01f-4848950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:26.000Z",
|
|
"modified": "2015-12-22T13:46:26.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1d89342671567e6dc8f7734b7f6eff12e11f3695e7144cc312cf749eddf59b35/analysis/1445602506/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795432-7364-4b31-bdb2-4b66950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:26.000Z",
|
|
"modified": "2015-12-22T13:46:26.000Z",
|
|
"description": "- Xchecked via VT: cba3c005f20231257bc5b01e71439f10",
|
|
"pattern": "[file:hashes.SHA256 = 'b8caed31a04eef0f869718046047766aaafeeef7eb572db3a343f7d4a4807180']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795433-bf7c-4679-9789-461d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:27.000Z",
|
|
"modified": "2015-12-22T13:46:27.000Z",
|
|
"description": "- Xchecked via VT: cba3c005f20231257bc5b01e71439f10",
|
|
"pattern": "[file:hashes.SHA1 = '9c7ea6db140ee62c52c65345d2307a050122e9fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795433-5094-4f5f-9cf1-44ba950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:27.000Z",
|
|
"modified": "2015-12-22T13:46:27.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b8caed31a04eef0f869718046047766aaafeeef7eb572db3a343f7d4a4807180/analysis/1445527536/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795433-6368-42b6-80b9-403e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:27.000Z",
|
|
"modified": "2015-12-22T13:46:27.000Z",
|
|
"description": "- Xchecked via VT: b7971cc6b9e8b71279dbfb0d41bf3d8b",
|
|
"pattern": "[file:hashes.SHA256 = 'f7eaa9c07ba83ff2e9b9618cddf20bdbe0c8fe5b1522ca1cd351f19f7eccd5df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795433-7ef0-461f-9a38-4738950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:27.000Z",
|
|
"modified": "2015-12-22T13:46:27.000Z",
|
|
"description": "- Xchecked via VT: b7971cc6b9e8b71279dbfb0d41bf3d8b",
|
|
"pattern": "[file:hashes.SHA1 = '87bc00991ec4eed42b70d424cafec47926d66de6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795434-4298-4be8-a7a6-4fd4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:28.000Z",
|
|
"modified": "2015-12-22T13:46:28.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f7eaa9c07ba83ff2e9b9618cddf20bdbe0c8fe5b1522ca1cd351f19f7eccd5df/analysis/1389401871/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795434-5160-461b-a106-471a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:28.000Z",
|
|
"modified": "2015-12-22T13:46:28.000Z",
|
|
"description": "- Xchecked via VT: 48f9e69bddeced9433a2a01c9254e98f",
|
|
"pattern": "[file:hashes.SHA256 = '39bd6b427503a0de90f0474db638331f7e51b636d46d58c1877f5dc911cf0007']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795434-b0b8-4c78-b193-46f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:28.000Z",
|
|
"modified": "2015-12-22T13:46:28.000Z",
|
|
"description": "- Xchecked via VT: 48f9e69bddeced9433a2a01c9254e98f",
|
|
"pattern": "[file:hashes.SHA1 = '1d49469415a2f21cb37955378e0be27be38f3af4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795435-248c-4abd-8d0a-4d75950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:29.000Z",
|
|
"modified": "2015-12-22T13:46:29.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/39bd6b427503a0de90f0474db638331f7e51b636d46d58c1877f5dc911cf0007/analysis/1413952387/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795435-64d4-40bd-a731-4ba3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:29.000Z",
|
|
"modified": "2015-12-22T13:46:29.000Z",
|
|
"description": "- Xchecked via VT: 10dc90d9477b5fbd25d37eefd254570b",
|
|
"pattern": "[file:hashes.SHA256 = 'c8d8fc78476e38d20fb9e5daa8fd5d385ab6f97ddde461e44dae4eb1074757be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795435-90c0-436b-858c-4de6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:29.000Z",
|
|
"modified": "2015-12-22T13:46:29.000Z",
|
|
"description": "- Xchecked via VT: 10dc90d9477b5fbd25d37eefd254570b",
|
|
"pattern": "[file:hashes.SHA1 = 'd7c0f71018e8783bd22bf2b118e96503caf28397']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795436-d4ac-4184-87f5-4de5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:30.000Z",
|
|
"modified": "2015-12-22T13:46:30.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c8d8fc78476e38d20fb9e5daa8fd5d385ab6f97ddde461e44dae4eb1074757be/analysis/1423809504/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795436-a668-4fcf-a81c-48c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:30.000Z",
|
|
"modified": "2015-12-22T13:46:30.000Z",
|
|
"description": "- Xchecked via VT: 9f92f2f5e8be7031b4597b52dd3f96b3",
|
|
"pattern": "[file:hashes.SHA256 = '3fde7cefdf6fe3695b435b1a1e1a9b2a0453f97a3c82d22f0bf9b7188bd6c424']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795436-ea0c-4e6a-8239-4fa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:30.000Z",
|
|
"modified": "2015-12-22T13:46:30.000Z",
|
|
"description": "- Xchecked via VT: 9f92f2f5e8be7031b4597b52dd3f96b3",
|
|
"pattern": "[file:hashes.SHA1 = 'c816d5fa3ea7ae53368b0058ae4189b408ba3f04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795436-13e8-452d-a7e2-4c4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:30.000Z",
|
|
"modified": "2015-12-22T13:46:30.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3fde7cefdf6fe3695b435b1a1e1a9b2a0453f97a3c82d22f0bf9b7188bd6c424/analysis/1445523107/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795437-7da0-488e-b0b3-47aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:31.000Z",
|
|
"modified": "2015-12-22T13:46:31.000Z",
|
|
"description": "- Xchecked via VT: c6b2674b1a9d39cfc7a61e0e117ca3d4",
|
|
"pattern": "[file:hashes.SHA256 = 'b2caf758b80047d84122f0d78ac8cf4db447ec0d8d14dd345e7e8d7fc904ab7a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795437-80a4-4e42-bf63-4ba1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:31.000Z",
|
|
"modified": "2015-12-22T13:46:31.000Z",
|
|
"description": "- Xchecked via VT: c6b2674b1a9d39cfc7a61e0e117ca3d4",
|
|
"pattern": "[file:hashes.SHA1 = 'd9da73864ffeee832fd2defc93b8fc004da0e7b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795437-4ce8-406c-ad7f-4223950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:31.000Z",
|
|
"modified": "2015-12-22T13:46:31.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b2caf758b80047d84122f0d78ac8cf4db447ec0d8d14dd345e7e8d7fc904ab7a/analysis/1376903815/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795438-67b0-4ed2-a5ab-470e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:32.000Z",
|
|
"modified": "2015-12-22T13:46:32.000Z",
|
|
"description": "- Xchecked via VT: 696c4cce7a972fdd25df7257baff400e",
|
|
"pattern": "[file:hashes.SHA256 = '16e829e21f991da62dad2afb709776a374f9e9c60a556aab4deb2a7cb92bdf6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795438-094c-4e8f-96d8-4327950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:32.000Z",
|
|
"modified": "2015-12-22T13:46:32.000Z",
|
|
"description": "- Xchecked via VT: 696c4cce7a972fdd25df7257baff400e",
|
|
"pattern": "[file:hashes.SHA1 = '62560901ddfdab85fc5537db7ee31a533e34b250']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795438-fc80-4838-aae5-4687950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:32.000Z",
|
|
"modified": "2015-12-22T13:46:32.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/16e829e21f991da62dad2afb709776a374f9e9c60a556aab4deb2a7cb92bdf6e/analysis/1442500525/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795438-a4f0-489e-afa1-496c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:32.000Z",
|
|
"modified": "2015-12-22T13:46:32.000Z",
|
|
"description": "- Xchecked via VT: 6c2ce202702e3ffd23c0380a3e33afa5",
|
|
"pattern": "[file:hashes.SHA256 = 'eef5f61d28f8a00a3bd5cc0a891a539745aafb852a013cf70dd280427c2f54e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795439-df84-4522-866a-4e8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:33.000Z",
|
|
"modified": "2015-12-22T13:46:33.000Z",
|
|
"description": "- Xchecked via VT: 6c2ce202702e3ffd23c0380a3e33afa5",
|
|
"pattern": "[file:hashes.SHA1 = '6b8c453c7ade572c480c72e10b034ad4c97cd6b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795439-c7dc-4178-b4eb-47f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:33.000Z",
|
|
"modified": "2015-12-22T13:46:33.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/eef5f61d28f8a00a3bd5cc0a891a539745aafb852a013cf70dd280427c2f54e0/analysis/1396919678/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795439-82b0-4708-87fb-486d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:33.000Z",
|
|
"modified": "2015-12-22T13:46:33.000Z",
|
|
"description": "- Xchecked via VT: 00048cbac6650e95b7cd270e8a7f4ea2",
|
|
"pattern": "[file:hashes.SHA256 = '8c568ab1b49d398556eb97324923c4b6ebf0c703cbbd15ca3066b9a1e807f2ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543a-0244-4ec0-8726-43a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:34.000Z",
|
|
"modified": "2015-12-22T13:46:34.000Z",
|
|
"description": "- Xchecked via VT: 00048cbac6650e95b7cd270e8a7f4ea2",
|
|
"pattern": "[file:hashes.SHA1 = 'd550f4eac7f9c831501ace7484c827fde18b750e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543a-5bc0-4060-9fba-4ad7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:34.000Z",
|
|
"modified": "2015-12-22T13:46:34.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8c568ab1b49d398556eb97324923c4b6ebf0c703cbbd15ca3066b9a1e807f2ee/analysis/1387535376/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543a-ea54-42bf-8d58-43f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:34.000Z",
|
|
"modified": "2015-12-22T13:46:34.000Z",
|
|
"description": "- Xchecked via VT: 4ef143feaf03dd315aa203cc323602c5",
|
|
"pattern": "[file:hashes.SHA256 = '3bc561d751fbbdf9faca6efe79573b6523a6b98fa205ad61b2c877626285f7d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543a-44fc-4f86-a644-4949950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:34.000Z",
|
|
"modified": "2015-12-22T13:46:34.000Z",
|
|
"description": "- Xchecked via VT: 4ef143feaf03dd315aa203cc323602c5",
|
|
"pattern": "[file:hashes.SHA1 = '5393db8407ea15a49df7ff6e69e5db1370673497']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543b-4164-4ab9-85bc-4e96950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:35.000Z",
|
|
"modified": "2015-12-22T13:46:35.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3bc561d751fbbdf9faca6efe79573b6523a6b98fa205ad61b2c877626285f7d3/analysis/1445783256/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543b-8eac-4a41-a5e3-40a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:35.000Z",
|
|
"modified": "2015-12-22T13:46:35.000Z",
|
|
"description": "- Xchecked via VT: 47c5bdec5415c7ddb2914c6b17c0cfa2",
|
|
"pattern": "[file:hashes.SHA256 = '4f78b13608d5fdd906671e4f20c059bd75fe1075a821e2ddaa4bfcaba091dc93']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543b-3ab8-4342-8b25-4243950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:35.000Z",
|
|
"modified": "2015-12-22T13:46:35.000Z",
|
|
"description": "- Xchecked via VT: 47c5bdec5415c7ddb2914c6b17c0cfa2",
|
|
"pattern": "[file:hashes.SHA1 = 'ba857a075c382003f80043da823ebeaae46fc93d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543c-3984-4960-9970-4b0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:36.000Z",
|
|
"modified": "2015-12-22T13:46:36.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4f78b13608d5fdd906671e4f20c059bd75fe1075a821e2ddaa4bfcaba091dc93/analysis/1415312985/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543c-5578-4581-9412-42d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:36.000Z",
|
|
"modified": "2015-12-22T13:46:36.000Z",
|
|
"description": "- Xchecked via VT: 3fad1569fba1523e72054a31d18ffa59",
|
|
"pattern": "[file:hashes.SHA256 = '1175562cc63367e063ebd6de645705d4aa6630262f51662863f9aa5c1d03a86a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543c-78c4-46e0-a1ab-4edf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:36.000Z",
|
|
"modified": "2015-12-22T13:46:36.000Z",
|
|
"description": "- Xchecked via VT: 3fad1569fba1523e72054a31d18ffa59",
|
|
"pattern": "[file:hashes.SHA1 = 'b5b093fc83f73bac923c379d7a1ee5610a910a93']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543c-7894-4f32-8bba-47a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:36.000Z",
|
|
"modified": "2015-12-22T13:46:36.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1175562cc63367e063ebd6de645705d4aa6630262f51662863f9aa5c1d03a86a/analysis/1446038802/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543d-f0b0-458e-a25c-4599950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:37.000Z",
|
|
"modified": "2015-12-22T13:46:37.000Z",
|
|
"description": "- Xchecked via VT: a5cf2ca6e4a80ddc9274cf7b68af645d",
|
|
"pattern": "[file:hashes.SHA256 = '0fbd6f41d91279ae2cb165bbb2fae20990633b2175b7a375e26ab1109d268723']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543d-a12c-4db7-bdb8-4959950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:37.000Z",
|
|
"modified": "2015-12-22T13:46:37.000Z",
|
|
"description": "- Xchecked via VT: a5cf2ca6e4a80ddc9274cf7b68af645d",
|
|
"pattern": "[file:hashes.SHA1 = '69f30e98853b7384746bec29debe7a84214303c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543d-8844-41d2-8580-43af950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:37.000Z",
|
|
"modified": "2015-12-22T13:46:37.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0fbd6f41d91279ae2cb165bbb2fae20990633b2175b7a375e26ab1109d268723/analysis/1376697572/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543e-0af4-4780-8105-4120950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:38.000Z",
|
|
"modified": "2015-12-22T13:46:38.000Z",
|
|
"description": "- Xchecked via VT: e30c8e146173052eda7993a571446e6a",
|
|
"pattern": "[file:hashes.SHA256 = '7241204e6e319c6a2e1cdab108169ca42022beefefedea81f8f8a141f56f199b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543e-3018-46f2-a51c-4876950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:38.000Z",
|
|
"modified": "2015-12-22T13:46:38.000Z",
|
|
"description": "- Xchecked via VT: e30c8e146173052eda7993a571446e6a",
|
|
"pattern": "[file:hashes.SHA1 = 'dca3b2a77ab88d4d3ef4cddb69c3750fc712d23c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543e-fb00-4306-8828-4e64950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:38.000Z",
|
|
"modified": "2015-12-22T13:46:38.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7241204e6e319c6a2e1cdab108169ca42022beefefedea81f8f8a141f56f199b/analysis/1445746736/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543f-198c-4b50-870b-4d99950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:39.000Z",
|
|
"modified": "2015-12-22T13:46:39.000Z",
|
|
"description": "- Xchecked via VT: 02f778d1712672722a18a37350d819e6",
|
|
"pattern": "[file:hashes.SHA256 = '32416a2ee7e1083b61a87563d905c97af07ae6a6d437e81f93275280679be941']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543f-a5b4-4877-80e8-47c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:39.000Z",
|
|
"modified": "2015-12-22T13:46:39.000Z",
|
|
"description": "- Xchecked via VT: 02f778d1712672722a18a37350d819e6",
|
|
"pattern": "[file:hashes.SHA1 = '4b738410dca37c510abe83dfc43c735e14ff10a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543f-6c50-42b1-89b1-4dfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:39.000Z",
|
|
"modified": "2015-12-22T13:46:39.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/32416a2ee7e1083b61a87563d905c97af07ae6a6d437e81f93275280679be941/analysis/1443022481/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679543f-ca88-4102-9458-4e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:39.000Z",
|
|
"modified": "2015-12-22T13:46:39.000Z",
|
|
"description": "- Xchecked via VT: 0ba0cccd095c25ac796fec9f0950730a",
|
|
"pattern": "[file:hashes.SHA256 = '113d69d9291280f33f9828a876b50d7a7f14f1959af00800522de67d53b097f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795440-1168-4b92-9083-449b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:40.000Z",
|
|
"modified": "2015-12-22T13:46:40.000Z",
|
|
"description": "- Xchecked via VT: 0ba0cccd095c25ac796fec9f0950730a",
|
|
"pattern": "[file:hashes.SHA1 = '766b9903520342ab8a016019e90946b3da0bc31d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795440-ab74-42c4-bc61-450d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:40.000Z",
|
|
"modified": "2015-12-22T13:46:40.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/113d69d9291280f33f9828a876b50d7a7f14f1959af00800522de67d53b097f4/analysis/1429650769/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795440-ded8-4370-b722-4efb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:40.000Z",
|
|
"modified": "2015-12-22T13:46:40.000Z",
|
|
"description": "- Xchecked via VT: 4f287533eac9a5e6ce82fae9e5a5c012",
|
|
"pattern": "[file:hashes.SHA256 = '187b415eb225349bfd1d72ca62ff2c36fe6feb628e7b18dc77beb82f94f015de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795441-b40c-4dff-8c60-4ab9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:41.000Z",
|
|
"modified": "2015-12-22T13:46:41.000Z",
|
|
"description": "- Xchecked via VT: 4f287533eac9a5e6ce82fae9e5a5c012",
|
|
"pattern": "[file:hashes.SHA1 = '865fca91a4da267af69fef3aeabc4cfadbc95bb9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795441-5e34-4f5e-bd79-4ca7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:41.000Z",
|
|
"modified": "2015-12-22T13:46:41.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/187b415eb225349bfd1d72ca62ff2c36fe6feb628e7b18dc77beb82f94f015de/analysis/1377248860/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795441-207c-40fd-b781-41fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:41.000Z",
|
|
"modified": "2015-12-22T13:46:41.000Z",
|
|
"description": "- Xchecked via VT: 2a973ae6b8e0046ef9585b78a90e837e",
|
|
"pattern": "[file:hashes.SHA256 = '6f45ca5d8bb1246d70401da521e9caea146e66f5c4f324fad60f73e8cc21228c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795441-ecbc-4827-a494-4742950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:41.000Z",
|
|
"modified": "2015-12-22T13:46:41.000Z",
|
|
"description": "- Xchecked via VT: 2a973ae6b8e0046ef9585b78a90e837e",
|
|
"pattern": "[file:hashes.SHA1 = 'a4aca016a1aa8e676ece8d1b4a356399b0d91ae8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795442-f344-47e0-a978-4991950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:42.000Z",
|
|
"modified": "2015-12-22T13:46:42.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6f45ca5d8bb1246d70401da521e9caea146e66f5c4f324fad60f73e8cc21228c/analysis/1424095025/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795442-858c-4ecb-9de8-495e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:42.000Z",
|
|
"modified": "2015-12-22T13:46:42.000Z",
|
|
"description": "- Xchecked via VT: e85fc76362c2e9dc7329fddda8acc89e",
|
|
"pattern": "[file:hashes.SHA256 = '23aa514a00838624795a13bcc0b7ff54d462a3cf12c53a00ee877424a180dd81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795442-5c64-4444-9fa1-4a11950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:42.000Z",
|
|
"modified": "2015-12-22T13:46:42.000Z",
|
|
"description": "- Xchecked via VT: e85fc76362c2e9dc7329fddda8acc89e",
|
|
"pattern": "[file:hashes.SHA1 = 'eebf9abe5c8aea61bc083e44089accb5dca36041']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795443-c0dc-4e1e-a2a0-4a94950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:43.000Z",
|
|
"modified": "2015-12-22T13:46:43.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/23aa514a00838624795a13bcc0b7ff54d462a3cf12c53a00ee877424a180dd81/analysis/1425803564/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795443-d268-4c3e-8986-4ce3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:43.000Z",
|
|
"modified": "2015-12-22T13:46:43.000Z",
|
|
"description": "- Xchecked via VT: 90161ff7b3b397983dd924afd33b3cd1",
|
|
"pattern": "[file:hashes.SHA256 = 'e8994de3c73bff34f00243d36542a4b69933b188fe56830a0bf7f76fc69f13be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795443-8d44-4896-926b-49cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:43.000Z",
|
|
"modified": "2015-12-22T13:46:43.000Z",
|
|
"description": "- Xchecked via VT: 90161ff7b3b397983dd924afd33b3cd1",
|
|
"pattern": "[file:hashes.SHA1 = '94231dd0e9909af2e2112ae058084c63d785123b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795444-dd78-4123-8c4a-49d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:44.000Z",
|
|
"modified": "2015-12-22T13:46:44.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e8994de3c73bff34f00243d36542a4b69933b188fe56830a0bf7f76fc69f13be/analysis/1387758592/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795444-4e4c-462a-9cf9-48e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:44.000Z",
|
|
"modified": "2015-12-22T13:46:44.000Z",
|
|
"description": "- Xchecked via VT: 4ada6522a69a7d59b63133a96820f041",
|
|
"pattern": "[file:hashes.SHA256 = '1d775e4477508b67528853e1b054593ae7275c8693a739d89df102c229d7432a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795444-c480-4cc6-bde5-4722950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:44.000Z",
|
|
"modified": "2015-12-22T13:46:44.000Z",
|
|
"description": "- Xchecked via VT: 4ada6522a69a7d59b63133a96820f041",
|
|
"pattern": "[file:hashes.SHA1 = 'dc6c24762d5096ad4f6a6b406961c91dba26d310']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795444-1428-477a-a222-4e76950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:44.000Z",
|
|
"modified": "2015-12-22T13:46:44.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1d775e4477508b67528853e1b054593ae7275c8693a739d89df102c229d7432a/analysis/1421814341/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795445-bc90-40b5-a8f1-4cfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:45.000Z",
|
|
"modified": "2015-12-22T13:46:45.000Z",
|
|
"description": "- Xchecked via VT: 7273a48b8384cba86da22f032be4f5a1",
|
|
"pattern": "[file:hashes.SHA256 = '46b56bb8b2b9a0ef461ae2e84a4ee780be49acf1a5ffcfe5a3c00df5079d8eaf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795445-7048-4c03-81b0-44dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:45.000Z",
|
|
"modified": "2015-12-22T13:46:45.000Z",
|
|
"description": "- Xchecked via VT: 7273a48b8384cba86da22f032be4f5a1",
|
|
"pattern": "[file:hashes.SHA1 = 'f74af9a472886e8ccdce4e98d40035677034e87f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795445-89ec-4e5c-a528-4c5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:45.000Z",
|
|
"modified": "2015-12-22T13:46:45.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/46b56bb8b2b9a0ef461ae2e84a4ee780be49acf1a5ffcfe5a3c00df5079d8eaf/analysis/1443244240/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795446-bcec-4697-aa94-4e0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:46.000Z",
|
|
"modified": "2015-12-22T13:46:46.000Z",
|
|
"description": "- Xchecked via VT: 73712259eecbe59245b03f6d8dbdd402",
|
|
"pattern": "[file:hashes.SHA256 = '564e600966679de9b7bc501b3dd33e991bb421b7810a4f1948e6aa0bb9c16c80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795446-1ed0-414f-9a23-4868950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:46.000Z",
|
|
"modified": "2015-12-22T13:46:46.000Z",
|
|
"description": "- Xchecked via VT: 73712259eecbe59245b03f6d8dbdd402",
|
|
"pattern": "[file:hashes.SHA1 = '19775693b172b09ad1abfc35140643e413797aa8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795446-e1f8-4226-a4ee-4f56950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:46.000Z",
|
|
"modified": "2015-12-22T13:46:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/564e600966679de9b7bc501b3dd33e991bb421b7810a4f1948e6aa0bb9c16c80/analysis/1389408439/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795447-c494-4de8-b3d2-47ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:47.000Z",
|
|
"modified": "2015-12-22T13:46:47.000Z",
|
|
"description": "- Xchecked via VT: 5fb934c41c05d855305a6a5386200ea2",
|
|
"pattern": "[file:hashes.SHA256 = '1f694397087af364f0a99029facd6dd9b8f93ca00528289d0e10cdcc2988789f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795447-4254-49aa-9cf0-4bb4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:47.000Z",
|
|
"modified": "2015-12-22T13:46:47.000Z",
|
|
"description": "- Xchecked via VT: 5fb934c41c05d855305a6a5386200ea2",
|
|
"pattern": "[file:hashes.SHA1 = '82c5896a093208ab27d0caaec0dd9d27748b0b03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795447-935c-4062-b3e5-4528950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:47.000Z",
|
|
"modified": "2015-12-22T13:46:47.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1f694397087af364f0a99029facd6dd9b8f93ca00528289d0e10cdcc2988789f/analysis/1410586122/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795447-4704-475c-926c-4e03950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:47.000Z",
|
|
"modified": "2015-12-22T13:46:47.000Z",
|
|
"description": "- Xchecked via VT: 4d2c7fc6cad64adea1aaed0dfadd39a7",
|
|
"pattern": "[file:hashes.SHA256 = '3c7d0312a38c117f1fdca8cb1a20f374e42e903e70cf53467e5db9f14556cbb0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795448-b8b4-46b1-8134-4c24950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:48.000Z",
|
|
"modified": "2015-12-22T13:46:48.000Z",
|
|
"description": "- Xchecked via VT: 4d2c7fc6cad64adea1aaed0dfadd39a7",
|
|
"pattern": "[file:hashes.SHA1 = '0bbdb4e47584d4a0518815a3788f5ab344dc37fd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795448-0f84-4f58-95ae-45a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:48.000Z",
|
|
"modified": "2015-12-22T13:46:48.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3c7d0312a38c117f1fdca8cb1a20f374e42e903e70cf53467e5db9f14556cbb0/analysis/1445919302/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795448-265c-406b-947e-4b3d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:48.000Z",
|
|
"modified": "2015-12-22T13:46:48.000Z",
|
|
"description": "- Xchecked via VT: fadd3121f787174e39c20c358838d0b5",
|
|
"pattern": "[file:hashes.SHA256 = 'b8233f3eb770d43420ca2bffb19094a9978f0e9e84a379e03648440a9e26cb23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795449-c4a0-4cce-aef5-4b87950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:49.000Z",
|
|
"modified": "2015-12-22T13:46:49.000Z",
|
|
"description": "- Xchecked via VT: fadd3121f787174e39c20c358838d0b5",
|
|
"pattern": "[file:hashes.SHA1 = '23637d70605290be6498159b994af43804d08235']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795449-5514-4806-ba00-47b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:49.000Z",
|
|
"modified": "2015-12-22T13:46:49.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b8233f3eb770d43420ca2bffb19094a9978f0e9e84a379e03648440a9e26cb23/analysis/1445546756/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795449-91fc-40f8-8e61-49a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:49.000Z",
|
|
"modified": "2015-12-22T13:46:49.000Z",
|
|
"description": "- Xchecked via VT: 17dcf0e20b0ba6628066aafe70220ab1",
|
|
"pattern": "[file:hashes.SHA256 = '3c56ba74256bee8a2808e3e575b26b1a9a02bc92f503de273cb1c369bf370f03']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795449-c654-4702-8d4f-4947950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:49.000Z",
|
|
"modified": "2015-12-22T13:46:49.000Z",
|
|
"description": "- Xchecked via VT: 17dcf0e20b0ba6628066aafe70220ab1",
|
|
"pattern": "[file:hashes.SHA1 = 'e043d264538577d3663d1b1d4a90b04b79458c70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544a-5b14-421e-a28c-4466950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:50.000Z",
|
|
"modified": "2015-12-22T13:46:50.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3c56ba74256bee8a2808e3e575b26b1a9a02bc92f503de273cb1c369bf370f03/analysis/1445887594/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544a-0088-4bad-af72-427a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:50.000Z",
|
|
"modified": "2015-12-22T13:46:50.000Z",
|
|
"description": "- Xchecked via VT: e7afcad0aa38ceaa100b68f6558351a4",
|
|
"pattern": "[file:hashes.SHA256 = '4a8917161b644024fdb3d37f4a52b4fffbfd50a55e713ffe3bd746ff39b39079']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544a-fa34-4c04-9095-4868950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:50.000Z",
|
|
"modified": "2015-12-22T13:46:50.000Z",
|
|
"description": "- Xchecked via VT: e7afcad0aa38ceaa100b68f6558351a4",
|
|
"pattern": "[file:hashes.SHA1 = 'e645665ca99f95df73c9c0fe83386d86e52f9de4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544b-9980-44f6-981a-4094950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:51.000Z",
|
|
"modified": "2015-12-22T13:46:51.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4a8917161b644024fdb3d37f4a52b4fffbfd50a55e713ffe3bd746ff39b39079/analysis/1410109841/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544b-2748-44cf-9999-4c88950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:51.000Z",
|
|
"modified": "2015-12-22T13:46:51.000Z",
|
|
"description": "- Xchecked via VT: a8361240ccfbefed889fe911a3b5ebe8",
|
|
"pattern": "[file:hashes.SHA256 = 'c568a72659631f989ddd6c06e198404bf467a57c38e92ed9bbf8dc79a1b6a557']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544b-03e0-4f51-a90e-4422950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:51.000Z",
|
|
"modified": "2015-12-22T13:46:51.000Z",
|
|
"description": "- Xchecked via VT: a8361240ccfbefed889fe911a3b5ebe8",
|
|
"pattern": "[file:hashes.SHA1 = '0b034aee7c967e0724841371c26eb093c19592f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544b-2284-41f1-8ada-4cab950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:51.000Z",
|
|
"modified": "2015-12-22T13:46:51.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c568a72659631f989ddd6c06e198404bf467a57c38e92ed9bbf8dc79a1b6a557/analysis/1445778754/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544c-98fc-4b20-bbdf-40d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:52.000Z",
|
|
"modified": "2015-12-22T13:46:52.000Z",
|
|
"description": "- Xchecked via VT: 3a682230e72ed0bb8a1e4bdb9fe8c633",
|
|
"pattern": "[file:hashes.SHA256 = '2014b8e7d9bf2f0921000ac6089f70488f508c54ff6987e278bc82ecf25927ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544c-0e18-407a-bcbd-4e91950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:52.000Z",
|
|
"modified": "2015-12-22T13:46:52.000Z",
|
|
"description": "- Xchecked via VT: 3a682230e72ed0bb8a1e4bdb9fe8c633",
|
|
"pattern": "[file:hashes.SHA1 = '2ae32aa99aa6f9e1b0c74e55a401a0ea6ebae7d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544c-6bd8-4c30-ba60-4dc3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:52.000Z",
|
|
"modified": "2015-12-22T13:46:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2014b8e7d9bf2f0921000ac6089f70488f508c54ff6987e278bc82ecf25927ee/analysis/1445598630/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544d-688c-451e-85cc-4f2a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:53.000Z",
|
|
"modified": "2015-12-22T13:46:53.000Z",
|
|
"description": "- Xchecked via VT: f9240c8607db3563502b1df1be12839c",
|
|
"pattern": "[file:hashes.SHA256 = '2e2957aa57cc6740d764844d7040167358b35f53f178342344a14de6cc58bd42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544d-c3a0-4866-9a76-40e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:53.000Z",
|
|
"modified": "2015-12-22T13:46:53.000Z",
|
|
"description": "- Xchecked via VT: f9240c8607db3563502b1df1be12839c",
|
|
"pattern": "[file:hashes.SHA1 = '28d5eedc96efc43857f28ec2f0c3816a39e6d579']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544d-9d70-43f3-8898-4971950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:53.000Z",
|
|
"modified": "2015-12-22T13:46:53.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2e2957aa57cc6740d764844d7040167358b35f53f178342344a14de6cc58bd42/analysis/1396857109/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544e-5e48-4b2f-bb1d-4092950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:54.000Z",
|
|
"modified": "2015-12-22T13:46:54.000Z",
|
|
"description": "- Xchecked via VT: 8671638f370fcb5da193ed709410f784",
|
|
"pattern": "[file:hashes.SHA256 = 'a7bd5ea256aa6d2ac60a29781d54e637ecc158bc082e8bd08fdc8b9920df2c9f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544e-1d54-445b-b20f-4457950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:54.000Z",
|
|
"modified": "2015-12-22T13:46:54.000Z",
|
|
"description": "- Xchecked via VT: 8671638f370fcb5da193ed709410f784",
|
|
"pattern": "[file:hashes.SHA1 = 'd26df6f4e394e1c2bdd4070ddfedbe347a2763a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544e-8910-43f9-98b1-4099950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:54.000Z",
|
|
"modified": "2015-12-22T13:46:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a7bd5ea256aa6d2ac60a29781d54e637ecc158bc082e8bd08fdc8b9920df2c9f/analysis/1384282464/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544e-f5e0-4397-ae5e-48e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:54.000Z",
|
|
"modified": "2015-12-22T13:46:54.000Z",
|
|
"description": "- Xchecked via VT: 866f540648213132472a49ccdde080b6",
|
|
"pattern": "[file:hashes.SHA256 = '20c069fcce58467f3cf407db7585641cf236347f4eccf291604006121cd21796']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544f-9938-49cf-9d45-49c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:55.000Z",
|
|
"modified": "2015-12-22T13:46:55.000Z",
|
|
"description": "- Xchecked via VT: 866f540648213132472a49ccdde080b6",
|
|
"pattern": "[file:hashes.SHA1 = '2f993c75295e3e9ecdd187b9828e6bff3b74c18b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544f-6810-4da8-aaf4-44e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:55.000Z",
|
|
"modified": "2015-12-22T13:46:55.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/20c069fcce58467f3cf407db7585641cf236347f4eccf291604006121cd21796/analysis/1445745344/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679544f-79f8-456f-b096-4f3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:55.000Z",
|
|
"modified": "2015-12-22T13:46:55.000Z",
|
|
"description": "- Xchecked via VT: 93a0f87452a72dc23e6baa4783204037",
|
|
"pattern": "[file:hashes.SHA256 = 'bc4de5eff1b9a37a34543e1daee4ac98a26764d8571f301fb8507c5702f81d12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795450-bef4-4be2-9609-4f34950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:56.000Z",
|
|
"modified": "2015-12-22T13:46:56.000Z",
|
|
"description": "- Xchecked via VT: 93a0f87452a72dc23e6baa4783204037",
|
|
"pattern": "[file:hashes.SHA1 = '750c8aef8e8fb8e082259e0e6ba2400957792c73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795450-6b88-4be1-a5ca-4763950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:56.000Z",
|
|
"modified": "2015-12-22T13:46:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bc4de5eff1b9a37a34543e1daee4ac98a26764d8571f301fb8507c5702f81d12/analysis/1410172393/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795450-f8c4-434d-91bb-46d2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:56.000Z",
|
|
"modified": "2015-12-22T13:46:56.000Z",
|
|
"description": "- Xchecked via VT: 2da1270af6c4b4f416d92dc2a6085d30",
|
|
"pattern": "[file:hashes.SHA256 = '56c4b885bfd522d04e850bf18dc20bb6f6a248e19bbefa78b6278ff4cbc9bc8a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795450-7188-4576-b8da-448f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:56.000Z",
|
|
"modified": "2015-12-22T13:46:56.000Z",
|
|
"description": "- Xchecked via VT: 2da1270af6c4b4f416d92dc2a6085d30",
|
|
"pattern": "[file:hashes.SHA1 = '8e4d5582c653dad85520da0e2fd6fec3ff762db6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795451-dcf0-4e37-9b9a-4e50950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:57.000Z",
|
|
"modified": "2015-12-22T13:46:57.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/56c4b885bfd522d04e850bf18dc20bb6f6a248e19bbefa78b6278ff4cbc9bc8a/analysis/1443356345/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795451-5860-469f-bbc8-41db950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:57.000Z",
|
|
"modified": "2015-12-22T13:46:57.000Z",
|
|
"description": "- Xchecked via VT: d4f4ae3286c3f6a3021827c9b628cbf2",
|
|
"pattern": "[file:hashes.SHA256 = '2e8678b406c268b4fca8dfe0b0e38e5a64ad2e7f2c2f095ffcc556fa706a4384']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795451-e458-4267-ae70-4f05950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:57.000Z",
|
|
"modified": "2015-12-22T13:46:57.000Z",
|
|
"description": "- Xchecked via VT: d4f4ae3286c3f6a3021827c9b628cbf2",
|
|
"pattern": "[file:hashes.SHA1 = '4e8ee25c4566986ccb147954a2755a7901671f49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795452-49cc-4cbb-a926-4d91950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:58.000Z",
|
|
"modified": "2015-12-22T13:46:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2e8678b406c268b4fca8dfe0b0e38e5a64ad2e7f2c2f095ffcc556fa706a4384/analysis/1379364414/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795452-307c-48eb-a668-43f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:58.000Z",
|
|
"modified": "2015-12-22T13:46:58.000Z",
|
|
"description": "- Xchecked via VT: 6c39cd8b0ce9e8901dc4f3ac871b4f7b",
|
|
"pattern": "[file:hashes.SHA256 = 'af875cbff59f4b9c89da3b9b357966a16666d09641040916e0e8bcb7201d0044']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795452-3c18-44a6-af2a-4123950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:58.000Z",
|
|
"modified": "2015-12-22T13:46:58.000Z",
|
|
"description": "- Xchecked via VT: 6c39cd8b0ce9e8901dc4f3ac871b4f7b",
|
|
"pattern": "[file:hashes.SHA1 = 'ec5876c66d8ed11046542bb4a4eb45dd5715fa74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795452-b2e8-4f40-bab6-4d28950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:58.000Z",
|
|
"modified": "2015-12-22T13:46:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/af875cbff59f4b9c89da3b9b357966a16666d09641040916e0e8bcb7201d0044/analysis/1410130846/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795453-a0c4-40aa-8c73-445e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:59.000Z",
|
|
"modified": "2015-12-22T13:46:59.000Z",
|
|
"description": "- Xchecked via VT: 96414fb7b881a9a6b59f0f4f9d5ad7ed",
|
|
"pattern": "[file:hashes.SHA256 = '01eb11192836114d4da4faee18a800d39feb3bc75c8f95090af37e07a739e3ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795453-ebf0-4288-abcf-48de950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:59.000Z",
|
|
"modified": "2015-12-22T13:46:59.000Z",
|
|
"description": "- Xchecked via VT: 96414fb7b881a9a6b59f0f4f9d5ad7ed",
|
|
"pattern": "[file:hashes.SHA1 = '7c4c704253690665a78d3b75954271688d33742d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795453-6410-4c33-a7d5-4c4b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:46:59.000Z",
|
|
"modified": "2015-12-22T13:46:59.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/01eb11192836114d4da4faee18a800d39feb3bc75c8f95090af37e07a739e3ac/analysis/1445897429/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:46:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795454-9f78-4cd1-a51c-413b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:00.000Z",
|
|
"modified": "2015-12-22T13:47:00.000Z",
|
|
"description": "- Xchecked via VT: 50691c311758b6b41a7ffa5e7059e423",
|
|
"pattern": "[file:hashes.SHA256 = '8cc763d67f9a3ebf91136f87a19efb2b2264738a8c091a909679668efcb595bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795454-0488-4e50-bcc7-4036950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:00.000Z",
|
|
"modified": "2015-12-22T13:47:00.000Z",
|
|
"description": "- Xchecked via VT: 50691c311758b6b41a7ffa5e7059e423",
|
|
"pattern": "[file:hashes.SHA1 = '6105793ae6d67f58b4f2a982ba2b7fdf367a04b2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795454-4460-48e8-8a3c-4650950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:00.000Z",
|
|
"modified": "2015-12-22T13:47:00.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8cc763d67f9a3ebf91136f87a19efb2b2264738a8c091a909679668efcb595bd/analysis/1378586324/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795455-0b34-4c68-b6a2-46e7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:01.000Z",
|
|
"modified": "2015-12-22T13:47:01.000Z",
|
|
"description": "- Xchecked via VT: a2368132d9c4253346545a0a571e1e36",
|
|
"pattern": "[file:hashes.SHA256 = '8979e7b4dce43c86c0f2cfc943fceb674713da822fb3984099731ef05307cd18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795455-d3a8-456f-878f-45ab950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:01.000Z",
|
|
"modified": "2015-12-22T13:47:01.000Z",
|
|
"description": "- Xchecked via VT: a2368132d9c4253346545a0a571e1e36",
|
|
"pattern": "[file:hashes.SHA1 = 'd274ebb196a0021df03b74463c70e591c8b8e98e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795455-acc4-4a3e-b3fa-4f4f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:01.000Z",
|
|
"modified": "2015-12-22T13:47:01.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8979e7b4dce43c86c0f2cfc943fceb674713da822fb3984099731ef05307cd18/analysis/1443276819/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795455-37a8-473f-8b8b-4574950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:01.000Z",
|
|
"modified": "2015-12-22T13:47:01.000Z",
|
|
"description": "- Xchecked via VT: 4948a0e1bec9d99308ba812aaf449c61",
|
|
"pattern": "[file:hashes.SHA256 = '1df376956e29c1cf5be8b26a227d99a0db6b2b0a225aa9c547b86aa31a094514']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795456-4f44-4d33-a5db-4145950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:02.000Z",
|
|
"modified": "2015-12-22T13:47:02.000Z",
|
|
"description": "- Xchecked via VT: 4948a0e1bec9d99308ba812aaf449c61",
|
|
"pattern": "[file:hashes.SHA1 = 'b9de190d9914cb3efcc08929af3e061ec26eda77']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795456-8340-4232-b717-42b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:02.000Z",
|
|
"modified": "2015-12-22T13:47:02.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1df376956e29c1cf5be8b26a227d99a0db6b2b0a225aa9c547b86aa31a094514/analysis/1376182909/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795456-56e4-4a76-bba1-41de950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:02.000Z",
|
|
"modified": "2015-12-22T13:47:02.000Z",
|
|
"description": "- Xchecked via VT: f785daae9c9f544ce91100c39640bd68",
|
|
"pattern": "[file:hashes.SHA256 = '2d6da847e008818bf8d854c5849c5c0250294ad4f8cc6c23191c396590320152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795457-d434-4b89-b9a5-4bc2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:03.000Z",
|
|
"modified": "2015-12-22T13:47:03.000Z",
|
|
"description": "- Xchecked via VT: f785daae9c9f544ce91100c39640bd68",
|
|
"pattern": "[file:hashes.SHA1 = '4474ef71cc1aef876ac679cb54037c0fe3dc948a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795457-60d0-4eae-83af-4f74950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:03.000Z",
|
|
"modified": "2015-12-22T13:47:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2d6da847e008818bf8d854c5849c5c0250294ad4f8cc6c23191c396590320152/analysis/1410136018/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795457-33a4-4feb-8ba7-4c7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:03.000Z",
|
|
"modified": "2015-12-22T13:47:03.000Z",
|
|
"description": "- Xchecked via VT: 0e95086162a9114c4288e155cebe88e2",
|
|
"pattern": "[file:hashes.SHA256 = '8b1d0f8ab3f149ad2a9a4a63f40951133e06019ac3cfa4aeddc7b885275d7fe8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795457-1684-4bec-a07a-4011950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:03.000Z",
|
|
"modified": "2015-12-22T13:47:03.000Z",
|
|
"description": "- Xchecked via VT: 0e95086162a9114c4288e155cebe88e2",
|
|
"pattern": "[file:hashes.SHA1 = '229d12b8fd911c057f0de1478943018f9a25790f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795458-8434-4edd-9298-4b2e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:04.000Z",
|
|
"modified": "2015-12-22T13:47:04.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8b1d0f8ab3f149ad2a9a4a63f40951133e06019ac3cfa4aeddc7b885275d7fe8/analysis/1382246780/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795458-7734-48b3-9ef7-4bab950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:04.000Z",
|
|
"modified": "2015-12-22T13:47:04.000Z",
|
|
"description": "- Xchecked via VT: 4b51ad281aeede3e97efcf47bf4e6c61",
|
|
"pattern": "[file:hashes.SHA256 = '152f784291293a9f6090463b7ecaa3d3d3da55d7e28199f912d3703715d5c761']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795458-c0fc-4c9d-9d91-479b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:04.000Z",
|
|
"modified": "2015-12-22T13:47:04.000Z",
|
|
"description": "- Xchecked via VT: 4b51ad281aeede3e97efcf47bf4e6c61",
|
|
"pattern": "[file:hashes.SHA1 = '99944dac904532156ed44017e76260abaa491f85']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795459-813c-4c4f-ba5e-483f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:05.000Z",
|
|
"modified": "2015-12-22T13:47:05.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/152f784291293a9f6090463b7ecaa3d3d3da55d7e28199f912d3703715d5c761/analysis/1395854415/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795459-247c-4114-b80a-44ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:05.000Z",
|
|
"modified": "2015-12-22T13:47:05.000Z",
|
|
"description": "- Xchecked via VT: 53448a2a71dd3d72fb5dad2ee523d472",
|
|
"pattern": "[file:hashes.SHA256 = '6117a5183b914ce38584aeb978c98fe8a09f8664f9a2e1cae57cd3218a88318c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795459-74bc-4f7a-826a-4114950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:05.000Z",
|
|
"modified": "2015-12-22T13:47:05.000Z",
|
|
"description": "- Xchecked via VT: 53448a2a71dd3d72fb5dad2ee523d472",
|
|
"pattern": "[file:hashes.SHA1 = '39ac75057848c07faeb1b5ca955ddf021aca41eb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545a-607c-40fc-8634-457b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:05.000Z",
|
|
"modified": "2015-12-22T13:47:05.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6117a5183b914ce38584aeb978c98fe8a09f8664f9a2e1cae57cd3218a88318c/analysis/1410110616/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545a-8e04-4269-950e-4d8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:06.000Z",
|
|
"modified": "2015-12-22T13:47:06.000Z",
|
|
"description": "- Xchecked via VT: e00837fee3bb069ee1882850fb368da5",
|
|
"pattern": "[file:hashes.SHA256 = 'fd996fa698a0e8392e3444253ab2390654defb0fd900713a115908920a63de22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545a-abd8-4968-8831-4e1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:06.000Z",
|
|
"modified": "2015-12-22T13:47:06.000Z",
|
|
"description": "- Xchecked via VT: e00837fee3bb069ee1882850fb368da5",
|
|
"pattern": "[file:hashes.SHA1 = 'f7c6eea6672dd1b1d9eed63bc225a2c542a4b5d1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545a-eaf0-4af6-8715-409f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:06.000Z",
|
|
"modified": "2015-12-22T13:47:06.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fd996fa698a0e8392e3444253ab2390654defb0fd900713a115908920a63de22/analysis/1389828923/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545b-797c-4460-8878-4edd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:07.000Z",
|
|
"modified": "2015-12-22T13:47:07.000Z",
|
|
"description": "- Xchecked via VT: 4e2cbe3a10a337b9d8f6e1b277e1f5ea",
|
|
"pattern": "[file:hashes.SHA256 = 'a60e556ae39761b795cbbef2dd7c97b331edd2309d6e72021be37e5e52e28bdd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545b-f68c-4762-b15e-4ddc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:07.000Z",
|
|
"modified": "2015-12-22T13:47:07.000Z",
|
|
"description": "- Xchecked via VT: 4e2cbe3a10a337b9d8f6e1b277e1f5ea",
|
|
"pattern": "[file:hashes.SHA1 = 'd8950f0da008e8344a74ecdc241e047246a35e1d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545b-2d8c-4902-ae48-4533950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:07.000Z",
|
|
"modified": "2015-12-22T13:47:07.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a60e556ae39761b795cbbef2dd7c97b331edd2309d6e72021be37e5e52e28bdd/analysis/1445907985/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545c-95ec-4a88-ab6a-4839950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:08.000Z",
|
|
"modified": "2015-12-22T13:47:08.000Z",
|
|
"description": "- Xchecked via VT: 20796c0ee725d14db505163769131e51",
|
|
"pattern": "[file:hashes.SHA256 = '0b4d74325df2a5bad28f42ef304e6e1840a35e0a11ea492e7f343f93e2da94ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545c-d7f8-48f0-836e-4647950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:08.000Z",
|
|
"modified": "2015-12-22T13:47:08.000Z",
|
|
"description": "- Xchecked via VT: 20796c0ee725d14db505163769131e51",
|
|
"pattern": "[file:hashes.SHA1 = '5f496aec73128ec31ea18c057b6ff0a8efcf197b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545c-a320-4be9-8e54-4bc7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:08.000Z",
|
|
"modified": "2015-12-22T13:47:08.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0b4d74325df2a5bad28f42ef304e6e1840a35e0a11ea492e7f343f93e2da94ba/analysis/1443097119/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545c-495c-41b3-983e-493f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:08.000Z",
|
|
"modified": "2015-12-22T13:47:08.000Z",
|
|
"description": "- Xchecked via VT: 51a3c0cbf6cd201396dcf2f5f3612af7",
|
|
"pattern": "[file:hashes.SHA256 = '2dd052aa34a4c93dd83fcdabc5b91f6783bcbc3cbb9bcb3f40f24aca3f4b4301']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545d-64a8-4a86-b735-4362950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:09.000Z",
|
|
"modified": "2015-12-22T13:47:09.000Z",
|
|
"description": "- Xchecked via VT: 51a3c0cbf6cd201396dcf2f5f3612af7",
|
|
"pattern": "[file:hashes.SHA1 = 'c21234e5621550fcac9dd88a73b65ff9551db50f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545d-8090-4666-9313-4695950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:09.000Z",
|
|
"modified": "2015-12-22T13:47:09.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2dd052aa34a4c93dd83fcdabc5b91f6783bcbc3cbb9bcb3f40f24aca3f4b4301/analysis/1447451463/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545d-7598-43eb-bc60-4767950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:09.000Z",
|
|
"modified": "2015-12-22T13:47:09.000Z",
|
|
"description": "- Xchecked via VT: af1429f76903666829266a90386c6bfd",
|
|
"pattern": "[file:hashes.SHA256 = '318b2879ece3468d2796d716e255bcd2e083ae0d740149391479224526c4bd05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545e-331c-4a9b-9b8a-40cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:10.000Z",
|
|
"modified": "2015-12-22T13:47:10.000Z",
|
|
"description": "- Xchecked via VT: af1429f76903666829266a90386c6bfd",
|
|
"pattern": "[file:hashes.SHA1 = 'a396a38c925312b3d4cea05d984b71d544a11fff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545e-4904-4567-a55f-484c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:10.000Z",
|
|
"modified": "2015-12-22T13:47:10.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/318b2879ece3468d2796d716e255bcd2e083ae0d740149391479224526c4bd05/analysis/1410354805/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545e-2d5c-4756-827a-4f06950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:10.000Z",
|
|
"modified": "2015-12-22T13:47:10.000Z",
|
|
"description": "- Xchecked via VT: c62ccea3662152551c45deea728a4c2f",
|
|
"pattern": "[file:hashes.SHA256 = 'ad368ce6649ea090dfe78a80f7cb66756bdde7bbb6d03a65ad34c62adc744894']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545f-79cc-4225-a11c-4abf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:11.000Z",
|
|
"modified": "2015-12-22T13:47:11.000Z",
|
|
"description": "- Xchecked via VT: c62ccea3662152551c45deea728a4c2f",
|
|
"pattern": "[file:hashes.SHA1 = 'b8b38eb44b0ebd22b26a8938889608ca46b2f07b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545f-1efc-425c-b299-4103950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:11.000Z",
|
|
"modified": "2015-12-22T13:47:11.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ad368ce6649ea090dfe78a80f7cb66756bdde7bbb6d03a65ad34c62adc744894/analysis/1445590171/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545f-e9e8-4c0c-8b40-421e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:11.000Z",
|
|
"modified": "2015-12-22T13:47:11.000Z",
|
|
"description": "- Xchecked via VT: f38c19a8e9f9098b7861c7e279b8b082",
|
|
"pattern": "[file:hashes.SHA256 = 'e1001c35f6835ee655ccc84f1f287eab21b64f996f2e6c3b318bf3b3cf8e3dec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679545f-34cc-4629-bec7-4591950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:11.000Z",
|
|
"modified": "2015-12-22T13:47:11.000Z",
|
|
"description": "- Xchecked via VT: f38c19a8e9f9098b7861c7e279b8b082",
|
|
"pattern": "[file:hashes.SHA1 = 'd8ae61a93c1d67d6e5c73a5e6452250555b5d52e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795460-2f78-48a9-a2bf-46a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:12.000Z",
|
|
"modified": "2015-12-22T13:47:12.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e1001c35f6835ee655ccc84f1f287eab21b64f996f2e6c3b318bf3b3cf8e3dec/analysis/1381065294/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795460-7050-4fcc-bfcb-4693950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:12.000Z",
|
|
"modified": "2015-12-22T13:47:12.000Z",
|
|
"description": "- Xchecked via VT: 7d0ce774b30cb2a79a1409d07d874774",
|
|
"pattern": "[file:hashes.SHA256 = 'b00897c79c8d3243f84e957ca957d5faa72db2ae05900811ac0cfa80b51cca0a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795460-5ab0-483a-94cf-4d07950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:12.000Z",
|
|
"modified": "2015-12-22T13:47:12.000Z",
|
|
"description": "- Xchecked via VT: 7d0ce774b30cb2a79a1409d07d874774",
|
|
"pattern": "[file:hashes.SHA1 = 'a5ef56149f6769890e2fbcd208809851017b1a92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795461-d418-4ced-a7be-4971950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:13.000Z",
|
|
"modified": "2015-12-22T13:47:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b00897c79c8d3243f84e957ca957d5faa72db2ae05900811ac0cfa80b51cca0a/analysis/1445590752/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795461-8a10-4f2a-8074-4588950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:13.000Z",
|
|
"modified": "2015-12-22T13:47:13.000Z",
|
|
"description": "- Xchecked via VT: 101702f7acfc44223b82def5a1ef4d05",
|
|
"pattern": "[file:hashes.SHA256 = '32755e86dad6613fcccd89bbc9134d5ef0445495ccf72e84fa783268bb5bb872']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795461-b95c-4208-a66c-45f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:13.000Z",
|
|
"modified": "2015-12-22T13:47:13.000Z",
|
|
"description": "- Xchecked via VT: 101702f7acfc44223b82def5a1ef4d05",
|
|
"pattern": "[file:hashes.SHA1 = 'f9d03d2f29eca86cff2309b04ebc870ce4d2de8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795461-2aec-4474-8806-4ac6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:13.000Z",
|
|
"modified": "2015-12-22T13:47:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/32755e86dad6613fcccd89bbc9134d5ef0445495ccf72e84fa783268bb5bb872/analysis/1379279442/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795462-59bc-4f4c-b547-466b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:14.000Z",
|
|
"modified": "2015-12-22T13:47:14.000Z",
|
|
"description": "- Xchecked via VT: 2ddadf338a58337d51c70f2b3105a5b2",
|
|
"pattern": "[file:hashes.SHA256 = 'eccdcf3018924303474d0ff371ec0491698fc4b1ae0c42a85be1c43dc9eeb51e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795462-b0bc-436a-8bf0-4260950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:14.000Z",
|
|
"modified": "2015-12-22T13:47:14.000Z",
|
|
"description": "- Xchecked via VT: 2ddadf338a58337d51c70f2b3105a5b2",
|
|
"pattern": "[file:hashes.SHA1 = '904b193d8a7051c0cd7313cb96167b50a6f5554d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795462-9f1c-4633-9c4c-43d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:14.000Z",
|
|
"modified": "2015-12-22T13:47:14.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/eccdcf3018924303474d0ff371ec0491698fc4b1ae0c42a85be1c43dc9eeb51e/analysis/1396837587/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795463-c62c-4b5b-86a9-460d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:15.000Z",
|
|
"modified": "2015-12-22T13:47:15.000Z",
|
|
"description": "- Xchecked via VT: 20f1b997e321a9e971c4955d866a4dc5",
|
|
"pattern": "[file:hashes.SHA256 = 'ce07e56ee8be6a14fbe45f0522bc46072ae767e5741bddbbc9f16f3a0cc25757']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795463-cad0-4c51-9b5d-4c61950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:15.000Z",
|
|
"modified": "2015-12-22T13:47:15.000Z",
|
|
"description": "- Xchecked via VT: 20f1b997e321a9e971c4955d866a4dc5",
|
|
"pattern": "[file:hashes.SHA1 = 'b0b5652771a32b14dedf0c3f300b395246e981d2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795463-9cac-4dc6-b4fb-43d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:15.000Z",
|
|
"modified": "2015-12-22T13:47:15.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ce07e56ee8be6a14fbe45f0522bc46072ae767e5741bddbbc9f16f3a0cc25757/analysis/1396383607/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795464-4308-40a6-bdd1-4aa6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:16.000Z",
|
|
"modified": "2015-12-22T13:47:16.000Z",
|
|
"description": "- Xchecked via VT: c21d7165b25caf65d7f92ff758c1b5b1",
|
|
"pattern": "[file:hashes.SHA256 = '1a5a7b9084815f86fd91e9f3a829c3c929ffa1d6d3b4a038064472aa6ff5baad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795464-4750-4068-aa0f-4cf3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:16.000Z",
|
|
"modified": "2015-12-22T13:47:16.000Z",
|
|
"description": "- Xchecked via VT: c21d7165b25caf65d7f92ff758c1b5b1",
|
|
"pattern": "[file:hashes.SHA1 = '966524e1c6efd9817b74d77fef8a9435bb5212ce']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795464-35b8-4f85-b7ad-4723950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:16.000Z",
|
|
"modified": "2015-12-22T13:47:16.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1a5a7b9084815f86fd91e9f3a829c3c929ffa1d6d3b4a038064472aa6ff5baad/analysis/1352777696/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795464-52e4-4b0d-a2f2-4e5a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:16.000Z",
|
|
"modified": "2015-12-22T13:47:16.000Z",
|
|
"description": "- Xchecked via VT: 0488bbd604117f88f9d1a91f6c5034b2",
|
|
"pattern": "[file:hashes.SHA256 = 'c134c7060a93891b9c3648579d34ab0e5e8d55ab6902f76660d552fa1b106d8b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795465-d24c-4cf6-97b2-4b3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:17.000Z",
|
|
"modified": "2015-12-22T13:47:17.000Z",
|
|
"description": "- Xchecked via VT: 0488bbd604117f88f9d1a91f6c5034b2",
|
|
"pattern": "[file:hashes.SHA1 = 'a1e63a873e1d2cf758b3dcd1f49a193c6999166a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795465-fedc-43b5-aaca-42ec950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:17.000Z",
|
|
"modified": "2015-12-22T13:47:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c134c7060a93891b9c3648579d34ab0e5e8d55ab6902f76660d552fa1b106d8b/analysis/1393433386/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795465-2d34-436a-a349-46eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:17.000Z",
|
|
"modified": "2015-12-22T13:47:17.000Z",
|
|
"description": "- Xchecked via VT: 0b59800013332b2cc0aaae1c30af31d1",
|
|
"pattern": "[file:hashes.SHA256 = '93d26339f3c15735e8e8a95509f29051e74d1c0abc2d81614f924071032f7ac0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795466-60f0-4c82-b6aa-4c30950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:18.000Z",
|
|
"modified": "2015-12-22T13:47:18.000Z",
|
|
"description": "- Xchecked via VT: 0b59800013332b2cc0aaae1c30af31d1",
|
|
"pattern": "[file:hashes.SHA1 = '248bfdcc3ee05f131e16b7be7679ab0ec6329b62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795466-3b78-451e-af0d-42b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:18.000Z",
|
|
"modified": "2015-12-22T13:47:18.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/93d26339f3c15735e8e8a95509f29051e74d1c0abc2d81614f924071032f7ac0/analysis/1377882272/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795466-f238-4d95-84ac-4694950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:18.000Z",
|
|
"modified": "2015-12-22T13:47:18.000Z",
|
|
"description": "- Xchecked via VT: 283054d26362bab50bbf1ff4bc1ec16f",
|
|
"pattern": "[file:hashes.SHA256 = 'd1298c24fcb8f9d8a21ce9e066fce9d3578f215277d38cc30cfd1c0afe2dfa0e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795466-f474-49c4-8880-4083950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:18.000Z",
|
|
"modified": "2015-12-22T13:47:18.000Z",
|
|
"description": "- Xchecked via VT: 283054d26362bab50bbf1ff4bc1ec16f",
|
|
"pattern": "[file:hashes.SHA1 = '2836255efe83ae01d6b504a759dc918ebb0bdab2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795467-dfc8-43e2-a3a9-4ec4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:19.000Z",
|
|
"modified": "2015-12-22T13:47:19.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/d1298c24fcb8f9d8a21ce9e066fce9d3578f215277d38cc30cfd1c0afe2dfa0e/analysis/1415612474/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795467-7af0-4862-9595-4325950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:19.000Z",
|
|
"modified": "2015-12-22T13:47:19.000Z",
|
|
"description": "- Xchecked via VT: 6eed07fcad31e9fee3b1db1a4c664eaa",
|
|
"pattern": "[file:hashes.SHA256 = 'ac9d4477b3dd49708ce9c8812e73e293909e3b1efed74b84371cb88f0e5d3500']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795467-d730-40a4-9c2e-42b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:19.000Z",
|
|
"modified": "2015-12-22T13:47:19.000Z",
|
|
"description": "- Xchecked via VT: 6eed07fcad31e9fee3b1db1a4c664eaa",
|
|
"pattern": "[file:hashes.SHA1 = '810b3f9c84632e875949412feffb298d4a0b3684']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795468-2808-4deb-97b3-4dd0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:20.000Z",
|
|
"modified": "2015-12-22T13:47:20.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ac9d4477b3dd49708ce9c8812e73e293909e3b1efed74b84371cb88f0e5d3500/analysis/1414656995/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795468-60e4-4bb2-af09-40cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:20.000Z",
|
|
"modified": "2015-12-22T13:47:20.000Z",
|
|
"description": "- Xchecked via VT: f9d8e71b77eea56e2dbad8694ae96905",
|
|
"pattern": "[file:hashes.SHA256 = 'a30929040061785b169d1b358259a0c9bd6805c7d4f573ba5132217ab055dc72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795468-ce80-4168-9665-4773950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:20.000Z",
|
|
"modified": "2015-12-22T13:47:20.000Z",
|
|
"description": "- Xchecked via VT: f9d8e71b77eea56e2dbad8694ae96905",
|
|
"pattern": "[file:hashes.SHA1 = 'cc1b657f9ab494f3c5f29631a8a923e1fdcf880f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795468-8df8-45f2-acfd-44fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:20.000Z",
|
|
"modified": "2015-12-22T13:47:20.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a30929040061785b169d1b358259a0c9bd6805c7d4f573ba5132217ab055dc72/analysis/1377143596/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795469-77f8-4de2-a386-4a53950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:21.000Z",
|
|
"modified": "2015-12-22T13:47:21.000Z",
|
|
"description": "- Xchecked via VT: 62d6995e6a22e517f496f24d4ae6b2c0",
|
|
"pattern": "[file:hashes.SHA256 = '66e0730f05db4a5f6a0d5caad13ee575383a2bd6c701f3cf50495eb64481c08f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795469-3d38-4f46-b9c8-46d2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:21.000Z",
|
|
"modified": "2015-12-22T13:47:21.000Z",
|
|
"description": "- Xchecked via VT: 62d6995e6a22e517f496f24d4ae6b2c0",
|
|
"pattern": "[file:hashes.SHA1 = 'a774a04910f0b8c71fc767195d193c179937a000']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795469-1bcc-4086-8023-463b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:21.000Z",
|
|
"modified": "2015-12-22T13:47:21.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/66e0730f05db4a5f6a0d5caad13ee575383a2bd6c701f3cf50495eb64481c08f/analysis/1442906769/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546a-8e9c-4530-947c-4cbb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:22.000Z",
|
|
"modified": "2015-12-22T13:47:22.000Z",
|
|
"description": "- Xchecked via VT: aec700735b1d6ecd063083e35e5a65bc",
|
|
"pattern": "[file:hashes.SHA256 = 'ec80a1f4446e64e56afb57a50998583068da5bc8944d2cc9932e5f593336efb1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546a-e524-427a-b5e7-4726950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:22.000Z",
|
|
"modified": "2015-12-22T13:47:22.000Z",
|
|
"description": "- Xchecked via VT: aec700735b1d6ecd063083e35e5a65bc",
|
|
"pattern": "[file:hashes.SHA1 = '66b7ed87ac7fd78a1061df343fa57a6f1bbc46c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546a-74ac-454d-9586-4944950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:22.000Z",
|
|
"modified": "2015-12-22T13:47:22.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ec80a1f4446e64e56afb57a50998583068da5bc8944d2cc9932e5f593336efb1/analysis/1436481626/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546a-c1c4-4753-bb87-4811950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:22.000Z",
|
|
"modified": "2015-12-22T13:47:22.000Z",
|
|
"description": "- Xchecked via VT: c9f058db9d291af766b9911d2735d823",
|
|
"pattern": "[file:hashes.SHA256 = '2d033aeb6da42bc999919c8d7553c88c35d71f379e33b38ef1f74837f60bac52']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546b-a774-4ef1-ac87-4999950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:23.000Z",
|
|
"modified": "2015-12-22T13:47:23.000Z",
|
|
"description": "- Xchecked via VT: c9f058db9d291af766b9911d2735d823",
|
|
"pattern": "[file:hashes.SHA1 = '54ef52a34c006bf5bcbe8067278d2a58b5523753']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546b-d2d8-41dd-a33d-4a4f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:23.000Z",
|
|
"modified": "2015-12-22T13:47:23.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2d033aeb6da42bc999919c8d7553c88c35d71f379e33b38ef1f74837f60bac52/analysis/1379105008/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546b-1ef4-4f6c-89d5-4b87950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:23.000Z",
|
|
"modified": "2015-12-22T13:47:23.000Z",
|
|
"description": "- Xchecked via VT: 50fe80d58eb595d44d389b02d3e550e3",
|
|
"pattern": "[file:hashes.SHA256 = 'cb34907c9fb8528120f6f9b6065b4733928a72ca60e0f838df2bb9ea85e12915']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546c-6100-450d-a3a4-4eb9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:24.000Z",
|
|
"modified": "2015-12-22T13:47:24.000Z",
|
|
"description": "- Xchecked via VT: 50fe80d58eb595d44d389b02d3e550e3",
|
|
"pattern": "[file:hashes.SHA1 = 'b2a455edb29033d1fb07e0ff3907cc8b1816623f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546c-acbc-49a8-ac29-4da9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:24.000Z",
|
|
"modified": "2015-12-22T13:47:24.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/cb34907c9fb8528120f6f9b6065b4733928a72ca60e0f838df2bb9ea85e12915/analysis/1412200821/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546c-7398-4e7a-b552-42a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:24.000Z",
|
|
"modified": "2015-12-22T13:47:24.000Z",
|
|
"description": "- Xchecked via VT: 114c8d4316248de8630364cf4c24a754",
|
|
"pattern": "[file:hashes.SHA256 = '57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546d-48e0-41fa-bef8-480e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:24.000Z",
|
|
"modified": "2015-12-22T13:47:24.000Z",
|
|
"description": "- Xchecked via VT: 114c8d4316248de8630364cf4c24a754",
|
|
"pattern": "[file:hashes.SHA1 = '58318739e970bbfa3ef45673f47b09ba3fe3f20b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546d-db54-484b-8062-45c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:25.000Z",
|
|
"modified": "2015-12-22T13:47:25.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/57a5d0da72655df9c5ca9137df7210b86845eeabae488537c70e36587274937c/analysis/1449469749/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546d-6138-4183-b735-40c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:25.000Z",
|
|
"modified": "2015-12-22T13:47:25.000Z",
|
|
"description": "- Xchecked via VT: 75e9d709e0ac32d1b456608be3f3f71b",
|
|
"pattern": "[file:hashes.SHA256 = '4682d35260adbf7325fb705c25baa985b85757f75d6edea6239f5487445b5a90']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546d-d714-42d2-bfbb-490f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:25.000Z",
|
|
"modified": "2015-12-22T13:47:25.000Z",
|
|
"description": "- Xchecked via VT: 75e9d709e0ac32d1b456608be3f3f71b",
|
|
"pattern": "[file:hashes.SHA1 = '3f5f1b78e37f1b802b21e9d5ad5b9f25412d6dad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546e-da60-4f16-9c46-4dc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:26.000Z",
|
|
"modified": "2015-12-22T13:47:26.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4682d35260adbf7325fb705c25baa985b85757f75d6edea6239f5487445b5a90/analysis/1444853040/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546e-56c8-4c54-a1e5-4ad3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:26.000Z",
|
|
"modified": "2015-12-22T13:47:26.000Z",
|
|
"description": "- Xchecked via VT: 098f1a47baff41016012647cafe28b64",
|
|
"pattern": "[file:hashes.SHA256 = '979b77a29a860ef04577717ed2200d0bdc0f7bbbe847e069ee954a2ce9f7ed98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546e-7ff0-4aa1-be89-4e61950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:26.000Z",
|
|
"modified": "2015-12-22T13:47:26.000Z",
|
|
"description": "- Xchecked via VT: 098f1a47baff41016012647cafe28b64",
|
|
"pattern": "[file:hashes.SHA1 = 'd4f60a8280bcfdfe04388f8ad0f265664c15f69d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546f-007c-49e2-8514-4479950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:27.000Z",
|
|
"modified": "2015-12-22T13:47:27.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/979b77a29a860ef04577717ed2200d0bdc0f7bbbe847e069ee954a2ce9f7ed98/analysis/1445803095/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546f-3ba8-43a2-a181-4769950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:27.000Z",
|
|
"modified": "2015-12-22T13:47:27.000Z",
|
|
"description": "- Xchecked via VT: fe9962483b512d0caa81471d4aa17734",
|
|
"pattern": "[file:hashes.SHA256 = 'f5f9e7352f128a42352dc30420631a03a82fc2dd08c11353893072d65288fb74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546f-eca4-47de-8df5-4482950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:27.000Z",
|
|
"modified": "2015-12-22T13:47:27.000Z",
|
|
"description": "- Xchecked via VT: fe9962483b512d0caa81471d4aa17734",
|
|
"pattern": "[file:hashes.SHA1 = 'b125de8bfe61b9dd22124f965a5879aafb0edfd7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679546f-0f30-4b5d-9705-4bae950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:27.000Z",
|
|
"modified": "2015-12-22T13:47:27.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f5f9e7352f128a42352dc30420631a03a82fc2dd08c11353893072d65288fb74/analysis/1262921649/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795470-dc28-426b-b838-4ada950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:28.000Z",
|
|
"modified": "2015-12-22T13:47:28.000Z",
|
|
"description": "- Xchecked via VT: 214b1512d9d1cf1b556ef011144d9d4d",
|
|
"pattern": "[file:hashes.SHA256 = '0ee595cce6dba90fcddf5c8b861de51af60189f080349d34f70b33d4fce9d104']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795470-38f0-4cf7-8f35-47f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:28.000Z",
|
|
"modified": "2015-12-22T13:47:28.000Z",
|
|
"description": "- Xchecked via VT: 214b1512d9d1cf1b556ef011144d9d4d",
|
|
"pattern": "[file:hashes.SHA1 = '305ff592cfaf5bb8442052207ca177df1f7c0230']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795470-aef0-48e0-bf01-4640950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:28.000Z",
|
|
"modified": "2015-12-22T13:47:28.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0ee595cce6dba90fcddf5c8b861de51af60189f080349d34f70b33d4fce9d104/analysis/1417393068/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795471-ab40-49b7-87d8-4674950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:29.000Z",
|
|
"modified": "2015-12-22T13:47:29.000Z",
|
|
"description": "- Xchecked via VT: d429b11731898bc0226464a1382a71d7",
|
|
"pattern": "[file:hashes.SHA256 = '68698f84b39e4cc145fe41a50e7fb7ffc6a9483694d01fa6ce3a4d504aa11f84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795471-8d34-4cc8-ac2d-469e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:29.000Z",
|
|
"modified": "2015-12-22T13:47:29.000Z",
|
|
"description": "- Xchecked via VT: d429b11731898bc0226464a1382a71d7",
|
|
"pattern": "[file:hashes.SHA1 = 'd62b0296ac3c9a5d979dff97c0c6bfa372b43873']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795471-c8c0-47b1-8a4f-4855950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:29.000Z",
|
|
"modified": "2015-12-22T13:47:29.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/68698f84b39e4cc145fe41a50e7fb7ffc6a9483694d01fa6ce3a4d504aa11f84/analysis/1445769494/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795472-ff84-41d7-9498-4fc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:30.000Z",
|
|
"modified": "2015-12-22T13:47:30.000Z",
|
|
"description": "- Xchecked via VT: ed3103922116c5b34bf701159cc4421b",
|
|
"pattern": "[file:hashes.SHA256 = 'a36232be55e253db8a048c992c5c376c4844a5126ad8bfca2e35f55d351cc226']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795472-be48-4462-94fd-4572950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:30.000Z",
|
|
"modified": "2015-12-22T13:47:30.000Z",
|
|
"description": "- Xchecked via VT: ed3103922116c5b34bf701159cc4421b",
|
|
"pattern": "[file:hashes.SHA1 = 'd921439753fd378294a8007a08675118ebec4f5b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795472-ad18-4a59-b257-4af4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:30.000Z",
|
|
"modified": "2015-12-22T13:47:30.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a36232be55e253db8a048c992c5c376c4844a5126ad8bfca2e35f55d351cc226/analysis/1190612291/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795472-9620-4e2a-bbf1-4f8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:30.000Z",
|
|
"modified": "2015-12-22T13:47:30.000Z",
|
|
"description": "- Xchecked via VT: 1896e3304f95bfd72367e41f31370828",
|
|
"pattern": "[file:hashes.SHA256 = '78a184a9978f96e4833fcf5e8278fb3c156febb02a167466f28cd2da13b47a4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795473-aee8-42eb-9cb6-45ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:31.000Z",
|
|
"modified": "2015-12-22T13:47:31.000Z",
|
|
"description": "- Xchecked via VT: 1896e3304f95bfd72367e41f31370828",
|
|
"pattern": "[file:hashes.SHA1 = 'f2e5cbb82bf7fcf457ee0909d53bfa09e9d5cd3c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795473-a7b8-4f14-a361-450e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:31.000Z",
|
|
"modified": "2015-12-22T13:47:31.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/78a184a9978f96e4833fcf5e8278fb3c156febb02a167466f28cd2da13b47a4c/analysis/1436484625/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795473-6a64-454e-8200-4365950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:31.000Z",
|
|
"modified": "2015-12-22T13:47:31.000Z",
|
|
"description": "- Xchecked via VT: 5117f450b2880a2a98880f30d17d4e25",
|
|
"pattern": "[file:hashes.SHA256 = 'e644cee8b872399050cb71e1ef698b2e0166701421c49476c2a6fe750dcc7578']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795474-73b0-4065-ad35-43e8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:32.000Z",
|
|
"modified": "2015-12-22T13:47:32.000Z",
|
|
"description": "- Xchecked via VT: 5117f450b2880a2a98880f30d17d4e25",
|
|
"pattern": "[file:hashes.SHA1 = 'a50fbd5620ddf0cd862678fa2a8afa43f65fa90c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795474-6568-4d22-9a7b-4e71950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:32.000Z",
|
|
"modified": "2015-12-22T13:47:32.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e644cee8b872399050cb71e1ef698b2e0166701421c49476c2a6fe750dcc7578/analysis/1445592027/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795474-f794-4269-9bd1-479e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:32.000Z",
|
|
"modified": "2015-12-22T13:47:32.000Z",
|
|
"description": "- Xchecked via VT: c8c464e728166f753d95429d4a8afe71",
|
|
"pattern": "[file:hashes.SHA256 = '703fd3c6f8f707308a72985d712ddcfcc125b45ed0d566f9c121691484d8fec2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795474-e938-4e40-932a-40d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:32.000Z",
|
|
"modified": "2015-12-22T13:47:32.000Z",
|
|
"description": "- Xchecked via VT: c8c464e728166f753d95429d4a8afe71",
|
|
"pattern": "[file:hashes.SHA1 = 'b568ccf5c7100d8092b4c171f03ecf4295b79e76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795475-e9e0-438c-9479-4a85950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:33.000Z",
|
|
"modified": "2015-12-22T13:47:33.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/703fd3c6f8f707308a72985d712ddcfcc125b45ed0d566f9c121691484d8fec2/analysis/1393526842/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795475-daa4-4108-bd26-4fc8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:33.000Z",
|
|
"modified": "2015-12-22T13:47:33.000Z",
|
|
"description": "- Xchecked via VT: 7951eff6c6bb6b756281a806196f94a3",
|
|
"pattern": "[file:hashes.SHA256 = '31982d7f6f8c1d0b8049f5a747698b03732b0948585957e2c0235fe900ae947e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795475-3310-418f-a6a8-4531950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:33.000Z",
|
|
"modified": "2015-12-22T13:47:33.000Z",
|
|
"description": "- Xchecked via VT: 7951eff6c6bb6b756281a806196f94a3",
|
|
"pattern": "[file:hashes.SHA1 = '26a191cd473a78275b3fb0cc818ef888179578b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795476-49e4-4795-9294-4247950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:34.000Z",
|
|
"modified": "2015-12-22T13:47:34.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/31982d7f6f8c1d0b8049f5a747698b03732b0948585957e2c0235fe900ae947e/analysis/1377215991/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795476-b090-42b9-955a-45ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:34.000Z",
|
|
"modified": "2015-12-22T13:47:34.000Z",
|
|
"description": "- Xchecked via VT: 0a815b599876e96b760e8611a1235ad0",
|
|
"pattern": "[file:hashes.SHA256 = 'd881d014fe9dd74ec5b8b0c5b2df9ee167490407ed4cc665d0d479160e287a55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795476-e874-4fea-a1f2-40c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:34.000Z",
|
|
"modified": "2015-12-22T13:47:34.000Z",
|
|
"description": "- Xchecked via VT: 0a815b599876e96b760e8611a1235ad0",
|
|
"pattern": "[file:hashes.SHA1 = '5fcf7f3205d6430a80f949c4913aa451bd78458d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795477-1998-440d-99cc-418c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:35.000Z",
|
|
"modified": "2015-12-22T13:47:35.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/d881d014fe9dd74ec5b8b0c5b2df9ee167490407ed4cc665d0d479160e287a55/analysis/1399354064/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795477-f4a8-4ac8-aeec-4cae950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:35.000Z",
|
|
"modified": "2015-12-22T13:47:35.000Z",
|
|
"description": "- Xchecked via VT: 750a96a422a2bda359a5a93c45f46cac",
|
|
"pattern": "[file:hashes.SHA256 = '7de7e037ba058ef50a52721ef205458ef18dcab17d56698442bce761fcf24db9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795477-7d4c-44a6-b453-43bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:35.000Z",
|
|
"modified": "2015-12-22T13:47:35.000Z",
|
|
"description": "- Xchecked via VT: 750a96a422a2bda359a5a93c45f46cac",
|
|
"pattern": "[file:hashes.SHA1 = 'fa7be421e7f39999b0014c437803df24e82481ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795477-2998-477d-a58c-4592950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:35.000Z",
|
|
"modified": "2015-12-22T13:47:35.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7de7e037ba058ef50a52721ef205458ef18dcab17d56698442bce761fcf24db9/analysis/1445603126/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795478-3720-4601-a37c-4e62950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:36.000Z",
|
|
"modified": "2015-12-22T13:47:36.000Z",
|
|
"description": "- Xchecked via VT: 67d9c9cb90392da7a5172a8bf6b66bc3",
|
|
"pattern": "[file:hashes.SHA256 = 'bde8199e98868da3b050f66252cad804b4e38e91baba12deaa7a02724087ae7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795478-a7cc-437f-9e16-45f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:36.000Z",
|
|
"modified": "2015-12-22T13:47:36.000Z",
|
|
"description": "- Xchecked via VT: 67d9c9cb90392da7a5172a8bf6b66bc3",
|
|
"pattern": "[file:hashes.SHA1 = '8a44263aeb4ff2794ef126da796a2f0f1648c78d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795478-ad70-41c0-a02e-409b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:36.000Z",
|
|
"modified": "2015-12-22T13:47:36.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bde8199e98868da3b050f66252cad804b4e38e91baba12deaa7a02724087ae7b/analysis/1445902212/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795479-a310-4f88-87d6-4dfd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:37.000Z",
|
|
"modified": "2015-12-22T13:47:37.000Z",
|
|
"description": "- Xchecked via VT: f6857c106c99a85f1f84221500591ea4",
|
|
"pattern": "[file:hashes.SHA256 = '61d6ff16a0a732024ce4f21365fd562ba70bc1862cfbc91f59afd5e49ad3bf83']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795479-ee7c-42a3-a756-4d17950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:37.000Z",
|
|
"modified": "2015-12-22T13:47:37.000Z",
|
|
"description": "- Xchecked via VT: f6857c106c99a85f1f84221500591ea4",
|
|
"pattern": "[file:hashes.SHA1 = 'f1d6b240e9619df813f01b91357cc2cc14008d2b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795479-dcc0-47ad-ab40-4c78950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:37.000Z",
|
|
"modified": "2015-12-22T13:47:37.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/61d6ff16a0a732024ce4f21365fd562ba70bc1862cfbc91f59afd5e49ad3bf83/analysis/1376900197/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795479-8bec-4fd0-8b5c-4171950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:37.000Z",
|
|
"modified": "2015-12-22T13:47:37.000Z",
|
|
"description": "- Xchecked via VT: 6691b9019fc8efc2ad72078ae3f889d3",
|
|
"pattern": "[file:hashes.SHA256 = '516f1b2b3f447cc1d9eec78a69167a4f0e58540f8dc2ad2c3bb077c29146bb4f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547a-df04-450d-89b9-45c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:38.000Z",
|
|
"modified": "2015-12-22T13:47:38.000Z",
|
|
"description": "- Xchecked via VT: 6691b9019fc8efc2ad72078ae3f889d3",
|
|
"pattern": "[file:hashes.SHA1 = 'e8d9804a4e059d192618f8dd77f8b9a1a68a412a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547a-1a08-4626-9f9f-4b0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:38.000Z",
|
|
"modified": "2015-12-22T13:47:38.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/516f1b2b3f447cc1d9eec78a69167a4f0e58540f8dc2ad2c3bb077c29146bb4f/analysis/1395587287/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547a-cc58-4836-97e3-4f22950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:38.000Z",
|
|
"modified": "2015-12-22T13:47:38.000Z",
|
|
"description": "- Xchecked via VT: 84536c2157e9b22ac9d17b3a6e032121",
|
|
"pattern": "[file:hashes.SHA256 = '336b4da318162294b511b0084aa56aef730728e695bd4006e933b4f280d391b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547b-cac8-4773-b34d-4aaf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:39.000Z",
|
|
"modified": "2015-12-22T13:47:39.000Z",
|
|
"description": "- Xchecked via VT: 84536c2157e9b22ac9d17b3a6e032121",
|
|
"pattern": "[file:hashes.SHA1 = '9a9526251967671a09a07fba768a0675e79f3a42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547b-afb0-4c9a-bb83-49c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:39.000Z",
|
|
"modified": "2015-12-22T13:47:39.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/336b4da318162294b511b0084aa56aef730728e695bd4006e933b4f280d391b5/analysis/1414579570/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547b-a384-437e-97a4-44e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:39.000Z",
|
|
"modified": "2015-12-22T13:47:39.000Z",
|
|
"description": "- Xchecked via VT: e3cc4d0e7ca1385f1a289fb6effdaa63",
|
|
"pattern": "[file:hashes.SHA256 = '828dd1900138c37d13582c6ff099bb43db797a964957c211375750d997ab9f05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547c-c160-4259-aaf8-40a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:40.000Z",
|
|
"modified": "2015-12-22T13:47:40.000Z",
|
|
"description": "- Xchecked via VT: e3cc4d0e7ca1385f1a289fb6effdaa63",
|
|
"pattern": "[file:hashes.SHA1 = 'f96ecf111e3feb12db1b7a90bdfca27e72b52ac1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547c-6708-4df0-a043-4f41950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:40.000Z",
|
|
"modified": "2015-12-22T13:47:40.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/828dd1900138c37d13582c6ff099bb43db797a964957c211375750d997ab9f05/analysis/1390168501/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547c-52e8-47dd-b2d1-44d2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:40.000Z",
|
|
"modified": "2015-12-22T13:47:40.000Z",
|
|
"description": "- Xchecked via VT: 646b609c0e57b133daf5ad35d69da081",
|
|
"pattern": "[file:hashes.SHA256 = '6d83a285690ba2a62e7ceb40589b3345100cce2dcf76290d283b22c6cdd414a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547c-1b54-47d3-b2d8-4c94950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:40.000Z",
|
|
"modified": "2015-12-22T13:47:40.000Z",
|
|
"description": "- Xchecked via VT: 646b609c0e57b133daf5ad35d69da081",
|
|
"pattern": "[file:hashes.SHA1 = 'd4e3b2c298a6b938dc66fade8932f3c10520252b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547d-3e68-4d8b-b101-4342950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:41.000Z",
|
|
"modified": "2015-12-22T13:47:41.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6d83a285690ba2a62e7ceb40589b3345100cce2dcf76290d283b22c6cdd414a8/analysis/1380400668/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547d-2340-4e81-8293-4d41950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:41.000Z",
|
|
"modified": "2015-12-22T13:47:41.000Z",
|
|
"description": "- Xchecked via VT: 762ddaef779662fa3dcc3fff30e0e702",
|
|
"pattern": "[file:hashes.SHA256 = 'ddc5aecd88dea3ad8a601f5ea22cbe6dfa762cc713dbc27816c95e86499caf0d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547d-7270-4275-9d45-4b1b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:41.000Z",
|
|
"modified": "2015-12-22T13:47:41.000Z",
|
|
"description": "- Xchecked via VT: 762ddaef779662fa3dcc3fff30e0e702",
|
|
"pattern": "[file:hashes.SHA1 = '858cdc1db0ba32f26dd564b1a487a1c34d538f4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547e-3dcc-4b88-bbf3-4ef5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:42.000Z",
|
|
"modified": "2015-12-22T13:47:42.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ddc5aecd88dea3ad8a601f5ea22cbe6dfa762cc713dbc27816c95e86499caf0d/analysis/1446037572/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547e-c498-474f-8898-42f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:42.000Z",
|
|
"modified": "2015-12-22T13:47:42.000Z",
|
|
"description": "- Xchecked via VT: a2aff44c0463142278188d65af971780",
|
|
"pattern": "[file:hashes.SHA256 = '0c067385f4fc6cb97f7fa497fe6bd3e45ecc960b6048d5db6086f3c6d31ae86a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547e-dad0-432a-9756-41a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:42.000Z",
|
|
"modified": "2015-12-22T13:47:42.000Z",
|
|
"description": "- Xchecked via VT: a2aff44c0463142278188d65af971780",
|
|
"pattern": "[file:hashes.SHA1 = '2b49f87ff935a2a3e3fdf8444b6881e46c9da32a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547e-214c-4b31-9e1d-455e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:42.000Z",
|
|
"modified": "2015-12-22T13:47:42.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0c067385f4fc6cb97f7fa497fe6bd3e45ecc960b6048d5db6086f3c6d31ae86a/analysis/1374559955/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547f-e28c-4253-9a37-4890950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:43.000Z",
|
|
"modified": "2015-12-22T13:47:43.000Z",
|
|
"description": "- Xchecked via VT: 1a53797e35b741f771116a29ef9dc5ff",
|
|
"pattern": "[file:hashes.SHA256 = 'a9a9fd61e5ef2556c0c9dfec62f6d5d78a160d7bef949718857207c841e0767f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547f-7bd8-4171-ac38-4fd5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:43.000Z",
|
|
"modified": "2015-12-22T13:47:43.000Z",
|
|
"description": "- Xchecked via VT: 1a53797e35b741f771116a29ef9dc5ff",
|
|
"pattern": "[file:hashes.SHA1 = 'a07ff90441335eae7209341abe1e41150222b001']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679547f-9190-4100-9361-44dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:43.000Z",
|
|
"modified": "2015-12-22T13:47:43.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a9a9fd61e5ef2556c0c9dfec62f6d5d78a160d7bef949718857207c841e0767f/analysis/1402433350/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795480-51ac-4e3c-99ba-4258950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:44.000Z",
|
|
"modified": "2015-12-22T13:47:44.000Z",
|
|
"description": "- Xchecked via VT: 2d4382d9b091ce47fe8aa4a77eda7ac0",
|
|
"pattern": "[file:hashes.SHA256 = 'ae99c171b85ec578d459bd010408d0fd89a2586b0aa7df7b579fe58cf992e6d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795480-b894-41e8-bc92-460e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:44.000Z",
|
|
"modified": "2015-12-22T13:47:44.000Z",
|
|
"description": "- Xchecked via VT: 2d4382d9b091ce47fe8aa4a77eda7ac0",
|
|
"pattern": "[file:hashes.SHA1 = 'dc326893f78ab789a6ff368d7013eb828208d0b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795480-0508-41af-8d8f-4ea1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:44.000Z",
|
|
"modified": "2015-12-22T13:47:44.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ae99c171b85ec578d459bd010408d0fd89a2586b0aa7df7b579fe58cf992e6d8/analysis/1444238891/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795481-afac-4694-abfe-4e54950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:45.000Z",
|
|
"modified": "2015-12-22T13:47:45.000Z",
|
|
"description": "- Xchecked via VT: 021192d06dbc734960ad8fa9c9209961",
|
|
"pattern": "[file:hashes.SHA256 = 'f533913b4637fc12f8efef0ebfab9547fdb1071b9220ce38fd2b09b7fa9ba8c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795481-2a9c-4635-9776-467a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:45.000Z",
|
|
"modified": "2015-12-22T13:47:45.000Z",
|
|
"description": "- Xchecked via VT: 021192d06dbc734960ad8fa9c9209961",
|
|
"pattern": "[file:hashes.SHA1 = '54c83dedac7495e871123149cc60372d5e92597d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795481-09b8-4c6d-a8f6-49ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:45.000Z",
|
|
"modified": "2015-12-22T13:47:45.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f533913b4637fc12f8efef0ebfab9547fdb1071b9220ce38fd2b09b7fa9ba8c2/analysis/1443044019/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795481-f124-4e94-80cf-4ea7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:45.000Z",
|
|
"modified": "2015-12-22T13:47:45.000Z",
|
|
"description": "- Xchecked via VT: f8cb854597c18887433265702a72cfd4",
|
|
"pattern": "[file:hashes.SHA256 = '2be6c0725e5fd5c4b142c9648d840db21f51aadd075b8b6a908e1966e58be381']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795482-b6c0-40bb-b8b2-4ed8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:46.000Z",
|
|
"modified": "2015-12-22T13:47:46.000Z",
|
|
"description": "- Xchecked via VT: f8cb854597c18887433265702a72cfd4",
|
|
"pattern": "[file:hashes.SHA1 = '12047a591e66a1ae64b8321d6ec6d4813aeef508']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795482-6348-4352-b62c-49a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:46.000Z",
|
|
"modified": "2015-12-22T13:47:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2be6c0725e5fd5c4b142c9648d840db21f51aadd075b8b6a908e1966e58be381/analysis/1383071276/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795482-a36c-4d62-b31f-424d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:46.000Z",
|
|
"modified": "2015-12-22T13:47:46.000Z",
|
|
"description": "- Xchecked via VT: 007c069fb1ee9069dc8092c4dcfd91f9",
|
|
"pattern": "[file:hashes.SHA256 = '38fb5236ab71689dd0f89b734dbc1bee5813b3edd26b34617d652f856a842a88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795483-06f4-4d08-815a-4614950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:47.000Z",
|
|
"modified": "2015-12-22T13:47:47.000Z",
|
|
"description": "- Xchecked via VT: 007c069fb1ee9069dc8092c4dcfd91f9",
|
|
"pattern": "[file:hashes.SHA1 = 'c071ab6fa0f0afdb911d0d9d19d8b068b940e75c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795483-15b8-45cb-9c7a-4104950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:47.000Z",
|
|
"modified": "2015-12-22T13:47:47.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/38fb5236ab71689dd0f89b734dbc1bee5813b3edd26b34617d652f856a842a88/analysis/1412544168/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795483-9930-45d6-ab12-41b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:47.000Z",
|
|
"modified": "2015-12-22T13:47:47.000Z",
|
|
"description": "- Xchecked via VT: d8495fb346e1782b930b3681e88ac469",
|
|
"pattern": "[file:hashes.SHA256 = '2fb9304ab9f9eabbc44712e9efdff2b65c3f09da32977679826077fbf94bf8be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795483-8c38-4ac0-86bc-4a5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:47.000Z",
|
|
"modified": "2015-12-22T13:47:47.000Z",
|
|
"description": "- Xchecked via VT: d8495fb346e1782b930b3681e88ac469",
|
|
"pattern": "[file:hashes.SHA1 = '88fc240d65f2d40cd66dce2b052ba6dc854e1a05']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795484-9cf0-48ba-ba6f-423d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:48.000Z",
|
|
"modified": "2015-12-22T13:47:48.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2fb9304ab9f9eabbc44712e9efdff2b65c3f09da32977679826077fbf94bf8be/analysis/1421636121/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795484-cf78-4943-bf36-4eb6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:48.000Z",
|
|
"modified": "2015-12-22T13:47:48.000Z",
|
|
"description": "- Xchecked via VT: 8a4f9439d1c947491e4351c53dfba2cb",
|
|
"pattern": "[file:hashes.SHA256 = '50bd9d9234985c0a5ae3ad5c22237a40a53310e7c6f91629d401bbdda657f698']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795484-bacc-4c6a-a4e8-435b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:48.000Z",
|
|
"modified": "2015-12-22T13:47:48.000Z",
|
|
"description": "- Xchecked via VT: 8a4f9439d1c947491e4351c53dfba2cb",
|
|
"pattern": "[file:hashes.SHA1 = 'cde5e8576f794bb7bd71b7471779913b61812e1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795485-7f50-4ce0-8495-4721950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:49.000Z",
|
|
"modified": "2015-12-22T13:47:49.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/50bd9d9234985c0a5ae3ad5c22237a40a53310e7c6f91629d401bbdda657f698/analysis/1381276604/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795485-9db8-4426-86a7-4779950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:49.000Z",
|
|
"modified": "2015-12-22T13:47:49.000Z",
|
|
"description": "- Xchecked via VT: 01cbd90ba5cf7e9595b208e4ca2d2d15",
|
|
"pattern": "[file:hashes.SHA256 = '5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795485-b680-42d4-ab32-4c72950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:49.000Z",
|
|
"modified": "2015-12-22T13:47:49.000Z",
|
|
"description": "- Xchecked via VT: 01cbd90ba5cf7e9595b208e4ca2d2d15",
|
|
"pattern": "[file:hashes.SHA1 = '206407f68d83df6ac1f69c7f13e64bcadff9b911']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795486-2858-49f9-9e87-4946950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:50.000Z",
|
|
"modified": "2015-12-22T13:47:50.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/5bf2dfcf19db065cff2d55a9942c8fc8d5cbf77b58051ebf68ec6343cad91c16/analysis/1436905032/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795486-90d4-4d33-a75b-41e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:50.000Z",
|
|
"modified": "2015-12-22T13:47:50.000Z",
|
|
"description": "- Xchecked via VT: b36ac0be80de2cea6aec432b774a2f81",
|
|
"pattern": "[file:hashes.SHA256 = '765ba51da00ae432442a4cf3c59303bfb4f766db621b32bd317b82d8078c6d80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795486-9968-48d5-9e2c-40f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:50.000Z",
|
|
"modified": "2015-12-22T13:47:50.000Z",
|
|
"description": "- Xchecked via VT: b36ac0be80de2cea6aec432b774a2f81",
|
|
"pattern": "[file:hashes.SHA1 = 'a752ed48613c5a84f7e4e9580c9216de63eef86b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795486-b6bc-426f-ad4e-45a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:50.000Z",
|
|
"modified": "2015-12-22T13:47:50.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/765ba51da00ae432442a4cf3c59303bfb4f766db621b32bd317b82d8078c6d80/analysis/1382562332/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795487-f2e4-4851-a5e5-4093950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:51.000Z",
|
|
"modified": "2015-12-22T13:47:51.000Z",
|
|
"description": "- Xchecked via VT: 0dccd70acd8161fa4964f900c0f1bdcd",
|
|
"pattern": "[file:hashes.SHA256 = '04276a90a90480f0699492f462ad7a6180ff01a68895b8e096a159a5f7b30c13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795487-1640-4484-b880-41c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:51.000Z",
|
|
"modified": "2015-12-22T13:47:51.000Z",
|
|
"description": "- Xchecked via VT: 0dccd70acd8161fa4964f900c0f1bdcd",
|
|
"pattern": "[file:hashes.SHA1 = 'e372f52650b22cd741f3e0d2a1a94f1bf98b5659']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795487-4bb0-4bb4-8d34-4f49950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:51.000Z",
|
|
"modified": "2015-12-22T13:47:51.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/04276a90a90480f0699492f462ad7a6180ff01a68895b8e096a159a5f7b30c13/analysis/1414487568/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795487-d190-463d-ac22-4763950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:51.000Z",
|
|
"modified": "2015-12-22T13:47:51.000Z",
|
|
"description": "- Xchecked via VT: d1db17b781e887a420880ea7aa78767e",
|
|
"pattern": "[file:hashes.SHA256 = 'ea94ea5c6ccdb9939429bf5fd0edda3986b14ebc185cff147cb80888d4699270']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795488-0788-43ce-983c-40d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:52.000Z",
|
|
"modified": "2015-12-22T13:47:52.000Z",
|
|
"description": "- Xchecked via VT: d1db17b781e887a420880ea7aa78767e",
|
|
"pattern": "[file:hashes.SHA1 = 'd2b1c34007db91ede03c94fc7b1a956821fe5efd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795488-f364-4847-b177-40c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:52.000Z",
|
|
"modified": "2015-12-22T13:47:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ea94ea5c6ccdb9939429bf5fd0edda3986b14ebc185cff147cb80888d4699270/analysis/1384072120/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795488-a350-494b-be1a-467a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:52.000Z",
|
|
"modified": "2015-12-22T13:47:52.000Z",
|
|
"description": "- Xchecked via VT: 55786af6b0841cc2ee630d3ca5b380d5",
|
|
"pattern": "[file:hashes.SHA256 = '1857c12b04ec323d24c54f2e4cb7b697adb29a735374f8f236122de06fca38b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795489-9da0-4228-8c42-4236950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:53.000Z",
|
|
"modified": "2015-12-22T13:47:53.000Z",
|
|
"description": "- Xchecked via VT: 55786af6b0841cc2ee630d3ca5b380d5",
|
|
"pattern": "[file:hashes.SHA1 = '2b1ea3d0a8afea49b043bb8095707e4685af5941']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795489-cbe4-4799-b15e-46b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:53.000Z",
|
|
"modified": "2015-12-22T13:47:53.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1857c12b04ec323d24c54f2e4cb7b697adb29a735374f8f236122de06fca38b5/analysis/1376182943/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795489-de78-449f-baa6-4dc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:53.000Z",
|
|
"modified": "2015-12-22T13:47:53.000Z",
|
|
"description": "- Xchecked via VT: ce4013c797535dc0d4af791238234b60",
|
|
"pattern": "[file:hashes.SHA256 = '1045c0d59f4e3a5f80a95ba61b0b6bdcfcdc9a340c49463a03e6378c3154947b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795489-f5f0-4f5e-9771-45a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:53.000Z",
|
|
"modified": "2015-12-22T13:47:53.000Z",
|
|
"description": "- Xchecked via VT: ce4013c797535dc0d4af791238234b60",
|
|
"pattern": "[file:hashes.SHA1 = '9c934631279c40877051cf74795e84fecac4554c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548a-e2dc-4e14-a6ad-420f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:54.000Z",
|
|
"modified": "2015-12-22T13:47:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1045c0d59f4e3a5f80a95ba61b0b6bdcfcdc9a340c49463a03e6378c3154947b/analysis/1379408874/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548a-d6d4-4bce-be88-4f50950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:54.000Z",
|
|
"modified": "2015-12-22T13:47:54.000Z",
|
|
"description": "- Xchecked via VT: fca1eb4ed2f00b2acba8dccc1015d345",
|
|
"pattern": "[file:hashes.SHA256 = '250557126d8b3127c44ff63d4f557050f3a003160c9a85d2ffc4e17f802dc359']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548a-3af4-464b-a766-4596950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:54.000Z",
|
|
"modified": "2015-12-22T13:47:54.000Z",
|
|
"description": "- Xchecked via VT: fca1eb4ed2f00b2acba8dccc1015d345",
|
|
"pattern": "[file:hashes.SHA1 = 'd479316e358797bf7c9680c12468bb61a4a66d64']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548b-6c18-4a37-9c41-4cf7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:55.000Z",
|
|
"modified": "2015-12-22T13:47:55.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/250557126d8b3127c44ff63d4f557050f3a003160c9a85d2ffc4e17f802dc359/analysis/1436479103/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548b-e224-4282-89f3-4490950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:55.000Z",
|
|
"modified": "2015-12-22T13:47:55.000Z",
|
|
"description": "- Xchecked via VT: 0fcb7d51091cc468f06a927a51c2eff2",
|
|
"pattern": "[file:hashes.SHA256 = '5da8525c1954fa7a4c41bdc66969c6a64b24722de8a9f92a91bf1c46cb4cee41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548b-ba94-4738-945d-4394950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:55.000Z",
|
|
"modified": "2015-12-22T13:47:55.000Z",
|
|
"description": "- Xchecked via VT: 0fcb7d51091cc468f06a927a51c2eff2",
|
|
"pattern": "[file:hashes.SHA1 = '0c09d3a9c324eef4f96980c7b56095519ba5d70b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548c-ec78-4cd3-a752-454f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:56.000Z",
|
|
"modified": "2015-12-22T13:47:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/5da8525c1954fa7a4c41bdc66969c6a64b24722de8a9f92a91bf1c46cb4cee41/analysis/1379110330/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548c-e410-4aec-884c-4750950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:56.000Z",
|
|
"modified": "2015-12-22T13:47:56.000Z",
|
|
"description": "- Xchecked via VT: ab6bfabe3a411acb3143b096091f559b",
|
|
"pattern": "[file:hashes.SHA256 = 'bd67cfc664462a8eba7a8b90f30359b11bd3f05f34a7a445663c65d59642b61a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548c-4de8-403f-aa5a-4fc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:56.000Z",
|
|
"modified": "2015-12-22T13:47:56.000Z",
|
|
"description": "- Xchecked via VT: ab6bfabe3a411acb3143b096091f559b",
|
|
"pattern": "[file:hashes.SHA1 = '8f6c4142893eadfa20272a66b47d31e9e02d9b97']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548c-4038-4b37-af86-4912950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:56.000Z",
|
|
"modified": "2015-12-22T13:47:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bd67cfc664462a8eba7a8b90f30359b11bd3f05f34a7a445663c65d59642b61a/analysis/1438569730/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548d-56e8-48a5-9643-4e95950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:57.000Z",
|
|
"modified": "2015-12-22T13:47:57.000Z",
|
|
"description": "- Xchecked via VT: 06d35502fa814a53f75ba5f312fdf156",
|
|
"pattern": "[file:hashes.SHA256 = '7fe005a898bdb255d7d6ec3e3d4cd6c025424c349a8d470d45b3b4682bf5c427']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548d-f034-43e6-80b5-4140950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:57.000Z",
|
|
"modified": "2015-12-22T13:47:57.000Z",
|
|
"description": "- Xchecked via VT: 06d35502fa814a53f75ba5f312fdf156",
|
|
"pattern": "[file:hashes.SHA1 = '967b4d4e803f7375bba2c38258dc52ba55740078']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548d-6b74-4702-83e5-4590950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:57.000Z",
|
|
"modified": "2015-12-22T13:47:57.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7fe005a898bdb255d7d6ec3e3d4cd6c025424c349a8d470d45b3b4682bf5c427/analysis/1393445647/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548e-e310-40e2-a853-402b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:58.000Z",
|
|
"modified": "2015-12-22T13:47:58.000Z",
|
|
"description": "- Xchecked via VT: 057acd44646bf40db547d744a84e8074",
|
|
"pattern": "[file:hashes.SHA256 = '783a568b31f50ba90bfaab01c8dd41a4996474a54099821f3e5099bba1d7296a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548e-c6d4-401e-99b4-4b22950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:58.000Z",
|
|
"modified": "2015-12-22T13:47:58.000Z",
|
|
"description": "- Xchecked via VT: 057acd44646bf40db547d744a84e8074",
|
|
"pattern": "[file:hashes.SHA1 = 'a76c3a8de1a284dd5051e1781366888a30c14fd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548e-0d98-43a9-8bf1-415a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:58.000Z",
|
|
"modified": "2015-12-22T13:47:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/783a568b31f50ba90bfaab01c8dd41a4996474a54099821f3e5099bba1d7296a/analysis/1410294398/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548e-58ec-4cad-a192-48ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:58.000Z",
|
|
"modified": "2015-12-22T13:47:58.000Z",
|
|
"description": "- Xchecked via VT: efc94d17c03230de33f5a10400dff120",
|
|
"pattern": "[file:hashes.SHA256 = '8f4ae6be787838b5895b240274b5ba8532402ebe9bf79b9731e62b23ebbaf501']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548f-a350-4312-b619-41d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:59.000Z",
|
|
"modified": "2015-12-22T13:47:59.000Z",
|
|
"description": "- Xchecked via VT: efc94d17c03230de33f5a10400dff120",
|
|
"pattern": "[file:hashes.SHA1 = '1fceca6d07b46ec7e804f69c8bd92fea65f35b66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548f-5184-46ff-b9d9-4d06950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:59.000Z",
|
|
"modified": "2015-12-22T13:47:59.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8f4ae6be787838b5895b240274b5ba8532402ebe9bf79b9731e62b23ebbaf501/analysis/1375481250/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679548f-7de0-48c3-a12c-4ab6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:47:59.000Z",
|
|
"modified": "2015-12-22T13:47:59.000Z",
|
|
"description": "- Xchecked via VT: 52f716a9cd69d1a50d16f400780b6bc6",
|
|
"pattern": "[file:hashes.SHA256 = 'cf1c5db0b83e79a27999ba14cd886a8a791b24cc9735551c8eb12063c804dab8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:47:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795490-fee8-4a35-98f0-48b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:00.000Z",
|
|
"modified": "2015-12-22T13:48:00.000Z",
|
|
"description": "- Xchecked via VT: 52f716a9cd69d1a50d16f400780b6bc6",
|
|
"pattern": "[file:hashes.SHA1 = '26f6a219d64a2fba3e71819c1cfdc2c8a87200dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795490-f658-4d5a-b886-4888950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:00.000Z",
|
|
"modified": "2015-12-22T13:48:00.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/cf1c5db0b83e79a27999ba14cd886a8a791b24cc9735551c8eb12063c804dab8/analysis/1443233409/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795490-f858-411a-a598-4b03950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:00.000Z",
|
|
"modified": "2015-12-22T13:48:00.000Z",
|
|
"description": "- Xchecked via VT: 096a7edd61dbe7f7399b02a72b66e833",
|
|
"pattern": "[file:hashes.SHA256 = 'fbff87fc1e51754bac1005ede0a9647843d96212569c300fe6a64391056b9330']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795490-69a0-4160-ac10-4b69950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:00.000Z",
|
|
"modified": "2015-12-22T13:48:00.000Z",
|
|
"description": "- Xchecked via VT: 096a7edd61dbe7f7399b02a72b66e833",
|
|
"pattern": "[file:hashes.SHA1 = '1b9bbf7cedda7ee0493d43d9bff564ae84b3d7cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795491-240c-42e9-993e-4d8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:01.000Z",
|
|
"modified": "2015-12-22T13:48:01.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fbff87fc1e51754bac1005ede0a9647843d96212569c300fe6a64391056b9330/analysis/1383654930/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795491-e26c-44ab-8756-4abb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:01.000Z",
|
|
"modified": "2015-12-22T13:48:01.000Z",
|
|
"description": "- Xchecked via VT: 766c4d534ff8a1b5d048bcbade4a4865",
|
|
"pattern": "[file:hashes.SHA256 = '0fe1a80208d7e246f29472526ef048ab9dc5f1abc2b3aa2278d1f83c8213bd84']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795491-39a8-4a78-b41c-4c61950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:01.000Z",
|
|
"modified": "2015-12-22T13:48:01.000Z",
|
|
"description": "- Xchecked via VT: 766c4d534ff8a1b5d048bcbade4a4865",
|
|
"pattern": "[file:hashes.SHA1 = '499232c6d822c0860a395c3a9fe53532ebd88599']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795492-ba50-4675-91c4-4211950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:02.000Z",
|
|
"modified": "2015-12-22T13:48:02.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0fe1a80208d7e246f29472526ef048ab9dc5f1abc2b3aa2278d1f83c8213bd84/analysis/1411929616/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795492-9184-4ac6-97e5-4079950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:02.000Z",
|
|
"modified": "2015-12-22T13:48:02.000Z",
|
|
"description": "- Xchecked via VT: f6857316c5d46b79fdb72e4fda2ce2e2",
|
|
"pattern": "[file:hashes.SHA256 = '6c838ca7aa85aa6f21d2afb268ba9e7d5451167f102d587728468dec53c3b06c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795492-a49c-470e-a970-47fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:02.000Z",
|
|
"modified": "2015-12-22T13:48:02.000Z",
|
|
"description": "- Xchecked via VT: f6857316c5d46b79fdb72e4fda2ce2e2",
|
|
"pattern": "[file:hashes.SHA1 = '8135294393bcc881d4a7a5f08f6a69d9b8c97f4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795493-9998-4b55-b865-4c84950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:03.000Z",
|
|
"modified": "2015-12-22T13:48:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6c838ca7aa85aa6f21d2afb268ba9e7d5451167f102d587728468dec53c3b06c/analysis/1410110157/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795493-dde4-4673-aaac-4535950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:03.000Z",
|
|
"modified": "2015-12-22T13:48:03.000Z",
|
|
"description": "- Xchecked via VT: 6d012a3d1c6363694c25d812c01ecab5",
|
|
"pattern": "[file:hashes.SHA256 = '4a8ab99f303d82d727ff9acb7a59240b81e9197b3ff90da376c0375f320feb87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795493-d444-46bd-97e2-4f76950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:03.000Z",
|
|
"modified": "2015-12-22T13:48:03.000Z",
|
|
"description": "- Xchecked via VT: 6d012a3d1c6363694c25d812c01ecab5",
|
|
"pattern": "[file:hashes.SHA1 = '2efede0f9ff7574342e67eb42b454a2e1f7ea5be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795493-e7e8-4306-8993-4234950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:03.000Z",
|
|
"modified": "2015-12-22T13:48:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4a8ab99f303d82d727ff9acb7a59240b81e9197b3ff90da376c0375f320feb87/analysis/1445795290/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795494-22a8-48ee-b897-41a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:04.000Z",
|
|
"modified": "2015-12-22T13:48:04.000Z",
|
|
"description": "- Xchecked via VT: 55aad2c3a602a4c23413849ca7902262",
|
|
"pattern": "[file:hashes.SHA256 = 'ad640d097290885cb271c9377bbe59744c74c3e33c8a90476c3f842b85ac99c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795494-1d78-4451-929f-4cd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:04.000Z",
|
|
"modified": "2015-12-22T13:48:04.000Z",
|
|
"description": "- Xchecked via VT: 55aad2c3a602a4c23413849ca7902262",
|
|
"pattern": "[file:hashes.SHA1 = '0103a39a751ca251b77c0d2626080cdbfbdedf24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795494-bac8-4c1d-9439-47e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:04.000Z",
|
|
"modified": "2015-12-22T13:48:04.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ad640d097290885cb271c9377bbe59744c74c3e33c8a90476c3f842b85ac99c9/analysis/1441284436/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795495-182c-4592-b01e-48f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:05.000Z",
|
|
"modified": "2015-12-22T13:48:05.000Z",
|
|
"description": "- Xchecked via VT: f656709ebd6b4d84f055f9c74350c0b4",
|
|
"pattern": "[file:hashes.SHA256 = '84cc9bf3e0ac011a67780306099c761e05b54db76f287b4ff94064ee2f108291']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795495-c7d8-438e-92b3-4063950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:05.000Z",
|
|
"modified": "2015-12-22T13:48:05.000Z",
|
|
"description": "- Xchecked via VT: f656709ebd6b4d84f055f9c74350c0b4",
|
|
"pattern": "[file:hashes.SHA1 = '6600d31b4c86f883bfd39a19887e42897002019b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795495-3050-4d32-bfb6-4cd3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:05.000Z",
|
|
"modified": "2015-12-22T13:48:05.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/84cc9bf3e0ac011a67780306099c761e05b54db76f287b4ff94064ee2f108291/analysis/1389665840/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795496-17a4-4231-b4de-441e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:06.000Z",
|
|
"modified": "2015-12-22T13:48:06.000Z",
|
|
"description": "- Xchecked via VT: ee0add063f0ea9767aed21890f220994",
|
|
"pattern": "[file:hashes.SHA256 = '7b43b978aeedaa97debea5cf6975dc63537c4189ed370e82f1a15165961d2b65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795496-49a4-4184-9224-4735950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:06.000Z",
|
|
"modified": "2015-12-22T13:48:06.000Z",
|
|
"description": "- Xchecked via VT: ee0add063f0ea9767aed21890f220994",
|
|
"pattern": "[file:hashes.SHA1 = 'f5be06018ee9600f3566203496b30c980ba5b288']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795496-6dc8-49d8-b12c-49f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:06.000Z",
|
|
"modified": "2015-12-22T13:48:06.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7b43b978aeedaa97debea5cf6975dc63537c4189ed370e82f1a15165961d2b65/analysis/1376986191/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795496-ed50-4d7d-a169-4ad9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:06.000Z",
|
|
"modified": "2015-12-22T13:48:06.000Z",
|
|
"description": "- Xchecked via VT: a353a87a7a909d45f91bc99589477402",
|
|
"pattern": "[file:hashes.SHA256 = '3b5bb0b4219297c2ee83653206dc6e969d60e4879915fea896ce3d865b39d67e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795497-61a4-4136-ad17-463d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:07.000Z",
|
|
"modified": "2015-12-22T13:48:07.000Z",
|
|
"description": "- Xchecked via VT: a353a87a7a909d45f91bc99589477402",
|
|
"pattern": "[file:hashes.SHA1 = 'acf79cacae3ae75377889d4bffc44defa9db9d88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795497-d76c-4fe5-8561-41ae950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:07.000Z",
|
|
"modified": "2015-12-22T13:48:07.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3b5bb0b4219297c2ee83653206dc6e969d60e4879915fea896ce3d865b39d67e/analysis/1410140872/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795497-9128-4f06-b0dc-4c15950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:07.000Z",
|
|
"modified": "2015-12-22T13:48:07.000Z",
|
|
"description": "- Xchecked via VT: ae09f2266f7280d3f7f52c076b7fcb94",
|
|
"pattern": "[file:hashes.SHA256 = '7b77b84431b02bccb6fd51812fdacda190cbeab5fe211d5ff2d1b202f64981e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795498-6240-4703-9a59-4a0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:08.000Z",
|
|
"modified": "2015-12-22T13:48:08.000Z",
|
|
"description": "- Xchecked via VT: ae09f2266f7280d3f7f52c076b7fcb94",
|
|
"pattern": "[file:hashes.SHA1 = '764c3e287da5892a018454d99fed52b7630f7085']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795498-22ec-474b-b112-42c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:08.000Z",
|
|
"modified": "2015-12-22T13:48:08.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7b77b84431b02bccb6fd51812fdacda190cbeab5fe211d5ff2d1b202f64981e3/analysis/1389958897/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795498-980c-49a0-8f48-42f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:08.000Z",
|
|
"modified": "2015-12-22T13:48:08.000Z",
|
|
"description": "- Xchecked via VT: c08519230b49ad87bc6aa12933aa0cec",
|
|
"pattern": "[file:hashes.SHA256 = '4554fd639d5fe714dd65894af6fe5f96805f5da26bd0a8437ddb7d8e5c93df7b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795498-c090-46bc-ba89-41e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:08.000Z",
|
|
"modified": "2015-12-22T13:48:08.000Z",
|
|
"description": "- Xchecked via VT: c08519230b49ad87bc6aa12933aa0cec",
|
|
"pattern": "[file:hashes.SHA1 = '95ba7964c1804668b6716600cadf675c441b0585']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795499-9638-471b-86dd-44ae950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:09.000Z",
|
|
"modified": "2015-12-22T13:48:09.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4554fd639d5fe714dd65894af6fe5f96805f5da26bd0a8437ddb7d8e5c93df7b/analysis/1450761559/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795499-8b78-4fe6-8065-4d33950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:09.000Z",
|
|
"modified": "2015-12-22T13:48:09.000Z",
|
|
"description": "- Xchecked via VT: 0b1f2616cbd83a2a1f65ad7da4cfc333",
|
|
"pattern": "[file:hashes.SHA256 = 'c8a06ecabb292cec6473da336c9470b2403c6d301d7733a5a953769f10aa619b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795499-b078-4f48-862e-4666950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:09.000Z",
|
|
"modified": "2015-12-22T13:48:09.000Z",
|
|
"description": "- Xchecked via VT: 0b1f2616cbd83a2a1f65ad7da4cfc333",
|
|
"pattern": "[file:hashes.SHA1 = '591c2bc4ffff04fce8cc2797426648820128a4fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549a-86d0-4928-a400-4b83950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:10.000Z",
|
|
"modified": "2015-12-22T13:48:10.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c8a06ecabb292cec6473da336c9470b2403c6d301d7733a5a953769f10aa619b/analysis/1395393476/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549a-3834-468c-86a0-4adb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:10.000Z",
|
|
"modified": "2015-12-22T13:48:10.000Z",
|
|
"description": "- Xchecked via VT: 8a9172841a883cd0e4ea8944f6759b7f",
|
|
"pattern": "[file:hashes.SHA256 = '86219e8f96bbaf5bfb0b9328c0029b8faea67ad5e3a9d71a9384174d17fb63c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549a-f670-4bff-85ad-4c70950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:10.000Z",
|
|
"modified": "2015-12-22T13:48:10.000Z",
|
|
"description": "- Xchecked via VT: 8a9172841a883cd0e4ea8944f6759b7f",
|
|
"pattern": "[file:hashes.SHA1 = '7e361e6b21096dd36e37dfd0e50c1acbe095a75f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549b-0c58-4c67-8525-4aa3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:11.000Z",
|
|
"modified": "2015-12-22T13:48:11.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/86219e8f96bbaf5bfb0b9328c0029b8faea67ad5e3a9d71a9384174d17fb63c7/analysis/1396123513/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549b-a888-4bcc-a972-41fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:11.000Z",
|
|
"modified": "2015-12-22T13:48:11.000Z",
|
|
"description": "- Xchecked via VT: 9b5d35f629717406b59f682803d8e375",
|
|
"pattern": "[file:hashes.SHA256 = '3b907350afabaa2d7041346d89e72aca04cf70022bb64308eff0edc3451b8ef9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549b-49e4-49a7-803f-4ae9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:11.000Z",
|
|
"modified": "2015-12-22T13:48:11.000Z",
|
|
"description": "- Xchecked via VT: 9b5d35f629717406b59f682803d8e375",
|
|
"pattern": "[file:hashes.SHA1 = 'd58623fbb505aaba25d5947ad600449db86c4481']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549b-0684-4fa2-ad47-49ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:11.000Z",
|
|
"modified": "2015-12-22T13:48:11.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3b907350afabaa2d7041346d89e72aca04cf70022bb64308eff0edc3451b8ef9/analysis/1445535554/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549c-d21c-4259-a670-4e95950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:12.000Z",
|
|
"modified": "2015-12-22T13:48:12.000Z",
|
|
"description": "- Xchecked via VT: e4d884bfa4303032477ddd8f62986b15",
|
|
"pattern": "[file:hashes.SHA256 = '53f3b97ee0bb660e7bc330e08b3304533c56451047826bed8385c2027e885627']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549c-17ac-4e1a-8b79-46c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:12.000Z",
|
|
"modified": "2015-12-22T13:48:12.000Z",
|
|
"description": "- Xchecked via VT: e4d884bfa4303032477ddd8f62986b15",
|
|
"pattern": "[file:hashes.SHA1 = '7cab3fb967aac0b3db570d1b72c7a875d017a647']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549c-38bc-4346-824b-4790950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:12.000Z",
|
|
"modified": "2015-12-22T13:48:12.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/53f3b97ee0bb660e7bc330e08b3304533c56451047826bed8385c2027e885627/analysis/1390312243/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549d-df78-4304-9b79-491c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:13.000Z",
|
|
"modified": "2015-12-22T13:48:13.000Z",
|
|
"description": "- Xchecked via VT: cf31aea415e7013e85d1687a1c0f5daa",
|
|
"pattern": "[file:hashes.SHA256 = '810dd3c5609f726576bd59327156faea0128a7a44d525abd492770d3253f5dfb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549d-10b8-45b2-845d-46b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:13.000Z",
|
|
"modified": "2015-12-22T13:48:13.000Z",
|
|
"description": "- Xchecked via VT: cf31aea415e7013e85d1687a1c0f5daa",
|
|
"pattern": "[file:hashes.SHA1 = '48fb07cc7389469f8c3173fda22aab4500f4c48a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549d-a1e4-4a09-95b3-406d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:13.000Z",
|
|
"modified": "2015-12-22T13:48:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/810dd3c5609f726576bd59327156faea0128a7a44d525abd492770d3253f5dfb/analysis/1418920663/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549d-747c-473a-8630-4636950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:13.000Z",
|
|
"modified": "2015-12-22T13:48:13.000Z",
|
|
"description": "- Xchecked via VT: 103389c08622c1a07ecf62163e0b8fef",
|
|
"pattern": "[file:hashes.SHA256 = '261bac1d9993c3a0f9bb67b94265f209d4bb2d45215a27a217f7fd64c077373b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549e-42e8-4823-8ecc-4d52950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:14.000Z",
|
|
"modified": "2015-12-22T13:48:14.000Z",
|
|
"description": "- Xchecked via VT: 103389c08622c1a07ecf62163e0b8fef",
|
|
"pattern": "[file:hashes.SHA1 = '102baf87934e4811d841586a29932f5c8d751411']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549e-722c-48f2-bb6b-4520950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:14.000Z",
|
|
"modified": "2015-12-22T13:48:14.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/261bac1d9993c3a0f9bb67b94265f209d4bb2d45215a27a217f7fd64c077373b/analysis/1393852172/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549e-2d78-4f99-8c90-466f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:14.000Z",
|
|
"modified": "2015-12-22T13:48:14.000Z",
|
|
"description": "- Xchecked via VT: 646e6d1d625b0925b2737f28fde8c4c1",
|
|
"pattern": "[file:hashes.SHA256 = '959402466ac69774f9b6c0ab0b6de46a43c1405a0c80357615df624cae7b3b3e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549f-e004-4a82-95dd-4b48950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:15.000Z",
|
|
"modified": "2015-12-22T13:48:15.000Z",
|
|
"description": "- Xchecked via VT: 646e6d1d625b0925b2737f28fde8c4c1",
|
|
"pattern": "[file:hashes.SHA1 = 'd9b43c9ab603a24d1b4abc3f9d3387cceca9cf70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549f-6688-4fe0-8bc1-4c22950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:15.000Z",
|
|
"modified": "2015-12-22T13:48:15.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/959402466ac69774f9b6c0ab0b6de46a43c1405a0c80357615df624cae7b3b3e/analysis/1385333839/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679549f-cb1c-41e9-87d1-4ea1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:15.000Z",
|
|
"modified": "2015-12-22T13:48:15.000Z",
|
|
"description": "- Xchecked via VT: 11d8412d989b61d86dfa689e9e7ff3dc",
|
|
"pattern": "[file:hashes.SHA256 = 'f5dc7f55d6a4f1f95f17689c71daac847d5c62a08a0c21436301e3335fabd1de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a0-6500-4beb-91a1-4fde950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:16.000Z",
|
|
"modified": "2015-12-22T13:48:16.000Z",
|
|
"description": "- Xchecked via VT: 11d8412d989b61d86dfa689e9e7ff3dc",
|
|
"pattern": "[file:hashes.SHA1 = '9f13f9819fb5e882efd5b39aacf0c3e6bedc82e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a0-b438-4fb4-a868-4d32950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:16.000Z",
|
|
"modified": "2015-12-22T13:48:16.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f5dc7f55d6a4f1f95f17689c71daac847d5c62a08a0c21436301e3335fabd1de/analysis/1415612080/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a0-d174-4741-9130-47ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:16.000Z",
|
|
"modified": "2015-12-22T13:48:16.000Z",
|
|
"description": "- Xchecked via VT: dd92b470a074618565051637a4922473",
|
|
"pattern": "[file:hashes.SHA256 = '655e115f1ee949b12c8da586dda34025f101e01fb33e456da930b98c84176e4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a0-16f0-490f-8ab9-477d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:16.000Z",
|
|
"modified": "2015-12-22T13:48:16.000Z",
|
|
"description": "- Xchecked via VT: dd92b470a074618565051637a4922473",
|
|
"pattern": "[file:hashes.SHA1 = '48eae15ac7a0cbb2780f2c57275308bd75031468']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a1-23c8-48e9-aefb-4376950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:17.000Z",
|
|
"modified": "2015-12-22T13:48:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/655e115f1ee949b12c8da586dda34025f101e01fb33e456da930b98c84176e4c/analysis/1390486199/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a1-bf18-4383-ad78-411b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:17.000Z",
|
|
"modified": "2015-12-22T13:48:17.000Z",
|
|
"description": "- Xchecked via VT: e66206f27270fcd75c0a6a35e3219b85",
|
|
"pattern": "[file:hashes.SHA256 = '394937fdff75f0ef82eb1a7e081fa001aa518dee77e26f435c33b4cbc9d4f469']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a1-40fc-40f0-87c8-4502950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:17.000Z",
|
|
"modified": "2015-12-22T13:48:17.000Z",
|
|
"description": "- Xchecked via VT: e66206f27270fcd75c0a6a35e3219b85",
|
|
"pattern": "[file:hashes.SHA1 = 'a8bbc0282703be71291195d9cd566b99e23355de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a1-2ca8-450b-a6bb-408e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:17.000Z",
|
|
"modified": "2015-12-22T13:48:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/394937fdff75f0ef82eb1a7e081fa001aa518dee77e26f435c33b4cbc9d4f469/analysis/1445791791/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a2-9590-43ca-94d4-4f49950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:18.000Z",
|
|
"modified": "2015-12-22T13:48:18.000Z",
|
|
"description": "- Xchecked via VT: 7d290b1298b32cb15e5e4d6298d3e224",
|
|
"pattern": "[file:hashes.SHA256 = '50059196f1f9250127211636fb7fc2c57b40ee519668bbd674ca06d9f6c636d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a2-5c6c-4446-a3fe-41d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:18.000Z",
|
|
"modified": "2015-12-22T13:48:18.000Z",
|
|
"description": "- Xchecked via VT: 7d290b1298b32cb15e5e4d6298d3e224",
|
|
"pattern": "[file:hashes.SHA1 = '7a0843f21abb8ec36068d97595bda1428605693e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a2-a058-400f-9753-4951950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:18.000Z",
|
|
"modified": "2015-12-22T13:48:18.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/50059196f1f9250127211636fb7fc2c57b40ee519668bbd674ca06d9f6c636d9/analysis/1379244451/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a3-4754-4f48-bcba-4caf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:19.000Z",
|
|
"modified": "2015-12-22T13:48:19.000Z",
|
|
"description": "- Xchecked via VT: 09c6a265618fd49c99878cf97279c393",
|
|
"pattern": "[file:hashes.SHA256 = '15f5f5e5b108428d01f636b36fa42135546c8bf76cacc59c64b20b1f64301181']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a3-0018-4020-8e19-4deb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:19.000Z",
|
|
"modified": "2015-12-22T13:48:19.000Z",
|
|
"description": "- Xchecked via VT: 09c6a265618fd49c99878cf97279c393",
|
|
"pattern": "[file:hashes.SHA1 = 'ee3a9f400019e860e3e1395999209734314cd98c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a3-5500-424c-a461-45ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:19.000Z",
|
|
"modified": "2015-12-22T13:48:19.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/15f5f5e5b108428d01f636b36fa42135546c8bf76cacc59c64b20b1f64301181/analysis/1344220454/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a3-3d78-4bfc-b80f-4240950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:19.000Z",
|
|
"modified": "2015-12-22T13:48:19.000Z",
|
|
"description": "- Xchecked via VT: a1c37296fb70a67c763969ee4654c6b0",
|
|
"pattern": "[file:hashes.SHA256 = 'ce7bbd37e7d6c5b6ac385f83fd274818c22f128e2101ce033a36f14604f114d5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a4-ea8c-438d-bf10-4e2e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:20.000Z",
|
|
"modified": "2015-12-22T13:48:20.000Z",
|
|
"description": "- Xchecked via VT: a1c37296fb70a67c763969ee4654c6b0",
|
|
"pattern": "[file:hashes.SHA1 = '6ea224dabb5069798d7cd46bb60bb220d65e65b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a4-db74-4b8d-99a9-4a64950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:20.000Z",
|
|
"modified": "2015-12-22T13:48:20.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ce7bbd37e7d6c5b6ac385f83fd274818c22f128e2101ce033a36f14604f114d5/analysis/1443121809/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a4-9aa8-4144-b7df-4cc6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:20.000Z",
|
|
"modified": "2015-12-22T13:48:20.000Z",
|
|
"description": "- Xchecked via VT: 19ccc6f126a7059e9362c48fef40f47a",
|
|
"pattern": "[file:hashes.SHA256 = 'a020e05b529020f561a530183f4797e60037071d952e667cdccf9c8299857716']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a5-19e4-41d4-b018-4aec950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:21.000Z",
|
|
"modified": "2015-12-22T13:48:21.000Z",
|
|
"description": "- Xchecked via VT: 19ccc6f126a7059e9362c48fef40f47a",
|
|
"pattern": "[file:hashes.SHA1 = 'c93954f4f969ce051f5c733f2c9cbd6efc7f9eb7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a5-1340-47a8-be77-495d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:21.000Z",
|
|
"modified": "2015-12-22T13:48:21.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a020e05b529020f561a530183f4797e60037071d952e667cdccf9c8299857716/analysis/1399087069/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a5-ed20-46b0-8b88-47d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:21.000Z",
|
|
"modified": "2015-12-22T13:48:21.000Z",
|
|
"description": "- Xchecked via VT: cf229bf780bb0fa2fbef5f13b2886365",
|
|
"pattern": "[file:hashes.SHA256 = 'accbdea692b79e176e913561f89c4dd7e2f051aa68f7e44720824d8066d731b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a5-7940-4678-bf54-4450950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:21.000Z",
|
|
"modified": "2015-12-22T13:48:21.000Z",
|
|
"description": "- Xchecked via VT: cf229bf780bb0fa2fbef5f13b2886365",
|
|
"pattern": "[file:hashes.SHA1 = '99343f1a9e3b146202fd13a1dff8c80e7359fd37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a6-f2e0-4b54-8709-4988950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:22.000Z",
|
|
"modified": "2015-12-22T13:48:22.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/accbdea692b79e176e913561f89c4dd7e2f051aa68f7e44720824d8066d731b6/analysis/1390205597/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a6-8614-47f1-98ad-41e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:22.000Z",
|
|
"modified": "2015-12-22T13:48:22.000Z",
|
|
"description": "- Xchecked via VT: a0a29901cb45502e5b4fc1c917627905",
|
|
"pattern": "[file:hashes.SHA256 = 'ef7c39d4a930d6898005005fba39d0aaf1b71f9e70f63433f08451531be093a4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a6-ed7c-4bcb-8399-4314950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:22.000Z",
|
|
"modified": "2015-12-22T13:48:22.000Z",
|
|
"description": "- Xchecked via VT: a0a29901cb45502e5b4fc1c917627905",
|
|
"pattern": "[file:hashes.SHA1 = '05f4b72ad673b3f4e65786e6e33965f575615ce4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a7-7870-4015-9ca6-4594950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:23.000Z",
|
|
"modified": "2015-12-22T13:48:23.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ef7c39d4a930d6898005005fba39d0aaf1b71f9e70f63433f08451531be093a4/analysis/1392443427/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a7-bbf4-4480-8aba-47ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:23.000Z",
|
|
"modified": "2015-12-22T13:48:23.000Z",
|
|
"description": "- Xchecked via VT: 08e8016e7a4f9afd2d254cf0fc776381",
|
|
"pattern": "[file:hashes.SHA256 = '265ef817f9ea1b22fe309844baa00f5c9d7498a7217314f65d3a32f2cf099f0c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a7-f79c-455b-9183-4397950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:23.000Z",
|
|
"modified": "2015-12-22T13:48:23.000Z",
|
|
"description": "- Xchecked via VT: 08e8016e7a4f9afd2d254cf0fc776381",
|
|
"pattern": "[file:hashes.SHA1 = 'b1c8a0bafe903bf1a52c352ae020cdf5b95384d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a8-70d4-4156-86ba-41a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:24.000Z",
|
|
"modified": "2015-12-22T13:48:24.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/265ef817f9ea1b22fe309844baa00f5c9d7498a7217314f65d3a32f2cf099f0c/analysis/1414086185/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a8-67bc-4af2-8f5c-417e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:24.000Z",
|
|
"modified": "2015-12-22T13:48:24.000Z",
|
|
"description": "- Xchecked via VT: 61240ce0875b0e8ecace1196c942ca75",
|
|
"pattern": "[file:hashes.SHA256 = '3d4e7c1caee88f0587a36a24876a373eb5ecd0eb5685da29438509ab104dcfff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a8-d380-44c9-884c-4a70950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:24.000Z",
|
|
"modified": "2015-12-22T13:48:24.000Z",
|
|
"description": "- Xchecked via VT: 61240ce0875b0e8ecace1196c942ca75",
|
|
"pattern": "[file:hashes.SHA1 = 'e342ca4ce7a0c02937d693ab832aa7b2d0d18155']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a8-bde8-4e57-a143-4ab2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:24.000Z",
|
|
"modified": "2015-12-22T13:48:24.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3d4e7c1caee88f0587a36a24876a373eb5ecd0eb5685da29438509ab104dcfff/analysis/1445541148/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a9-673c-4d82-a275-4f39950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:25.000Z",
|
|
"modified": "2015-12-22T13:48:25.000Z",
|
|
"description": "- Xchecked via VT: 48621c75d5b974801e3a76599002f020",
|
|
"pattern": "[file:hashes.SHA256 = '37d983e0d28eaa136d68acbb280700e3d5440cd19acca0fcc71be6c21abc7f39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a9-e528-400a-9bf6-4a42950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:25.000Z",
|
|
"modified": "2015-12-22T13:48:25.000Z",
|
|
"description": "- Xchecked via VT: 48621c75d5b974801e3a76599002f020",
|
|
"pattern": "[file:hashes.SHA1 = '4518935ea049d447897a00b50f88c29d1e67c794']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954a9-d644-4ff7-bcc9-422f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:25.000Z",
|
|
"modified": "2015-12-22T13:48:25.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/37d983e0d28eaa136d68acbb280700e3d5440cd19acca0fcc71be6c21abc7f39/analysis/1445887623/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954aa-e414-4034-b084-4341950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:26.000Z",
|
|
"modified": "2015-12-22T13:48:26.000Z",
|
|
"description": "- Xchecked via VT: 1744ec4fea19742ec9ba187bb964a72c",
|
|
"pattern": "[file:hashes.SHA256 = '4e681ec141fdf88c48ff15e55202f97e0332f335a8d843b7944a3a24ee311580']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954aa-a064-4196-aa73-4af8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:26.000Z",
|
|
"modified": "2015-12-22T13:48:26.000Z",
|
|
"description": "- Xchecked via VT: 1744ec4fea19742ec9ba187bb964a72c",
|
|
"pattern": "[file:hashes.SHA1 = '999b3992fb996689bebb2afe6886b0fbfbb77a86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954aa-9924-41ab-8339-400e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:26.000Z",
|
|
"modified": "2015-12-22T13:48:26.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4e681ec141fdf88c48ff15e55202f97e0332f335a8d843b7944a3a24ee311580/analysis/1421800468/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954aa-3b94-4b03-aa28-4b53950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:26.000Z",
|
|
"modified": "2015-12-22T13:48:26.000Z",
|
|
"description": "- Xchecked via VT: a8cde5ea57385e590f39e8023ce39f80",
|
|
"pattern": "[file:hashes.SHA256 = '5f7684976dcf927df27a96716f9059824d333df77fcbbc032ceb6bcd51c3f44b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ab-4ed4-44c8-9cb8-4773950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:27.000Z",
|
|
"modified": "2015-12-22T13:48:27.000Z",
|
|
"description": "- Xchecked via VT: a8cde5ea57385e590f39e8023ce39f80",
|
|
"pattern": "[file:hashes.SHA1 = '4595bb5273bd9d4bd4f33a19490bc664cb9e6b4b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ab-dce8-44eb-b203-43a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:27.000Z",
|
|
"modified": "2015-12-22T13:48:27.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/5f7684976dcf927df27a96716f9059824d333df77fcbbc032ceb6bcd51c3f44b/analysis/1374369562/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ab-cdb8-4f41-8f8f-41ae950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:27.000Z",
|
|
"modified": "2015-12-22T13:48:27.000Z",
|
|
"description": "- Xchecked via VT: a73a28c07e1aa5208afa60780aa75251",
|
|
"pattern": "[file:hashes.SHA256 = '68882bb61b9fef98b23a72083eda92b23f5c84cb739b6162da627a34e0e930a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ac-993c-4a73-b6f7-40b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:28.000Z",
|
|
"modified": "2015-12-22T13:48:28.000Z",
|
|
"description": "- Xchecked via VT: a73a28c07e1aa5208afa60780aa75251",
|
|
"pattern": "[file:hashes.SHA1 = 'b0427ac816112a761ce954e55e774427b71619fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ac-6590-49ec-b2e6-4dbb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:28.000Z",
|
|
"modified": "2015-12-22T13:48:28.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/68882bb61b9fef98b23a72083eda92b23f5c84cb739b6162da627a34e0e930a9/analysis/1399601880/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ac-eb98-4c3a-9978-426e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:28.000Z",
|
|
"modified": "2015-12-22T13:48:28.000Z",
|
|
"description": "- Xchecked via VT: de6c80d5e5e366676a355e91c2bdfd78",
|
|
"pattern": "[file:hashes.SHA256 = 'e31962b2dd301354e4f154b962f2d10edbc5aa5f4dd63d3566060e9ebfbdc41d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ad-4b54-4e99-a350-4f92950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:29.000Z",
|
|
"modified": "2015-12-22T13:48:29.000Z",
|
|
"description": "- Xchecked via VT: de6c80d5e5e366676a355e91c2bdfd78",
|
|
"pattern": "[file:hashes.SHA1 = '111c1b8ae62487b4ebe3c5f7a18e51d6ba148acc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ad-462c-44d0-87d8-4e3d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:29.000Z",
|
|
"modified": "2015-12-22T13:48:29.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e31962b2dd301354e4f154b962f2d10edbc5aa5f4dd63d3566060e9ebfbdc41d/analysis/1445907497/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ad-d594-425b-b71b-47fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:29.000Z",
|
|
"modified": "2015-12-22T13:48:29.000Z",
|
|
"description": "- Xchecked via VT: 16fabe48278f84f8ae1bc682a3bd71d7",
|
|
"pattern": "[file:hashes.SHA256 = 'd8259073a5f3f0019bd5047fcb5149c0450ff8a6743f3e415db491389edc5344']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ad-4aa8-4cf0-be48-402a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:29.000Z",
|
|
"modified": "2015-12-22T13:48:29.000Z",
|
|
"description": "- Xchecked via VT: 16fabe48278f84f8ae1bc682a3bd71d7",
|
|
"pattern": "[file:hashes.SHA1 = '7752b95167e93792d40ba948bc3682c4b952b32f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ae-c21c-4a6f-96e6-44cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:30.000Z",
|
|
"modified": "2015-12-22T13:48:30.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/d8259073a5f3f0019bd5047fcb5149c0450ff8a6743f3e415db491389edc5344/analysis/1450130193/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ae-61d0-4ee5-8631-4129950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:30.000Z",
|
|
"modified": "2015-12-22T13:48:30.000Z",
|
|
"description": "- Xchecked via VT: fdfde63d2d8e925d5769ad47c533611f",
|
|
"pattern": "[file:hashes.SHA256 = 'de11f936141c6be29b37eba7cd10c9bb9562c853eeb74b10e68333a95ca9ba7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ae-5854-480b-8e81-4e7f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:30.000Z",
|
|
"modified": "2015-12-22T13:48:30.000Z",
|
|
"description": "- Xchecked via VT: fdfde63d2d8e925d5769ad47c533611f",
|
|
"pattern": "[file:hashes.SHA1 = '3536f00e2090f61c4e1d16e5b0c28d82d143534c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954af-8bec-42b4-9786-4298950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:31.000Z",
|
|
"modified": "2015-12-22T13:48:31.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/de11f936141c6be29b37eba7cd10c9bb9562c853eeb74b10e68333a95ca9ba7d/analysis/1398161394/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954af-24bc-4697-a512-425d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:31.000Z",
|
|
"modified": "2015-12-22T13:48:31.000Z",
|
|
"description": "- Xchecked via VT: 05f3b8a52f58c3cdda4e64c4879e7074",
|
|
"pattern": "[file:hashes.SHA256 = '790b2193e93cbda5e6d67d4a6e64e13f303732589c8e214604e433679ab09631']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954af-1fb0-4cc5-b6ca-4d20950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:31.000Z",
|
|
"modified": "2015-12-22T13:48:31.000Z",
|
|
"description": "- Xchecked via VT: 05f3b8a52f58c3cdda4e64c4879e7074",
|
|
"pattern": "[file:hashes.SHA1 = 'fefe4db8c2a1d8f461c4eaafed1e7cc25e203ce9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b0-3ca0-41cd-844a-402e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:32.000Z",
|
|
"modified": "2015-12-22T13:48:32.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/790b2193e93cbda5e6d67d4a6e64e13f303732589c8e214604e433679ab09631/analysis/1392187349/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b0-ad50-465b-b098-4278950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:32.000Z",
|
|
"modified": "2015-12-22T13:48:32.000Z",
|
|
"description": "- Xchecked via VT: 7a3bb4637866716e374911499ba36a17",
|
|
"pattern": "[file:hashes.SHA256 = 'de18b36243c257e5c86c53ab5414c98c7e017a5c9da007d9bf69f82b5c932349']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b0-1df4-4df6-9d28-47bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:32.000Z",
|
|
"modified": "2015-12-22T13:48:32.000Z",
|
|
"description": "- Xchecked via VT: 7a3bb4637866716e374911499ba36a17",
|
|
"pattern": "[file:hashes.SHA1 = '41939eb1363b94fff96a25c356a203811364d6d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b0-4f50-440e-9e4b-4b19950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:32.000Z",
|
|
"modified": "2015-12-22T13:48:32.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/de18b36243c257e5c86c53ab5414c98c7e017a5c9da007d9bf69f82b5c932349/analysis/1425185713/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b1-6d80-4a26-8025-4e2f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:33.000Z",
|
|
"modified": "2015-12-22T13:48:33.000Z",
|
|
"description": "- Xchecked via VT: b2853010fa7ee2e6057d5c7e89ed4e60",
|
|
"pattern": "[file:hashes.SHA256 = '82cdf86a3c7273d990a0c35e31d3823d9bbe64b791b8797b506166719fbd07b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b1-4780-45fb-a078-4e90950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:33.000Z",
|
|
"modified": "2015-12-22T13:48:33.000Z",
|
|
"description": "- Xchecked via VT: b2853010fa7ee2e6057d5c7e89ed4e60",
|
|
"pattern": "[file:hashes.SHA1 = 'fb9713a45171c00cf0d4488874b5986f8cd212f6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b1-b038-464b-9fc6-4c42950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:33.000Z",
|
|
"modified": "2015-12-22T13:48:33.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/82cdf86a3c7273d990a0c35e31d3823d9bbe64b791b8797b506166719fbd07b9/analysis/1450281250/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b2-f0c0-468e-9282-44d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:34.000Z",
|
|
"modified": "2015-12-22T13:48:34.000Z",
|
|
"description": "- Xchecked via VT: 941eda82b23d0466ad1989f056a2b8c2",
|
|
"pattern": "[file:hashes.SHA256 = 'e3a81867a782b4585a1c5244fec5f1d538a52136e3da84fdc64a6e84a6f70c1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b2-e67c-46e7-aca8-4d9b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:34.000Z",
|
|
"modified": "2015-12-22T13:48:34.000Z",
|
|
"description": "- Xchecked via VT: 941eda82b23d0466ad1989f056a2b8c2",
|
|
"pattern": "[file:hashes.SHA1 = 'db8ebf0444fa81f29ed286834a91dee34670f1bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b2-9b0c-40fc-a191-4d5b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:34.000Z",
|
|
"modified": "2015-12-22T13:48:34.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e3a81867a782b4585a1c5244fec5f1d538a52136e3da84fdc64a6e84a6f70c1c/analysis/1376167575/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b2-0e80-4985-ba31-44a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:34.000Z",
|
|
"modified": "2015-12-22T13:48:34.000Z",
|
|
"description": "- Xchecked via VT: 69e6900cd860737eeba9b2b3bf0d71b4",
|
|
"pattern": "[file:hashes.SHA256 = '17879cf9b96782e6950deebd3a98cfdc5d8eb779567b94747ee3e29a6a0ea84c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b3-4368-4614-be59-4999950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:35.000Z",
|
|
"modified": "2015-12-22T13:48:35.000Z",
|
|
"description": "- Xchecked via VT: 69e6900cd860737eeba9b2b3bf0d71b4",
|
|
"pattern": "[file:hashes.SHA1 = '5dcd4a3260313bb9819168e3dad857d0f820154b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b3-ffdc-4d12-af53-4ed8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:35.000Z",
|
|
"modified": "2015-12-22T13:48:35.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/17879cf9b96782e6950deebd3a98cfdc5d8eb779567b94747ee3e29a6a0ea84c/analysis/1437371052/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b3-c7cc-4165-b90f-4439950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:35.000Z",
|
|
"modified": "2015-12-22T13:48:35.000Z",
|
|
"description": "- Xchecked via VT: 8e4626c9890d2b4702b746dfec2e5449",
|
|
"pattern": "[file:hashes.SHA256 = '28c059fad6e24f143e78661c8e97bac536ecf6cee2bf9e92299861901211cb92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b4-ba28-4ea5-a2d4-4dec950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:36.000Z",
|
|
"modified": "2015-12-22T13:48:36.000Z",
|
|
"description": "- Xchecked via VT: 8e4626c9890d2b4702b746dfec2e5449",
|
|
"pattern": "[file:hashes.SHA1 = 'd9b3470b29742a5ea106605f900b0e34900321c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b4-cd78-427f-9dca-4e7e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:36.000Z",
|
|
"modified": "2015-12-22T13:48:36.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/28c059fad6e24f143e78661c8e97bac536ecf6cee2bf9e92299861901211cb92/analysis/1450705367/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b4-f930-452b-9356-40b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:36.000Z",
|
|
"modified": "2015-12-22T13:48:36.000Z",
|
|
"description": "- Xchecked via VT: 0ad7a80aa8af8e8bd31706da6402833b",
|
|
"pattern": "[file:hashes.SHA256 = 'ae42e929684533bcfba694fb821d73817ead9131a47448cfa44d9b2da68a712a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b5-6698-4c22-99a6-4638950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:37.000Z",
|
|
"modified": "2015-12-22T13:48:37.000Z",
|
|
"description": "- Xchecked via VT: 0ad7a80aa8af8e8bd31706da6402833b",
|
|
"pattern": "[file:hashes.SHA1 = '34f65be8eca2e6c77e9c628cf01bf3ccb3de90b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b5-4d58-42bc-a7c3-427d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:37.000Z",
|
|
"modified": "2015-12-22T13:48:37.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ae42e929684533bcfba694fb821d73817ead9131a47448cfa44d9b2da68a712a/analysis/1391747819/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b5-f27c-4bf7-9d84-422a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:37.000Z",
|
|
"modified": "2015-12-22T13:48:37.000Z",
|
|
"description": "- Xchecked via VT: ca7c977b5b315dd62b0189f2619764db",
|
|
"pattern": "[file:hashes.SHA256 = 'c6d90ced12fb16ca9ae112787ce6d29379b06e0ba0a90595e337c07453a571fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b5-1284-45c2-bcff-4054950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:37.000Z",
|
|
"modified": "2015-12-22T13:48:37.000Z",
|
|
"description": "- Xchecked via VT: ca7c977b5b315dd62b0189f2619764db",
|
|
"pattern": "[file:hashes.SHA1 = '42ce52b22e5017990660148ba6c5ff0097c5af01']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b6-1440-4a2f-ac98-4aa8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:38.000Z",
|
|
"modified": "2015-12-22T13:48:38.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c6d90ced12fb16ca9ae112787ce6d29379b06e0ba0a90595e337c07453a571fa/analysis/1445881085/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b6-cd10-48e4-9c50-4db2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:38.000Z",
|
|
"modified": "2015-12-22T13:48:38.000Z",
|
|
"description": "- Xchecked via VT: 56dc140ed4958b28a16d7c9f38208a60",
|
|
"pattern": "[file:hashes.SHA256 = 'c05416d90c18810e4cac40a9a941b60a3c15f32111aed07f4d605bc30943b6b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b6-3588-4aa5-a1d9-491e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:38.000Z",
|
|
"modified": "2015-12-22T13:48:38.000Z",
|
|
"description": "- Xchecked via VT: 56dc140ed4958b28a16d7c9f38208a60",
|
|
"pattern": "[file:hashes.SHA1 = '5bd93f370cdfb9b99bf94eeb12d7f843dedb2518']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b7-80c8-4e78-ad0c-4949950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:39.000Z",
|
|
"modified": "2015-12-22T13:48:39.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c05416d90c18810e4cac40a9a941b60a3c15f32111aed07f4d605bc30943b6b3/analysis/1446036299/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b7-2a94-4ab7-8b83-43c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:39.000Z",
|
|
"modified": "2015-12-22T13:48:39.000Z",
|
|
"description": "- Xchecked via VT: 50fd967b39315d95f02127a2f05f6326",
|
|
"pattern": "[file:hashes.SHA256 = '8271d841b9971f04d6a48804d06ecd7185d71ed8546988b1697fbe01741a8572']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b7-e3b4-40d2-b4c6-45c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:39.000Z",
|
|
"modified": "2015-12-22T13:48:39.000Z",
|
|
"description": "- Xchecked via VT: 50fd967b39315d95f02127a2f05f6326",
|
|
"pattern": "[file:hashes.SHA1 = '0097c1420f7b36e284de3e5c261e750572d09bc3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b7-6858-46c0-8243-4fe7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:39.000Z",
|
|
"modified": "2015-12-22T13:48:39.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8271d841b9971f04d6a48804d06ecd7185d71ed8546988b1697fbe01741a8572/analysis/1450704194/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b8-b544-4295-9eb0-48bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:40.000Z",
|
|
"modified": "2015-12-22T13:48:40.000Z",
|
|
"description": "- Xchecked via VT: 9de13a76b62fb62c75323d116008b1e3",
|
|
"pattern": "[file:hashes.SHA256 = '067aabc3c6e6424d967f45eb2fe0bd36b79d5e31745a308f77b75f763a441fa5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b8-0240-4fd8-b9f5-4e14950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:40.000Z",
|
|
"modified": "2015-12-22T13:48:40.000Z",
|
|
"description": "- Xchecked via VT: 9de13a76b62fb62c75323d116008b1e3",
|
|
"pattern": "[file:hashes.SHA1 = '86db2db4c682a64ee5d0cdb3b7ed15228f454626']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b8-152c-4344-84c2-4cb8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:40.000Z",
|
|
"modified": "2015-12-22T13:48:40.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/067aabc3c6e6424d967f45eb2fe0bd36b79d5e31745a308f77b75f763a441fa5/analysis/1376166868/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b9-2864-4dae-ba40-41c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:41.000Z",
|
|
"modified": "2015-12-22T13:48:41.000Z",
|
|
"description": "- Xchecked via VT: 5ae600173c041561af8f231f64091251",
|
|
"pattern": "[file:hashes.SHA256 = '41586ecb2ebad02d2ab488a24b1ecb489bae8b7c0ed69dc6600849466610035a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b9-a378-4210-ad2a-47e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:41.000Z",
|
|
"modified": "2015-12-22T13:48:41.000Z",
|
|
"description": "- Xchecked via VT: 5ae600173c041561af8f231f64091251",
|
|
"pattern": "[file:hashes.SHA1 = 'e8cebf71eca04725f430e173a7e1805b49038124']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b9-f588-4575-9b8f-4faa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:41.000Z",
|
|
"modified": "2015-12-22T13:48:41.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/41586ecb2ebad02d2ab488a24b1ecb489bae8b7c0ed69dc6600849466610035a/analysis/1376199660/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954b9-b5b0-4c8f-8963-408d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:41.000Z",
|
|
"modified": "2015-12-22T13:48:41.000Z",
|
|
"description": "- Xchecked via VT: 239516bac7a2ffc935623ebb68c4e3ec",
|
|
"pattern": "[file:hashes.SHA256 = '3131890d4a0abf93daff060421b45c3e6a2c32295015af02918524b746333be4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ba-e844-4a7d-a64b-494a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:42.000Z",
|
|
"modified": "2015-12-22T13:48:42.000Z",
|
|
"description": "- Xchecked via VT: 239516bac7a2ffc935623ebb68c4e3ec",
|
|
"pattern": "[file:hashes.SHA1 = '11429d10a0a3bc93dbe44ae39372001a25dd6b3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ba-7d20-48a1-9913-4040950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:42.000Z",
|
|
"modified": "2015-12-22T13:48:42.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3131890d4a0abf93daff060421b45c3e6a2c32295015af02918524b746333be4/analysis/1417743005/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ba-565c-40b9-ab28-4f68950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:42.000Z",
|
|
"modified": "2015-12-22T13:48:42.000Z",
|
|
"description": "- Xchecked via VT: 0b508f428382385f005dee8989711773",
|
|
"pattern": "[file:hashes.SHA256 = '29842e1910915d646d2673cdf87742c948fc8ca0baa889a2b26aa2a89f5e6f18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bb-f36c-49ff-b9cc-4874950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:43.000Z",
|
|
"modified": "2015-12-22T13:48:43.000Z",
|
|
"description": "- Xchecked via VT: 0b508f428382385f005dee8989711773",
|
|
"pattern": "[file:hashes.SHA1 = '373f15e1a024a337817a9528a75afce29ac53652']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bb-25d8-4292-85a3-4b58950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:43.000Z",
|
|
"modified": "2015-12-22T13:48:43.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/29842e1910915d646d2673cdf87742c948fc8ca0baa889a2b26aa2a89f5e6f18/analysis/1447090075/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bb-aa7c-4283-aff3-43ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:43.000Z",
|
|
"modified": "2015-12-22T13:48:43.000Z",
|
|
"description": "- Xchecked via VT: 547c63d9df4818896e60b64031989230",
|
|
"pattern": "[file:hashes.SHA256 = 'c4a3e62535139bb9f76ea08ad748ec70d62aebad50d459bfe759ebafb9f20f43']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bb-36b8-4eb0-b991-4cfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:43.000Z",
|
|
"modified": "2015-12-22T13:48:43.000Z",
|
|
"description": "- Xchecked via VT: 547c63d9df4818896e60b64031989230",
|
|
"pattern": "[file:hashes.SHA1 = '6704019c9c66d403359f93be3a3ba88e3a261eb8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bc-b11c-4b78-8af6-40c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:44.000Z",
|
|
"modified": "2015-12-22T13:48:44.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c4a3e62535139bb9f76ea08ad748ec70d62aebad50d459bfe759ebafb9f20f43/analysis/1443334239/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bc-a740-424d-b6a7-40e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:44.000Z",
|
|
"modified": "2015-12-22T13:48:44.000Z",
|
|
"description": "- Xchecked via VT: 8455bbb9a210ce603a1b646b0d951bce",
|
|
"pattern": "[file:hashes.SHA256 = '3d362ba0c4bc06b69a3a908bc62a50a2a673c10060f4b9268b8641536b43c5ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bc-4ae4-45f7-9214-462f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:44.000Z",
|
|
"modified": "2015-12-22T13:48:44.000Z",
|
|
"description": "- Xchecked via VT: 8455bbb9a210ce603a1b646b0d951bce",
|
|
"pattern": "[file:hashes.SHA1 = '05109f4228b34a598072e82cb48dc91928c0d6bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bd-0370-444d-b343-43b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:45.000Z",
|
|
"modified": "2015-12-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3d362ba0c4bc06b69a3a908bc62a50a2a673c10060f4b9268b8641536b43c5ac/analysis/1427935583/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bd-8fdc-4b57-94c2-4c11950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:45.000Z",
|
|
"modified": "2015-12-22T13:48:45.000Z",
|
|
"description": "- Xchecked via VT: ea6c13a0064fb7f0c55cd8bc6f3b5e44",
|
|
"pattern": "[file:hashes.SHA256 = '2641924086978445c674baaf886295fbdcfb204d9eac9b2ada00ae39798e7100']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bd-3f6c-405d-8778-48ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:45.000Z",
|
|
"modified": "2015-12-22T13:48:45.000Z",
|
|
"description": "- Xchecked via VT: ea6c13a0064fb7f0c55cd8bc6f3b5e44",
|
|
"pattern": "[file:hashes.SHA1 = '118606d8f1bf80f7018539c4e6881d2bb5df992b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954be-2620-4aa1-85b9-4d53950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:46.000Z",
|
|
"modified": "2015-12-22T13:48:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2641924086978445c674baaf886295fbdcfb204d9eac9b2ada00ae39798e7100/analysis/1384638285/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954be-6268-422a-92aa-469c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:46.000Z",
|
|
"modified": "2015-12-22T13:48:46.000Z",
|
|
"description": "- Xchecked via VT: 4b73d2c8f843090d98035437a9f73e6a",
|
|
"pattern": "[file:hashes.SHA256 = 'b06704db80eb59011f73ba3b6a0d0deb1f53624a7ffe4ac36c4d02fc6bbc8f53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954be-9aa8-4693-b137-4a4a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:46.000Z",
|
|
"modified": "2015-12-22T13:48:46.000Z",
|
|
"description": "- Xchecked via VT: 4b73d2c8f843090d98035437a9f73e6a",
|
|
"pattern": "[file:hashes.SHA1 = 'b53cf29c020f7e1158f21153e0aeae45049b469d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954be-c68c-40d5-a26c-4115950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:46.000Z",
|
|
"modified": "2015-12-22T13:48:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b06704db80eb59011f73ba3b6a0d0deb1f53624a7ffe4ac36c4d02fc6bbc8f53/analysis/1428720275/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bf-1c50-48df-819d-4cb6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:47.000Z",
|
|
"modified": "2015-12-22T13:48:47.000Z",
|
|
"description": "- Xchecked via VT: 9ecd4c00ec7538fa89ef692053e54445",
|
|
"pattern": "[file:hashes.SHA256 = '7f53efd38d13b90d256a4096caf36eb6b7b333788bba779ebb25126b05d2ea1a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bf-7298-47f4-989b-4562950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:47.000Z",
|
|
"modified": "2015-12-22T13:48:47.000Z",
|
|
"description": "- Xchecked via VT: 9ecd4c00ec7538fa89ef692053e54445",
|
|
"pattern": "[file:hashes.SHA1 = '4b0a4d6904d51946ac813afcaf606fe3ec20bb12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954bf-a208-476d-80e0-4cde950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:47.000Z",
|
|
"modified": "2015-12-22T13:48:47.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7f53efd38d13b90d256a4096caf36eb6b7b333788bba779ebb25126b05d2ea1a/analysis/1445746250/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c0-4564-4b1a-8ded-47e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:48.000Z",
|
|
"modified": "2015-12-22T13:48:48.000Z",
|
|
"description": "- Xchecked via VT: ec643b2c161020e15b1a26df6a0fa2f5",
|
|
"pattern": "[file:hashes.SHA256 = 'cb023c66adfa5c9dade37f93e65bba567d5e913317fd57a3e024f403b7bee7f0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c0-c398-4f0c-bdc0-47fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:48.000Z",
|
|
"modified": "2015-12-22T13:48:48.000Z",
|
|
"description": "- Xchecked via VT: ec643b2c161020e15b1a26df6a0fa2f5",
|
|
"pattern": "[file:hashes.SHA1 = '24d1ead2d647333919c25dec8e01a3b62731c78a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c0-76a4-43ef-8c9d-40bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:48.000Z",
|
|
"modified": "2015-12-22T13:48:48.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/cb023c66adfa5c9dade37f93e65bba567d5e913317fd57a3e024f403b7bee7f0/analysis/1381475231/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c1-b94c-4a56-ad36-49e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:49.000Z",
|
|
"modified": "2015-12-22T13:48:49.000Z",
|
|
"description": "- Xchecked via VT: 07f0b8e30aecd0a9764bf7e6409e1900",
|
|
"pattern": "[file:hashes.SHA256 = 'e382f13833c0cbc673e96c0b8eceaa10590755c997cde745b837393444372889']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c1-0e58-49f6-a53d-4b3d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:49.000Z",
|
|
"modified": "2015-12-22T13:48:49.000Z",
|
|
"description": "- Xchecked via VT: 07f0b8e30aecd0a9764bf7e6409e1900",
|
|
"pattern": "[file:hashes.SHA1 = '31ca407571175132d3f1eed3c009a5f5285e9cf0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c1-db74-407f-91ec-4d22950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:49.000Z",
|
|
"modified": "2015-12-22T13:48:49.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e382f13833c0cbc673e96c0b8eceaa10590755c997cde745b837393444372889/analysis/1445600475/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c1-e75c-4bab-aba3-42b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:49.000Z",
|
|
"modified": "2015-12-22T13:48:49.000Z",
|
|
"description": "- Xchecked via VT: e1a8f36db3e325d8b919c83d1aaf3bcf",
|
|
"pattern": "[file:hashes.SHA256 = '3023412dc38e9040a2f7183f1a7e0248feb6da71073900aa577481f4964825d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c2-283c-4aa2-8960-4a88950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:50.000Z",
|
|
"modified": "2015-12-22T13:48:50.000Z",
|
|
"description": "- Xchecked via VT: e1a8f36db3e325d8b919c83d1aaf3bcf",
|
|
"pattern": "[file:hashes.SHA1 = '71c2890b10442477694ee29d783e243f62f965e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c2-1714-435e-9c08-43b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:50.000Z",
|
|
"modified": "2015-12-22T13:48:50.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3023412dc38e9040a2f7183f1a7e0248feb6da71073900aa577481f4964825d6/analysis/1446038035/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c2-eea4-457b-9710-418d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:50.000Z",
|
|
"modified": "2015-12-22T13:48:50.000Z",
|
|
"description": "- Xchecked via VT: 43a24192d8ef646da200865c7903f7b5",
|
|
"pattern": "[file:hashes.SHA256 = '4d6a534845ac8749630fae2d9a0fc27fdedef820478a30baf8d7bdf55b003f72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c3-b500-4ee3-86ff-4c14950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:51.000Z",
|
|
"modified": "2015-12-22T13:48:51.000Z",
|
|
"description": "- Xchecked via VT: 43a24192d8ef646da200865c7903f7b5",
|
|
"pattern": "[file:hashes.SHA1 = 'b880494c0210e1f349740c363890549f6e18f324']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c3-ce30-4b9b-89a1-4aca950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:51.000Z",
|
|
"modified": "2015-12-22T13:48:51.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4d6a534845ac8749630fae2d9a0fc27fdedef820478a30baf8d7bdf55b003f72/analysis/1424138487/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c3-b3c8-4cb4-8f4f-47e7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:51.000Z",
|
|
"modified": "2015-12-22T13:48:51.000Z",
|
|
"description": "- Xchecked via VT: 57629df000441de42abe4f858c3ab4f2",
|
|
"pattern": "[file:hashes.SHA256 = '63f92a22ed151aab139708ecc6eac74ba54feb02d351d130383147d4ab563e9c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c3-9788-40a7-ae50-4984950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:51.000Z",
|
|
"modified": "2015-12-22T13:48:51.000Z",
|
|
"description": "- Xchecked via VT: 57629df000441de42abe4f858c3ab4f2",
|
|
"pattern": "[file:hashes.SHA1 = '8f9633131cb783e96eb459224b9f8550458a1276']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c4-10b0-4231-b345-430e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:52.000Z",
|
|
"modified": "2015-12-22T13:48:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/63f92a22ed151aab139708ecc6eac74ba54feb02d351d130383147d4ab563e9c/analysis/1376631676/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c4-46ec-4e37-9377-4e71950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:52.000Z",
|
|
"modified": "2015-12-22T13:48:52.000Z",
|
|
"description": "- Xchecked via VT: 8f7c7e87f084eca45b58ea954f8a7103",
|
|
"pattern": "[file:hashes.SHA256 = 'bad24105445eb75ea107c32c8b5d7123cdbae1f0b229b92bee612d9f463ecb87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c4-c5f0-4a9c-b185-45e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:52.000Z",
|
|
"modified": "2015-12-22T13:48:52.000Z",
|
|
"description": "- Xchecked via VT: 8f7c7e87f084eca45b58ea954f8a7103",
|
|
"pattern": "[file:hashes.SHA1 = '4d9365cb29cd394e4bdfb9f756536646f3ca4a28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c4-2b50-457f-a1ea-44a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:52.000Z",
|
|
"modified": "2015-12-22T13:48:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bad24105445eb75ea107c32c8b5d7123cdbae1f0b229b92bee612d9f463ecb87/analysis/1390305225/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c4-2414-4f8a-9d1f-4323950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:52.000Z",
|
|
"modified": "2015-12-22T13:48:52.000Z",
|
|
"description": "- Xchecked via VT: c2f36fb152602166dc3e49cbaa6db86b",
|
|
"pattern": "[file:hashes.SHA256 = 'e35fb14bc6b28bd6baa2e09dd9b515cfa4e7151e4a31a9aa824041e690f4bdea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c5-8d8c-4c61-a282-44e8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:53.000Z",
|
|
"modified": "2015-12-22T13:48:53.000Z",
|
|
"description": "- Xchecked via VT: c2f36fb152602166dc3e49cbaa6db86b",
|
|
"pattern": "[file:hashes.SHA1 = 'a2dfe4340b2ee62a8824a7da510c9beb4328a34a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c5-ecd4-46c0-93ba-450b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:53.000Z",
|
|
"modified": "2015-12-22T13:48:53.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e35fb14bc6b28bd6baa2e09dd9b515cfa4e7151e4a31a9aa824041e690f4bdea/analysis/1445890187/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c5-4c30-4640-a92a-43ab950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:53.000Z",
|
|
"modified": "2015-12-22T13:48:53.000Z",
|
|
"description": "- Xchecked via VT: 3165b7472a9dd45cde49538561cba59f",
|
|
"pattern": "[file:hashes.SHA256 = '402a8e7c29135edeed5936c7b5d3524f095bdab37658999fc3fa636b6b38e027']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c5-831c-4300-89be-4e54950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:53.000Z",
|
|
"modified": "2015-12-22T13:48:53.000Z",
|
|
"description": "- Xchecked via VT: 3165b7472a9dd45cde49538561cba59f",
|
|
"pattern": "[file:hashes.SHA1 = '23eda5538d21e678e32919bf61330be6a7b85866']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c6-be8c-468e-8e13-4dcf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:54.000Z",
|
|
"modified": "2015-12-22T13:48:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/402a8e7c29135edeed5936c7b5d3524f095bdab37658999fc3fa636b6b38e027/analysis/1434003161/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c6-0c78-410c-8826-492c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:54.000Z",
|
|
"modified": "2015-12-22T13:48:54.000Z",
|
|
"description": "- Xchecked via VT: 39a990b0f41b55858adc6f0aef5112ee",
|
|
"pattern": "[file:hashes.SHA256 = '286ceb0249e13cddec2a9c7f5962226b8f5f42f88083ca345cf0089f4943e8e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c6-1a0c-456a-8f05-4233950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:54.000Z",
|
|
"modified": "2015-12-22T13:48:54.000Z",
|
|
"description": "- Xchecked via VT: 39a990b0f41b55858adc6f0aef5112ee",
|
|
"pattern": "[file:hashes.SHA1 = '472030b1f05cf335f49c6ee8ec4ae0460707938c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c6-8538-4df0-92cd-4260950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:54.000Z",
|
|
"modified": "2015-12-22T13:48:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/286ceb0249e13cddec2a9c7f5962226b8f5f42f88083ca345cf0089f4943e8e3/analysis/1410111692/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c7-e760-439b-9ebc-4a8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:55.000Z",
|
|
"modified": "2015-12-22T13:48:55.000Z",
|
|
"description": "- Xchecked via VT: c457c2a63fd6367a5026b2e508f3256c",
|
|
"pattern": "[file:hashes.SHA256 = '57961ed5b9333faa13e546f7b0c07d0355b66e5c3cc7f4635ce0415cc64cfcf6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c7-7a34-4b79-a516-457d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:55.000Z",
|
|
"modified": "2015-12-22T13:48:55.000Z",
|
|
"description": "- Xchecked via VT: c457c2a63fd6367a5026b2e508f3256c",
|
|
"pattern": "[file:hashes.SHA1 = '3f632be4d0e3444e11fc162c177c971e12be7f04']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c7-7d1c-4839-8b6f-4c96950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:55.000Z",
|
|
"modified": "2015-12-22T13:48:55.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/57961ed5b9333faa13e546f7b0c07d0355b66e5c3cc7f4635ce0415cc64cfcf6/analysis/1445748639/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c7-31e8-47ac-a734-47d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:55.000Z",
|
|
"modified": "2015-12-22T13:48:55.000Z",
|
|
"description": "- Xchecked via VT: 6f16024cc940d2b8f20466f204aa81bc",
|
|
"pattern": "[file:hashes.SHA256 = '8bba767d81bb2a87822258aa4022d5aa28b665a0917e1c2545c8b081543acf86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c7-cf0c-4566-a7c3-4efb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:55.000Z",
|
|
"modified": "2015-12-22T13:48:55.000Z",
|
|
"description": "- Xchecked via VT: 6f16024cc940d2b8f20466f204aa81bc",
|
|
"pattern": "[file:hashes.SHA1 = '33d574dfef0462c390dbaae07f1bf9160ae21545']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c8-a89c-45f2-a061-477e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:56.000Z",
|
|
"modified": "2015-12-22T13:48:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8bba767d81bb2a87822258aa4022d5aa28b665a0917e1c2545c8b081543acf86/analysis/1399328074/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c8-3324-4918-9414-4c0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:56.000Z",
|
|
"modified": "2015-12-22T13:48:56.000Z",
|
|
"description": "- Xchecked via VT: 3532e0f9244c0b89e9fe426afc8226cb",
|
|
"pattern": "[file:hashes.SHA256 = '806e96f18f481fc1e8b3d07ed5f3fbd16349754f1e40a4e1f68c3d9bcd55a92d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c8-0528-4840-b685-4364950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:56.000Z",
|
|
"modified": "2015-12-22T13:48:56.000Z",
|
|
"description": "- Xchecked via VT: 3532e0f9244c0b89e9fe426afc8226cb",
|
|
"pattern": "[file:hashes.SHA1 = '9a2a4ecb3b4d83ad2e1955887311f8b4a650f529']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c8-abac-4262-a373-4e9a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:56.000Z",
|
|
"modified": "2015-12-22T13:48:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/806e96f18f481fc1e8b3d07ed5f3fbd16349754f1e40a4e1f68c3d9bcd55a92d/analysis/1263577785/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c9-4334-4c1d-bcff-4ed1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:57.000Z",
|
|
"modified": "2015-12-22T13:48:57.000Z",
|
|
"description": "- Xchecked via VT: fc6e22d85a5ac5d60968a4d1f52f4569",
|
|
"pattern": "[file:hashes.SHA256 = '91609844045aff1a9ba696e68bef42837d26e7de393e8210481bad5621e03da3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c9-13dc-4dac-b29e-4ad3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:57.000Z",
|
|
"modified": "2015-12-22T13:48:57.000Z",
|
|
"description": "- Xchecked via VT: fc6e22d85a5ac5d60968a4d1f52f4569",
|
|
"pattern": "[file:hashes.SHA1 = '208f93c40ee8aca8b80f843692cb12620b193818']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954c9-28d0-404c-a25e-400c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:57.000Z",
|
|
"modified": "2015-12-22T13:48:57.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/91609844045aff1a9ba696e68bef42837d26e7de393e8210481bad5621e03da3/analysis/1448691572/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ca-8288-4377-820e-461b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:58.000Z",
|
|
"modified": "2015-12-22T13:48:58.000Z",
|
|
"description": "- Xchecked via VT: 0006bf8954d005dd54354392bc146c5c",
|
|
"pattern": "[file:hashes.SHA256 = 'fbd83831a4853fc5199584abc47c4bd02972ecc5b99ddf6b4a16ad3b5322f6c5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ca-fbe8-4c27-b376-49aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:58.000Z",
|
|
"modified": "2015-12-22T13:48:58.000Z",
|
|
"description": "- Xchecked via VT: 0006bf8954d005dd54354392bc146c5c",
|
|
"pattern": "[file:hashes.SHA1 = '50c743bd691661db3c4a9fa145ce25b2770ce54e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ca-ba08-4bbd-9e69-4e36950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:58.000Z",
|
|
"modified": "2015-12-22T13:48:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fbd83831a4853fc5199584abc47c4bd02972ecc5b99ddf6b4a16ad3b5322f6c5/analysis/1402621516/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ca-37a4-4b27-beba-4d25950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:58.000Z",
|
|
"modified": "2015-12-22T13:48:58.000Z",
|
|
"description": "- Xchecked via VT: f92f84f1888af1fc272f8db3075d7265",
|
|
"pattern": "[file:hashes.SHA256 = '9b6bccc3af7c578997c08d28848b5d6a8278ce71f6056f750691cfcd59cf1ccc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cb-e7e0-4f06-a6ca-4a4d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:59.000Z",
|
|
"modified": "2015-12-22T13:48:59.000Z",
|
|
"description": "- Xchecked via VT: f92f84f1888af1fc272f8db3075d7265",
|
|
"pattern": "[file:hashes.SHA1 = 'bcc459346c58af92da34ad6e02d2259d392d4507']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cb-24a0-4814-86de-48b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:59.000Z",
|
|
"modified": "2015-12-22T13:48:59.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/9b6bccc3af7c578997c08d28848b5d6a8278ce71f6056f750691cfcd59cf1ccc/analysis/1383584552/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cb-730c-4390-8ae2-4cf2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:48:59.000Z",
|
|
"modified": "2015-12-22T13:48:59.000Z",
|
|
"description": "- Xchecked via VT: 9640eccfd30d456c8013219d0fef5922",
|
|
"pattern": "[file:hashes.SHA256 = '20e6166b228b6d65536f4689521c14da5676d49bd47b378d581081220cecc546']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:48:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cc-26c4-49a6-862d-43e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:00.000Z",
|
|
"modified": "2015-12-22T13:49:00.000Z",
|
|
"description": "- Xchecked via VT: 9640eccfd30d456c8013219d0fef5922",
|
|
"pattern": "[file:hashes.SHA1 = '6cf2f6a1eade4334df67c6889c831b1971669e67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cc-a7ac-45f7-9583-4233950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:00.000Z",
|
|
"modified": "2015-12-22T13:49:00.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/20e6166b228b6d65536f4689521c14da5676d49bd47b378d581081220cecc546/analysis/1448898382/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cc-5aa0-4118-99b9-4243950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:00.000Z",
|
|
"modified": "2015-12-22T13:49:00.000Z",
|
|
"description": "- Xchecked via VT: 49452649f4d8fa9e41e4a7e5df8d9fa1",
|
|
"pattern": "[file:hashes.SHA256 = '23ceae82c7838f806fd077f041ee7a2b2d857f4873df5451a1713d5282607a24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cd-49f8-472b-a62c-4edd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:01.000Z",
|
|
"modified": "2015-12-22T13:49:01.000Z",
|
|
"description": "- Xchecked via VT: 49452649f4d8fa9e41e4a7e5df8d9fa1",
|
|
"pattern": "[file:hashes.SHA1 = 'cdc15a997c94b25179a1418c0941875f316bb869']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cd-8450-4220-a689-46fa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:01.000Z",
|
|
"modified": "2015-12-22T13:49:01.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/23ceae82c7838f806fd077f041ee7a2b2d857f4873df5451a1713d5282607a24/analysis/1377264449/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cd-b82c-4c43-87c2-468d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:01.000Z",
|
|
"modified": "2015-12-22T13:49:01.000Z",
|
|
"description": "- Xchecked via VT: e713142712b31512f78b6877ec962391",
|
|
"pattern": "[file:hashes.SHA256 = '0ebc661236ca655c230524b277c1557f84569809f25ad2afa7277a35ff5b769c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cd-a914-44fe-baf8-4d21950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:01.000Z",
|
|
"modified": "2015-12-22T13:49:01.000Z",
|
|
"description": "- Xchecked via VT: e713142712b31512f78b6877ec962391",
|
|
"pattern": "[file:hashes.SHA1 = '45853de737ad588b67a39d9c89ca710b08578da6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ce-9bb0-422b-b71e-4dd6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:02.000Z",
|
|
"modified": "2015-12-22T13:49:02.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0ebc661236ca655c230524b277c1557f84569809f25ad2afa7277a35ff5b769c/analysis/1445917314/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ce-ab88-4e1e-b046-448a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:02.000Z",
|
|
"modified": "2015-12-22T13:49:02.000Z",
|
|
"description": "- Xchecked via VT: 0baff68ae96e3eba0f72206ee2064303",
|
|
"pattern": "[file:hashes.SHA256 = '6a17d2607ba06829a30412d0f7852f73c3c455f6f791eb7276fe2d8c872f763f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ce-6d48-430f-b5ad-4d05950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:02.000Z",
|
|
"modified": "2015-12-22T13:49:02.000Z",
|
|
"description": "- Xchecked via VT: 0baff68ae96e3eba0f72206ee2064303",
|
|
"pattern": "[file:hashes.SHA1 = 'a29d03c7c13f5ac0aa1915e336e960e3b77647b3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cf-20dc-4844-94e0-4fd6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:03.000Z",
|
|
"modified": "2015-12-22T13:49:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6a17d2607ba06829a30412d0f7852f73c3c455f6f791eb7276fe2d8c872f763f/analysis/1381433000/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cf-a000-408b-ae8a-4259950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:03.000Z",
|
|
"modified": "2015-12-22T13:49:03.000Z",
|
|
"description": "- Xchecked via VT: ca41a8ff03149975c4204f8825e7b654",
|
|
"pattern": "[file:hashes.SHA256 = '604c018e72858abeca364390f3bf7950439e3f164881d570fe8acfd40c2c50a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954cf-6874-4988-9c4d-4827950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:03.000Z",
|
|
"modified": "2015-12-22T13:49:03.000Z",
|
|
"description": "- Xchecked via VT: ca41a8ff03149975c4204f8825e7b654",
|
|
"pattern": "[file:hashes.SHA1 = 'dba7e1ddb112c8d4f604482eb2f35c70928846ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d0-8cfc-44b7-ba08-414b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:03.000Z",
|
|
"modified": "2015-12-22T13:49:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/604c018e72858abeca364390f3bf7950439e3f164881d570fe8acfd40c2c50a3/analysis/1389460242/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d0-6124-455e-b61e-4532950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:04.000Z",
|
|
"modified": "2015-12-22T13:49:04.000Z",
|
|
"description": "- Xchecked via VT: f4742528f99497a1b2c7795083a5b2e2",
|
|
"pattern": "[file:hashes.SHA256 = '632760f5b9a06154739b85ca088d988c3f1c915ea086cabb325e0445450af1a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d0-216c-49d1-bd20-49a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:04.000Z",
|
|
"modified": "2015-12-22T13:49:04.000Z",
|
|
"description": "- Xchecked via VT: f4742528f99497a1b2c7795083a5b2e2",
|
|
"pattern": "[file:hashes.SHA1 = 'c55f4848eb0569c8b0d7d558868b3dd47f88860b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d0-f508-439e-b521-49c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:04.000Z",
|
|
"modified": "2015-12-22T13:49:04.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/632760f5b9a06154739b85ca088d988c3f1c915ea086cabb325e0445450af1a8/analysis/1363349897/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d1-9934-4cf1-bc88-4485950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:05.000Z",
|
|
"modified": "2015-12-22T13:49:05.000Z",
|
|
"description": "- Xchecked via VT: ecab934f18d9b6a9a2be7d28bec6c1c4",
|
|
"pattern": "[file:hashes.SHA256 = '3d464bfb44e30fd9da380cb530e3583acf43cb05738ab3126c4a93fdddce0a12']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d1-2c38-405d-9e9a-4497950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:05.000Z",
|
|
"modified": "2015-12-22T13:49:05.000Z",
|
|
"description": "- Xchecked via VT: ecab934f18d9b6a9a2be7d28bec6c1c4",
|
|
"pattern": "[file:hashes.SHA1 = '943582b15f4c2e5343953042ef220f1e2b446096']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d1-7b58-413f-b31a-4447950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:05.000Z",
|
|
"modified": "2015-12-22T13:49:05.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3d464bfb44e30fd9da380cb530e3583acf43cb05738ab3126c4a93fdddce0a12/analysis/1376231123/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d2-d880-467c-9603-4897950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:06.000Z",
|
|
"modified": "2015-12-22T13:49:06.000Z",
|
|
"description": "- Xchecked via VT: 2db437e3625b732855c39ee4bfc75254",
|
|
"pattern": "[file:hashes.SHA256 = '3a643cc19db8bbfb427f0c450265de1b4fda3a844e672fb4569a74a3931a61ff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d2-5dc4-42f2-9856-428f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:06.000Z",
|
|
"modified": "2015-12-22T13:49:06.000Z",
|
|
"description": "- Xchecked via VT: 2db437e3625b732855c39ee4bfc75254",
|
|
"pattern": "[file:hashes.SHA1 = '29b763761022d14f4ec48c1c336a87ac0a1f10f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d2-b290-4362-a9ac-4d14950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:06.000Z",
|
|
"modified": "2015-12-22T13:49:06.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3a643cc19db8bbfb427f0c450265de1b4fda3a844e672fb4569a74a3931a61ff/analysis/1445825965/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d2-637c-40e0-90fb-4771950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:06.000Z",
|
|
"modified": "2015-12-22T13:49:06.000Z",
|
|
"description": "- Xchecked via VT: ed0665cb1be3e8e42e3435d05fbc7283",
|
|
"pattern": "[file:hashes.SHA256 = '47f99fb9748747f9959d981518af34fd284ae89d5bb6ccd2f82b343f0f1d1230']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d3-7c34-4be9-aa6b-4b40950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:07.000Z",
|
|
"modified": "2015-12-22T13:49:07.000Z",
|
|
"description": "- Xchecked via VT: ed0665cb1be3e8e42e3435d05fbc7283",
|
|
"pattern": "[file:hashes.SHA1 = '14407471aa62472759cfc5c909648121fb69a027']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d3-9cf8-4007-ae96-41a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:07.000Z",
|
|
"modified": "2015-12-22T13:49:07.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/47f99fb9748747f9959d981518af34fd284ae89d5bb6ccd2f82b343f0f1d1230/analysis/1390600170/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d3-2814-4d1e-a88b-4c7c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:07.000Z",
|
|
"modified": "2015-12-22T13:49:07.000Z",
|
|
"description": "- Xchecked via VT: d1216d2da3aaf0997efc0d3504d52024",
|
|
"pattern": "[file:hashes.SHA256 = 'a6fe61a991e0fb7703078cbe14768c184dcbb72646959f7f6e864d1b8dc9e048']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d4-5ea8-42b7-9083-408d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:08.000Z",
|
|
"modified": "2015-12-22T13:49:08.000Z",
|
|
"description": "- Xchecked via VT: d1216d2da3aaf0997efc0d3504d52024",
|
|
"pattern": "[file:hashes.SHA1 = '4a06a399936685642d39f9920a9beaf2f375d938']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d4-29bc-4209-a9e0-453c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:08.000Z",
|
|
"modified": "2015-12-22T13:49:08.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a6fe61a991e0fb7703078cbe14768c184dcbb72646959f7f6e864d1b8dc9e048/analysis/1399602338/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d4-8f04-4395-aa30-46a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:08.000Z",
|
|
"modified": "2015-12-22T13:49:08.000Z",
|
|
"description": "- Xchecked via VT: a42c3679f391c20238f24f8647fb7eff",
|
|
"pattern": "[file:hashes.SHA256 = '4bb2c406bf87e68d5566f45127bd17b8e89722e1b01d1ced15abb97cdc3d7de9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d4-086c-4889-8db2-4e38950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:08.000Z",
|
|
"modified": "2015-12-22T13:49:08.000Z",
|
|
"description": "- Xchecked via VT: a42c3679f391c20238f24f8647fb7eff",
|
|
"pattern": "[file:hashes.SHA1 = '1aeb60c31fa70897733c47d2328e65443aaa9453']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d5-0570-4a50-9b38-4d37950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:09.000Z",
|
|
"modified": "2015-12-22T13:49:09.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4bb2c406bf87e68d5566f45127bd17b8e89722e1b01d1ced15abb97cdc3d7de9/analysis/1445744458/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d5-ad50-4610-85c3-4764950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:09.000Z",
|
|
"modified": "2015-12-22T13:49:09.000Z",
|
|
"description": "- Xchecked via VT: 3781c1043a79bea9a08f3681347e3fef",
|
|
"pattern": "[file:hashes.SHA256 = 'c4b9d6cb051b54b317780b6f8242af90ab36fe5ae6f0dd6ebaeca9ba5755e98d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d5-bf10-43d2-94a8-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:09.000Z",
|
|
"modified": "2015-12-22T13:49:09.000Z",
|
|
"description": "- Xchecked via VT: 3781c1043a79bea9a08f3681347e3fef",
|
|
"pattern": "[file:hashes.SHA1 = '300b988bb471a0443ee1bc02f3b926a45c22d2f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d6-19a4-4443-987a-456b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:10.000Z",
|
|
"modified": "2015-12-22T13:49:10.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c4b9d6cb051b54b317780b6f8242af90ab36fe5ae6f0dd6ebaeca9ba5755e98d/analysis/1445858022/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d6-13d4-4306-b3a8-486f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:10.000Z",
|
|
"modified": "2015-12-22T13:49:10.000Z",
|
|
"description": "- Xchecked via VT: e4eabeadb3573d9b9c878fe3905d38b4",
|
|
"pattern": "[file:hashes.SHA256 = 'aa0c318f2a74836bce74b084b7ca003b75df30033b1eec5086680fc7e5da2bde']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d6-b934-4e9d-aa1c-4b4a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:10.000Z",
|
|
"modified": "2015-12-22T13:49:10.000Z",
|
|
"description": "- Xchecked via VT: e4eabeadb3573d9b9c878fe3905d38b4",
|
|
"pattern": "[file:hashes.SHA1 = 'e7711fac0f24a90b39d3e3ce0d085b1a15ffdbdd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d6-7c54-4ab1-af6a-48b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:10.000Z",
|
|
"modified": "2015-12-22T13:49:10.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/aa0c318f2a74836bce74b084b7ca003b75df30033b1eec5086680fc7e5da2bde/analysis/1436490485/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d7-3c34-46f2-8ce7-48df950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:11.000Z",
|
|
"modified": "2015-12-22T13:49:11.000Z",
|
|
"description": "- Xchecked via VT: 7478d6dade2108b45190c1c8da33961f",
|
|
"pattern": "[file:hashes.SHA256 = 'b91af48769e7ef98d070f0d0583b35e00240fd32daf707f0f8fffaf4dce28d98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d7-8060-4b20-85f2-4b4c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:11.000Z",
|
|
"modified": "2015-12-22T13:49:11.000Z",
|
|
"description": "- Xchecked via VT: 7478d6dade2108b45190c1c8da33961f",
|
|
"pattern": "[file:hashes.SHA1 = 'd9aa8b79ac2dd937c16184f8f69afaa68032b33d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d7-9778-4730-9323-45dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:11.000Z",
|
|
"modified": "2015-12-22T13:49:11.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b91af48769e7ef98d070f0d0583b35e00240fd32daf707f0f8fffaf4dce28d98/analysis/1445525835/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d8-8a1c-479c-bf51-4c0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:12.000Z",
|
|
"modified": "2015-12-22T13:49:12.000Z",
|
|
"description": "- Xchecked via VT: 1c8d4cd98f3ffe1b942f0a04692ed215",
|
|
"pattern": "[file:hashes.SHA256 = '7cb09f6eb10296bcc12dc6c901044e0d71a6ddb449fc9802280022f1ac5092ef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d8-40e0-4601-acf1-4ab7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:12.000Z",
|
|
"modified": "2015-12-22T13:49:12.000Z",
|
|
"description": "- Xchecked via VT: 1c8d4cd98f3ffe1b942f0a04692ed215",
|
|
"pattern": "[file:hashes.SHA1 = '8e366090d15bf25c500e48e94dfbcf30fb285524']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d8-1738-4d84-b0ac-4bc2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:12.000Z",
|
|
"modified": "2015-12-22T13:49:12.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7cb09f6eb10296bcc12dc6c901044e0d71a6ddb449fc9802280022f1ac5092ef/analysis/1392142311/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d9-9188-4205-b2a8-4acd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:12.000Z",
|
|
"modified": "2015-12-22T13:49:12.000Z",
|
|
"description": "- Xchecked via VT: 0cd20f2d60a1b6e5cf649cfc23812c94",
|
|
"pattern": "[file:hashes.SHA256 = '4dcae454b2a290bbbc74c3456a96c5613df8604b05f9bb463fcab958ba6d5cd2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d9-3cc4-4322-89fa-45d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:13.000Z",
|
|
"modified": "2015-12-22T13:49:13.000Z",
|
|
"description": "- Xchecked via VT: 0cd20f2d60a1b6e5cf649cfc23812c94",
|
|
"pattern": "[file:hashes.SHA1 = '3effa853e3e3c5b843f13353a235d347f93ea185']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d9-a744-4709-8791-4431950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:13.000Z",
|
|
"modified": "2015-12-22T13:49:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4dcae454b2a290bbbc74c3456a96c5613df8604b05f9bb463fcab958ba6d5cd2/analysis/1401793452/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954d9-5330-43d8-b390-4eb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:13.000Z",
|
|
"modified": "2015-12-22T13:49:13.000Z",
|
|
"description": "- Xchecked via VT: 1e28b72baae6c0edfad646b838ee6b9d",
|
|
"pattern": "[file:hashes.SHA256 = '8d559832c37d7180cfa8f3e7505ee6770e726423310d2c2352b80281bc16b38a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954da-e0bc-46cf-8f14-4f1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:14.000Z",
|
|
"modified": "2015-12-22T13:49:14.000Z",
|
|
"description": "- Xchecked via VT: 1e28b72baae6c0edfad646b838ee6b9d",
|
|
"pattern": "[file:hashes.SHA1 = 'fe88e6465b1d0b148c42cf4ed031bbbf41dfeb69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954da-a4f8-470b-9c69-4ce4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:14.000Z",
|
|
"modified": "2015-12-22T13:49:14.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8d559832c37d7180cfa8f3e7505ee6770e726423310d2c2352b80281bc16b38a/analysis/1333751421/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954da-ae2c-48c5-9450-484d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:14.000Z",
|
|
"modified": "2015-12-22T13:49:14.000Z",
|
|
"description": "- Xchecked via VT: 9dccb01facfbbb69429ef0faf4bc1bda",
|
|
"pattern": "[file:hashes.SHA256 = 'e4e86b3b5769a41de8652af6057c6d2d43a5c946c95517876768d78d8a2d739a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954db-44d0-499a-ba90-45a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:15.000Z",
|
|
"modified": "2015-12-22T13:49:15.000Z",
|
|
"description": "- Xchecked via VT: 9dccb01facfbbb69429ef0faf4bc1bda",
|
|
"pattern": "[file:hashes.SHA1 = 'fe14a2631483a8ae4e450d79ac4c6a71688528be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954db-119c-4b31-9539-441e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:15.000Z",
|
|
"modified": "2015-12-22T13:49:15.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e4e86b3b5769a41de8652af6057c6d2d43a5c946c95517876768d78d8a2d739a/analysis/1443503517/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954db-2af0-4ad7-b1be-4d58950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:15.000Z",
|
|
"modified": "2015-12-22T13:49:15.000Z",
|
|
"description": "- Xchecked via VT: 2e79a333e15f16ec5f309a7656fea945",
|
|
"pattern": "[file:hashes.SHA256 = '1005ad448472f3ed368db1ab11b575348130274670b81244438eaee9147b824f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954db-8230-414e-a873-408e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:15.000Z",
|
|
"modified": "2015-12-22T13:49:15.000Z",
|
|
"description": "- Xchecked via VT: 2e79a333e15f16ec5f309a7656fea945",
|
|
"pattern": "[file:hashes.SHA1 = '0f9ff5330bd265ac32edc37c28e0e3a61bc32f80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954dc-a6f0-4bee-a2de-4dea950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:16.000Z",
|
|
"modified": "2015-12-22T13:49:16.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1005ad448472f3ed368db1ab11b575348130274670b81244438eaee9147b824f/analysis/1436468529/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954dc-8688-4ffc-83ee-45ef950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:16.000Z",
|
|
"modified": "2015-12-22T13:49:16.000Z",
|
|
"description": "- Xchecked via VT: 8ca915ab1d69a7007237eb83ae37eae5",
|
|
"pattern": "[file:hashes.SHA256 = '3340d8f3ea5e56b68635929c89474f5602e8dae6f314d058eae4a1a77c59d16c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954dc-6074-419e-9f57-4e3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:16.000Z",
|
|
"modified": "2015-12-22T13:49:16.000Z",
|
|
"description": "- Xchecked via VT: 8ca915ab1d69a7007237eb83ae37eae5",
|
|
"pattern": "[file:hashes.SHA1 = '26a1e003125f326599e2fe2e75d427c8a625e5f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954dd-dde0-4eca-a012-4074950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:17.000Z",
|
|
"modified": "2015-12-22T13:49:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3340d8f3ea5e56b68635929c89474f5602e8dae6f314d058eae4a1a77c59d16c/analysis/1445908914/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954dd-27c0-4de4-848e-4bd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:17.000Z",
|
|
"modified": "2015-12-22T13:49:17.000Z",
|
|
"description": "- Xchecked via VT: 690354f894d6ec0b82287683acd873f4",
|
|
"pattern": "[file:hashes.SHA256 = '310a99a044eed87666a9eb81a606014d4c24fe0dcae1840107919ed60362391d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954dd-6514-45f1-94cb-4b10950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:17.000Z",
|
|
"modified": "2015-12-22T13:49:17.000Z",
|
|
"description": "- Xchecked via VT: 690354f894d6ec0b82287683acd873f4",
|
|
"pattern": "[file:hashes.SHA1 = '9dc4c58b8942a7e3f2276c912db5b235066435a1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954de-78d0-4412-94e2-4cef950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:17.000Z",
|
|
"modified": "2015-12-22T13:49:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/310a99a044eed87666a9eb81a606014d4c24fe0dcae1840107919ed60362391d/analysis/1376512371/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954de-1cc8-461c-97c4-4d36950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:18.000Z",
|
|
"modified": "2015-12-22T13:49:18.000Z",
|
|
"description": "- Xchecked via VT: 31fe30196c2f7dc4ca8d6b8f1070dd6e",
|
|
"pattern": "[file:hashes.SHA256 = '6011f6404931abc458d69da302783ba70c344f23d7a22a738e7c0de6bc992152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954de-fb94-4cef-8372-44f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:18.000Z",
|
|
"modified": "2015-12-22T13:49:18.000Z",
|
|
"description": "- Xchecked via VT: 31fe30196c2f7dc4ca8d6b8f1070dd6e",
|
|
"pattern": "[file:hashes.SHA1 = '2ae4f02f781ffadaaf3ea31ca02067718d83ed0c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954de-0558-4760-8b43-4249950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:18.000Z",
|
|
"modified": "2015-12-22T13:49:18.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6011f6404931abc458d69da302783ba70c344f23d7a22a738e7c0de6bc992152/analysis/1445900582/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954df-4484-4956-ae21-4fa1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:19.000Z",
|
|
"modified": "2015-12-22T13:49:19.000Z",
|
|
"description": "- Xchecked via VT: 16346b95e6deef9da7fe796c31b9dec4",
|
|
"pattern": "[file:hashes.SHA256 = 'b745cf098e8643fb92723dedaef3343ec659baa288fffe847e961a8e62c2075f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954df-cfb8-4e0b-a8a0-46f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:19.000Z",
|
|
"modified": "2015-12-22T13:49:19.000Z",
|
|
"description": "- Xchecked via VT: 16346b95e6deef9da7fe796c31b9dec4",
|
|
"pattern": "[file:hashes.SHA1 = '4662aa7b63d4377c38c38c6ed092b88e13883150']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954df-01f8-4073-baf4-4fa6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:19.000Z",
|
|
"modified": "2015-12-22T13:49:19.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b745cf098e8643fb92723dedaef3343ec659baa288fffe847e961a8e62c2075f/analysis/1418920518/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e0-66a8-4ab2-a8e4-4e0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:20.000Z",
|
|
"modified": "2015-12-22T13:49:20.000Z",
|
|
"description": "- Xchecked via VT: 2d789e07fa95535ededd79fe5e991add",
|
|
"pattern": "[file:hashes.SHA256 = '4d9de1b5ade541aece074ced1752f7130b56fa510ad1e6becae74970819fe219']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e0-2f1c-42fc-b0dd-46e7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:20.000Z",
|
|
"modified": "2015-12-22T13:49:20.000Z",
|
|
"description": "- Xchecked via VT: 2d789e07fa95535ededd79fe5e991add",
|
|
"pattern": "[file:hashes.SHA1 = '528373514a8d7538bb53afe164d597ac5fadabfe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e0-0144-4c6f-b275-41c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:20.000Z",
|
|
"modified": "2015-12-22T13:49:20.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4d9de1b5ade541aece074ced1752f7130b56fa510ad1e6becae74970819fe219/analysis/1445862485/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e0-0530-4927-beed-4096950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:20.000Z",
|
|
"modified": "2015-12-22T13:49:20.000Z",
|
|
"description": "- Xchecked via VT: 117b20d1ff962a7d8fbcb0ce8e8a7ae6",
|
|
"pattern": "[file:hashes.SHA256 = '3cd0821fadadd8a88b0db27dddfe2da671c5545006db1464696909d360bba7dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e1-81d4-4371-a816-4be1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:21.000Z",
|
|
"modified": "2015-12-22T13:49:21.000Z",
|
|
"description": "- Xchecked via VT: 117b20d1ff962a7d8fbcb0ce8e8a7ae6",
|
|
"pattern": "[file:hashes.SHA1 = '40341a57e4129fdf69255079085b3bff4ca5a45a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e1-cdc0-497a-aeac-4a43950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:21.000Z",
|
|
"modified": "2015-12-22T13:49:21.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3cd0821fadadd8a88b0db27dddfe2da671c5545006db1464696909d360bba7dc/analysis/1436487039/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e1-0250-4718-be9c-4583950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:21.000Z",
|
|
"modified": "2015-12-22T13:49:21.000Z",
|
|
"description": "- Xchecked via VT: c78cbb6703ccb97802633db145ba36f5",
|
|
"pattern": "[file:hashes.SHA256 = '2186c8518ca58478bc7dcdb9f469a9094bacd0c3864d76ca4500697e5c23349e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e2-5b6c-4e9d-9cbf-46f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:22.000Z",
|
|
"modified": "2015-12-22T13:49:22.000Z",
|
|
"description": "- Xchecked via VT: c78cbb6703ccb97802633db145ba36f5",
|
|
"pattern": "[file:hashes.SHA1 = '3d3547f5ec8f818009490b8a3ae2e6a3863f9c14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e2-88d8-48f6-bd19-434c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:22.000Z",
|
|
"modified": "2015-12-22T13:49:22.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2186c8518ca58478bc7dcdb9f469a9094bacd0c3864d76ca4500697e5c23349e/analysis/1389978199/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e2-98e8-45aa-9a98-4470950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:22.000Z",
|
|
"modified": "2015-12-22T13:49:22.000Z",
|
|
"description": "- Xchecked via VT: f31572c8035eeb5cfecfe406925ebadd",
|
|
"pattern": "[file:hashes.SHA256 = '3f502030ae1fbd66b033bf236dbe65acac526a203cb7be1594e21de486c2558e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e2-c854-416d-96c3-4e02950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:22.000Z",
|
|
"modified": "2015-12-22T13:49:22.000Z",
|
|
"description": "- Xchecked via VT: f31572c8035eeb5cfecfe406925ebadd",
|
|
"pattern": "[file:hashes.SHA1 = '086f56fa97a392ae2113718e2b3a71b1874927bb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e3-bc64-400c-a874-494b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:23.000Z",
|
|
"modified": "2015-12-22T13:49:23.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3f502030ae1fbd66b033bf236dbe65acac526a203cb7be1594e21de486c2558e/analysis/1439794590/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e3-f1b4-42bc-bdd0-49d7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:23.000Z",
|
|
"modified": "2015-12-22T13:49:23.000Z",
|
|
"description": "- Xchecked via VT: c27791457932fe95bfc66e064b2896e3",
|
|
"pattern": "[file:hashes.SHA256 = 'aabb1279015e6faac09c91e8013acf8ea0bcbbcc4f9d5057d3e3043b3651e3b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e3-85e4-4d46-96da-4a11950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:23.000Z",
|
|
"modified": "2015-12-22T13:49:23.000Z",
|
|
"description": "- Xchecked via VT: c27791457932fe95bfc66e064b2896e3",
|
|
"pattern": "[file:hashes.SHA1 = '5527e2c3ab329515af911bf476564fb30215b991']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e4-2848-4b4d-918c-4b03950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:24.000Z",
|
|
"modified": "2015-12-22T13:49:24.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/aabb1279015e6faac09c91e8013acf8ea0bcbbcc4f9d5057d3e3043b3651e3b9/analysis/1376172940/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e4-8a18-429c-8a0d-4b2e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:24.000Z",
|
|
"modified": "2015-12-22T13:49:24.000Z",
|
|
"description": "- Xchecked via VT: aead225cf2c7ff837b9164d29ec5034b",
|
|
"pattern": "[file:hashes.SHA256 = 'ee13fdb2f179f06d4e25fcddd094b8d240619ce4c18edbc290a47ab10a1b68e3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e4-ef28-4017-9033-4ba7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:24.000Z",
|
|
"modified": "2015-12-22T13:49:24.000Z",
|
|
"description": "- Xchecked via VT: aead225cf2c7ff837b9164d29ec5034b",
|
|
"pattern": "[file:hashes.SHA1 = 'dde50a2177e554c215ad188500e860f77c66773c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e5-c7bc-46dc-b624-4682950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:25.000Z",
|
|
"modified": "2015-12-22T13:49:25.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ee13fdb2f179f06d4e25fcddd094b8d240619ce4c18edbc290a47ab10a1b68e3/analysis/1424251935/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e5-05f8-4676-a94b-4789950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:25.000Z",
|
|
"modified": "2015-12-22T13:49:25.000Z",
|
|
"description": "- Xchecked via VT: a51edbae957be0a7fdf96f176e596e22",
|
|
"pattern": "[file:hashes.SHA256 = '186a50f779d28f29fc890e821c6222260503c695ab533291a4b0b43d154c3a92']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e5-68cc-4d83-8e3c-4d6c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:25.000Z",
|
|
"modified": "2015-12-22T13:49:25.000Z",
|
|
"description": "- Xchecked via VT: a51edbae957be0a7fdf96f176e596e22",
|
|
"pattern": "[file:hashes.SHA1 = 'ddc7c86f17066081fb13931f99ed649ec6976051']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e5-07d8-4684-97ff-473d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:25.000Z",
|
|
"modified": "2015-12-22T13:49:25.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/186a50f779d28f29fc890e821c6222260503c695ab533291a4b0b43d154c3a92/analysis/1441889188/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e6-e8b4-455e-b05f-44e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:26.000Z",
|
|
"modified": "2015-12-22T13:49:26.000Z",
|
|
"description": "- Xchecked via VT: 07546536352e8435c078fb06c5ead2bc",
|
|
"pattern": "[file:hashes.SHA256 = '11250feca6b50f061e23226ff74dcc9d98812716c12821ca4c4c165ffbb956d7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e6-b35c-4405-af56-4a6d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:26.000Z",
|
|
"modified": "2015-12-22T13:49:26.000Z",
|
|
"description": "- Xchecked via VT: 07546536352e8435c078fb06c5ead2bc",
|
|
"pattern": "[file:hashes.SHA1 = '8ef841257c47fc595e754380a35465f9171fa60c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e6-ed84-44c1-8784-474f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:26.000Z",
|
|
"modified": "2015-12-22T13:49:26.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/11250feca6b50f061e23226ff74dcc9d98812716c12821ca4c4c165ffbb956d7/analysis/1446039716/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e7-11e4-49ef-bb59-4017950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:27.000Z",
|
|
"modified": "2015-12-22T13:49:27.000Z",
|
|
"description": "- Xchecked via VT: f025ec5de4fc2cda7ccf988484082315",
|
|
"pattern": "[file:hashes.SHA256 = '4eab7bb4b417cae22ace741f56c0126b71ff076ae5ec2c0303ae780b306f07c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e7-38a8-4b5f-aa6c-4b8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:27.000Z",
|
|
"modified": "2015-12-22T13:49:27.000Z",
|
|
"description": "- Xchecked via VT: f025ec5de4fc2cda7ccf988484082315",
|
|
"pattern": "[file:hashes.SHA1 = '69aa8293ec6ead8ec4d868df491e1bf08c16113b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e7-08c0-4d08-852e-4fe1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:27.000Z",
|
|
"modified": "2015-12-22T13:49:27.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4eab7bb4b417cae22ace741f56c0126b71ff076ae5ec2c0303ae780b306f07c4/analysis/1389530194/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e8-3dfc-480a-b181-4b69950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:28.000Z",
|
|
"modified": "2015-12-22T13:49:28.000Z",
|
|
"description": "- Xchecked via VT: 9eaf0e6837ce7444040d9ab9c42fc147",
|
|
"pattern": "[file:hashes.SHA256 = '8d6eec3129ff5ba2e3710971ad089952b412ec14f3f224b64d8a01ec18f2d905']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e8-dfa0-401a-9659-4b66950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:28.000Z",
|
|
"modified": "2015-12-22T13:49:28.000Z",
|
|
"description": "- Xchecked via VT: 9eaf0e6837ce7444040d9ab9c42fc147",
|
|
"pattern": "[file:hashes.SHA1 = '7cafb4641b12d02feefbef92c742455d8bb7fce5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e8-ec30-4446-b11c-4668950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:28.000Z",
|
|
"modified": "2015-12-22T13:49:28.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8d6eec3129ff5ba2e3710971ad089952b412ec14f3f224b64d8a01ec18f2d905/analysis/1445776093/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e8-74e4-4148-a922-417e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:28.000Z",
|
|
"modified": "2015-12-22T13:49:28.000Z",
|
|
"description": "- Xchecked via VT: bed14c5b9db410e398e142bfc0cd0a61",
|
|
"pattern": "[file:hashes.SHA256 = '45433387d718c7333f5359523504099106415957f580a1bedf565e6f8bc39190']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e9-16c0-4a37-8eb3-49cd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:29.000Z",
|
|
"modified": "2015-12-22T13:49:29.000Z",
|
|
"description": "- Xchecked via VT: bed14c5b9db410e398e142bfc0cd0a61",
|
|
"pattern": "[file:hashes.SHA1 = '065e64ce8caab304f918aec2b03e55d4e49ca868']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e9-b188-4aae-abd1-4c91950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:29.000Z",
|
|
"modified": "2015-12-22T13:49:29.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/45433387d718c7333f5359523504099106415957f580a1bedf565e6f8bc39190/analysis/1445833152/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954e9-295c-46a5-a0a8-47cc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:29.000Z",
|
|
"modified": "2015-12-22T13:49:29.000Z",
|
|
"description": "- Xchecked via VT: 2bdb94df14fa5a2ddf9522ac05720d2e",
|
|
"pattern": "[file:hashes.SHA256 = 'be3c5aa4bd9283a9fa5eeb27213ce706ea88518915dc761650f032dce59c77d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ea-dad8-4af9-ae4d-4026950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:30.000Z",
|
|
"modified": "2015-12-22T13:49:30.000Z",
|
|
"description": "- Xchecked via VT: 2bdb94df14fa5a2ddf9522ac05720d2e",
|
|
"pattern": "[file:hashes.SHA1 = '3652db38bd457f1306a124eaf6fd6fd059f56561']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ea-6180-44b5-9752-49d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:30.000Z",
|
|
"modified": "2015-12-22T13:49:30.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/be3c5aa4bd9283a9fa5eeb27213ce706ea88518915dc761650f032dce59c77d4/analysis/1445825325/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ea-f264-490b-8aab-444c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:30.000Z",
|
|
"modified": "2015-12-22T13:49:30.000Z",
|
|
"description": "- Xchecked via VT: 09b5f55ce2c73883c1f168ec34d70eb9",
|
|
"pattern": "[file:hashes.SHA256 = '8a1b7e5a4598b69d45fbc8632234bb436f61cd159bc95b9c4108dddf0ce8275f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ea-f1b4-40b0-aac2-492b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:30.000Z",
|
|
"modified": "2015-12-22T13:49:30.000Z",
|
|
"description": "- Xchecked via VT: 09b5f55ce2c73883c1f168ec34d70eb9",
|
|
"pattern": "[file:hashes.SHA1 = '62150bfe652cf72c707c628426a924df011032a7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954eb-4b4c-4578-a76b-4511950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:31.000Z",
|
|
"modified": "2015-12-22T13:49:31.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8a1b7e5a4598b69d45fbc8632234bb436f61cd159bc95b9c4108dddf0ce8275f/analysis/1439468694/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954eb-be1c-4b5d-966e-47a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:31.000Z",
|
|
"modified": "2015-12-22T13:49:31.000Z",
|
|
"description": "- Xchecked via VT: bc7bb730e98fcde7044251784e0d8ceb",
|
|
"pattern": "[file:hashes.SHA256 = '9ae10d3964995c69b9d88f32af95f3ae057c04d9de0a5d8d801c2d15ebe1b466']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954eb-c074-4206-9f72-4894950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:31.000Z",
|
|
"modified": "2015-12-22T13:49:31.000Z",
|
|
"description": "- Xchecked via VT: bc7bb730e98fcde7044251784e0d8ceb",
|
|
"pattern": "[file:hashes.SHA1 = '451deb07643105bc9d1a8191f1491363a87529c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ec-2a38-4065-a991-4c3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:32.000Z",
|
|
"modified": "2015-12-22T13:49:32.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/9ae10d3964995c69b9d88f32af95f3ae057c04d9de0a5d8d801c2d15ebe1b466/analysis/1450685239/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ec-6cc0-4dbd-a75b-4476950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:32.000Z",
|
|
"modified": "2015-12-22T13:49:32.000Z",
|
|
"description": "- Xchecked via VT: 24d7666ac0366d9308a05c98e5c57e9d",
|
|
"pattern": "[file:hashes.SHA256 = 'b8869deafd81e6a105f37bc9f275613f1c338456fe6631027122fd3467d0f1ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ec-a790-4d66-a832-44d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:32.000Z",
|
|
"modified": "2015-12-22T13:49:32.000Z",
|
|
"description": "- Xchecked via VT: 24d7666ac0366d9308a05c98e5c57e9d",
|
|
"pattern": "[file:hashes.SHA1 = '79f2a86cb6fecf68c82c3230eb963dad22ba75e7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ec-64bc-4e18-b5d3-4cf8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:32.000Z",
|
|
"modified": "2015-12-22T13:49:32.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b8869deafd81e6a105f37bc9f275613f1c338456fe6631027122fd3467d0f1ae/analysis/1410128663/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ed-41e8-44ed-aedc-416e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:33.000Z",
|
|
"modified": "2015-12-22T13:49:33.000Z",
|
|
"description": "- Xchecked via VT: 9f22ef7d30481ef63b6d842f6f1c1c60",
|
|
"pattern": "[file:hashes.SHA256 = '78b8230fbc3ea6e9408f992c96a4e62350328ee0109cbefcb47f42e15a43b5df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ed-394c-4a09-8340-41b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:33.000Z",
|
|
"modified": "2015-12-22T13:49:33.000Z",
|
|
"description": "- Xchecked via VT: 9f22ef7d30481ef63b6d842f6f1c1c60",
|
|
"pattern": "[file:hashes.SHA1 = '20c44d04f3bcca6328ddbf34bebc05bc35b7d33c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ed-1e44-4925-b1e7-459d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:33.000Z",
|
|
"modified": "2015-12-22T13:49:33.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/78b8230fbc3ea6e9408f992c96a4e62350328ee0109cbefcb47f42e15a43b5df/analysis/1443177849/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ed-9338-4f07-8110-43fd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:33.000Z",
|
|
"modified": "2015-12-22T13:49:33.000Z",
|
|
"description": "- Xchecked via VT: d622810a8024c09f07175b788ec0a764",
|
|
"pattern": "[file:hashes.SHA256 = 'fdf82ec4ba1412881d2f654595dc77afa5bda16272580896a2b7e5eba5b91e37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ee-eda8-46c5-a19e-4631950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:34.000Z",
|
|
"modified": "2015-12-22T13:49:34.000Z",
|
|
"description": "- Xchecked via VT: d622810a8024c09f07175b788ec0a764",
|
|
"pattern": "[file:hashes.SHA1 = 'f911895fca09d8f29706e31a3647f9dc0c55d4cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ee-12a8-41c3-bbdd-4c15950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:34.000Z",
|
|
"modified": "2015-12-22T13:49:34.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fdf82ec4ba1412881d2f654595dc77afa5bda16272580896a2b7e5eba5b91e37/analysis/1382869035/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ee-9bf4-42f4-bf45-41ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:34.000Z",
|
|
"modified": "2015-12-22T13:49:34.000Z",
|
|
"description": "- Xchecked via VT: 184f870d527eacc6e28f84efdb67df37",
|
|
"pattern": "[file:hashes.SHA256 = 'b757d3fef7ede06407aa7f7eb0968792084143ef574179963a7007da48acec0a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ef-afcc-4de1-b0e2-4c18950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:35.000Z",
|
|
"modified": "2015-12-22T13:49:35.000Z",
|
|
"description": "- Xchecked via VT: 184f870d527eacc6e28f84efdb67df37",
|
|
"pattern": "[file:hashes.SHA1 = '4f8150edc717bd544e20547bb3d8261e5f8f361e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ef-5670-4414-83ab-4fdc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:35.000Z",
|
|
"modified": "2015-12-22T13:49:35.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b757d3fef7ede06407aa7f7eb0968792084143ef574179963a7007da48acec0a/analysis/1387199025/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ef-65d4-496c-9ca6-4f33950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:35.000Z",
|
|
"modified": "2015-12-22T13:49:35.000Z",
|
|
"description": "- Xchecked via VT: 497e67364304f7d84c69296d594c67c4",
|
|
"pattern": "[file:hashes.SHA256 = '736a700d465fad2ba4fc6e9ee6c4cdbedbaf97d30ba2b722835599bdc0f1357c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ef-bd78-4a35-96bb-44d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:35.000Z",
|
|
"modified": "2015-12-22T13:49:35.000Z",
|
|
"description": "- Xchecked via VT: 497e67364304f7d84c69296d594c67c4",
|
|
"pattern": "[file:hashes.SHA1 = '21f7fbf805c3047699d3a521bad49ec337556777']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f0-9958-46da-ad85-4e14950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:36.000Z",
|
|
"modified": "2015-12-22T13:49:36.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/736a700d465fad2ba4fc6e9ee6c4cdbedbaf97d30ba2b722835599bdc0f1357c/analysis/1381889853/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f0-abdc-4433-9546-4797950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:36.000Z",
|
|
"modified": "2015-12-22T13:49:36.000Z",
|
|
"description": "- Xchecked via VT: 8fa706569ebc147c4010e204c7586172",
|
|
"pattern": "[file:hashes.SHA256 = 'e85f74184e91f774617aec05e2c73f13b4aae55ddb461515421f3b46433ddf16']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f0-d694-4e51-aca0-4b66950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:36.000Z",
|
|
"modified": "2015-12-22T13:49:36.000Z",
|
|
"description": "- Xchecked via VT: 8fa706569ebc147c4010e204c7586172",
|
|
"pattern": "[file:hashes.SHA1 = '06166307ff515f2ce74deacb621773643e9bfbe5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f1-feb4-4069-92c6-44e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:37.000Z",
|
|
"modified": "2015-12-22T13:49:37.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e85f74184e91f774617aec05e2c73f13b4aae55ddb461515421f3b46433ddf16/analysis/1436468153/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f1-7750-4300-89a0-4eee950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:37.000Z",
|
|
"modified": "2015-12-22T13:49:37.000Z",
|
|
"description": "- Xchecked via VT: 34e94a52139c4d994b65921d17379783",
|
|
"pattern": "[file:hashes.SHA256 = '9f9ac7458fa7deb9a9cff03172d2d74c50869d959a2d33c37caa149463d74c8f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f1-6814-40f7-99c0-4c81950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:37.000Z",
|
|
"modified": "2015-12-22T13:49:37.000Z",
|
|
"description": "- Xchecked via VT: 34e94a52139c4d994b65921d17379783",
|
|
"pattern": "[file:hashes.SHA1 = 'ff37dd95173c74a8da553257255c9eb059ce3fc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f2-9354-420f-afcb-4229950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:38.000Z",
|
|
"modified": "2015-12-22T13:49:38.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/9f9ac7458fa7deb9a9cff03172d2d74c50869d959a2d33c37caa149463d74c8f/analysis/1383650536/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f2-a3e4-4a7a-8fa7-47aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:38.000Z",
|
|
"modified": "2015-12-22T13:49:38.000Z",
|
|
"description": "- Xchecked via VT: 95ac31c40a32a6a44f84a6b77dd76332",
|
|
"pattern": "[file:hashes.SHA256 = '0c7ae1c82a0448febc9bc972e9001e0c937cd82c8ca2b0c48e4a4bfc02bd6ad6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f2-4df4-4dd3-9625-4d4f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:38.000Z",
|
|
"modified": "2015-12-22T13:49:38.000Z",
|
|
"description": "- Xchecked via VT: 95ac31c40a32a6a44f84a6b77dd76332",
|
|
"pattern": "[file:hashes.SHA1 = '63897d875cf0721bf2f973005a2ced8f8af69fbe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f2-6b64-4a4e-a243-4e71950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:38.000Z",
|
|
"modified": "2015-12-22T13:49:38.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0c7ae1c82a0448febc9bc972e9001e0c937cd82c8ca2b0c48e4a4bfc02bd6ad6/analysis/1445860216/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f3-90b0-4d58-85f2-4326950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:39.000Z",
|
|
"modified": "2015-12-22T13:49:39.000Z",
|
|
"description": "- Xchecked via VT: b864a7763db860436035f4f8775dbd50",
|
|
"pattern": "[file:hashes.SHA256 = 'eae1d6ecfb9cfdd45f294c519f670259947da5e721c358f07f17588cd140f9a3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f3-6064-41ff-92ba-4cc0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:39.000Z",
|
|
"modified": "2015-12-22T13:49:39.000Z",
|
|
"description": "- Xchecked via VT: b864a7763db860436035f4f8775dbd50",
|
|
"pattern": "[file:hashes.SHA1 = 'af94d9357e82f978e8474f29cabfd868110ce3d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f3-2a18-4679-a01d-4349950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:39.000Z",
|
|
"modified": "2015-12-22T13:49:39.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/eae1d6ecfb9cfdd45f294c519f670259947da5e721c358f07f17588cd140f9a3/analysis/1389567124/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f4-6e40-4a81-a6f4-45b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:40.000Z",
|
|
"modified": "2015-12-22T13:49:40.000Z",
|
|
"description": "- Xchecked via VT: 564b7276e04556646af4e1c38e05a93a",
|
|
"pattern": "[file:hashes.SHA256 = 'febe0769d8f1aa3d5b5ed71eaf6ee529baed06bb7bbf5b021b29511574dcbc5f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f4-f950-44d5-aefa-4d2d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:40.000Z",
|
|
"modified": "2015-12-22T13:49:40.000Z",
|
|
"description": "- Xchecked via VT: 564b7276e04556646af4e1c38e05a93a",
|
|
"pattern": "[file:hashes.SHA1 = '4f793db2184599a705624c279311e7d61e95c677']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f4-d9fc-41ae-92d3-4f90950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:40.000Z",
|
|
"modified": "2015-12-22T13:49:40.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/febe0769d8f1aa3d5b5ed71eaf6ee529baed06bb7bbf5b021b29511574dcbc5f/analysis/1445527543/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f4-58d8-49a6-81ff-4930950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:40.000Z",
|
|
"modified": "2015-12-22T13:49:40.000Z",
|
|
"description": "- Xchecked via VT: f950907965f82119a919e5392488b455",
|
|
"pattern": "[file:hashes.SHA256 = '76112ab8258400d031199b3e51cbe59b8fc51fdf57e935adb4287a76d216f68f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f5-1374-4c1d-b722-4553950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:41.000Z",
|
|
"modified": "2015-12-22T13:49:41.000Z",
|
|
"description": "- Xchecked via VT: f950907965f82119a919e5392488b455",
|
|
"pattern": "[file:hashes.SHA1 = 'aaf904c9735d654a33eed89ac2ef161fbfd17d66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f5-8b28-4ec8-aa30-4868950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:41.000Z",
|
|
"modified": "2015-12-22T13:49:41.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/76112ab8258400d031199b3e51cbe59b8fc51fdf57e935adb4287a76d216f68f/analysis/1443306852/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f5-90c8-43b9-ba77-4f69950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:41.000Z",
|
|
"modified": "2015-12-22T13:49:41.000Z",
|
|
"description": "- Xchecked via VT: 66ecf5e7936c4aee89e5b78656623e73",
|
|
"pattern": "[file:hashes.SHA256 = 'b5ce3997979fa40e97ffe93c1dfc4e2a3f83b4e9d016139d18cc5f48733cfae4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f6-cd54-4a08-a7d3-4d9b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:42.000Z",
|
|
"modified": "2015-12-22T13:49:42.000Z",
|
|
"description": "- Xchecked via VT: 66ecf5e7936c4aee89e5b78656623e73",
|
|
"pattern": "[file:hashes.SHA1 = 'e5b5cf20505cdfafaf3daa7597a359433f5ebcf3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f6-64a4-4c2b-b3e6-4d16950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:42.000Z",
|
|
"modified": "2015-12-22T13:49:42.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b5ce3997979fa40e97ffe93c1dfc4e2a3f83b4e9d016139d18cc5f48733cfae4/analysis/1389911012/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f6-e5a0-4f86-8771-4865950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:42.000Z",
|
|
"modified": "2015-12-22T13:49:42.000Z",
|
|
"description": "- Xchecked via VT: d850d6a5a34cbb5c030775d30d21b0d1",
|
|
"pattern": "[file:hashes.SHA256 = '3dcd26913cabe21f4909a7bcca268cbbcd92d92b8e0606e50f17fd3f3a97bb9e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f7-2368-46f4-86ee-433a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:43.000Z",
|
|
"modified": "2015-12-22T13:49:43.000Z",
|
|
"description": "- Xchecked via VT: d850d6a5a34cbb5c030775d30d21b0d1",
|
|
"pattern": "[file:hashes.SHA1 = '8f8dc11588e4260c1105a8a31695264edc6174f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f7-fab4-4075-b074-4573950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:43.000Z",
|
|
"modified": "2015-12-22T13:49:43.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3dcd26913cabe21f4909a7bcca268cbbcd92d92b8e0606e50f17fd3f3a97bb9e/analysis/1414718205/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f7-011c-4f26-a4b3-4054950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:43.000Z",
|
|
"modified": "2015-12-22T13:49:43.000Z",
|
|
"description": "- Xchecked via VT: 317a87b0a03c0c7532ca322e1b8226b9",
|
|
"pattern": "[file:hashes.SHA256 = '495a00b1b0a9b40981b89108bc86289d5b31e8877663515691c22bde3709407b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f7-3f50-4ebd-80f6-44bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:43.000Z",
|
|
"modified": "2015-12-22T13:49:43.000Z",
|
|
"description": "- Xchecked via VT: 317a87b0a03c0c7532ca322e1b8226b9",
|
|
"pattern": "[file:hashes.SHA1 = 'c16a2e7f86eeb5d3398cfed63fccbff8562e9d7f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f8-309c-4fa1-9870-4b54950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:44.000Z",
|
|
"modified": "2015-12-22T13:49:44.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/495a00b1b0a9b40981b89108bc86289d5b31e8877663515691c22bde3709407b/analysis/1445744520/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f8-15e0-4eff-8a5c-4c61950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:44.000Z",
|
|
"modified": "2015-12-22T13:49:44.000Z",
|
|
"description": "- Xchecked via VT: 30146d472c497f002811f8c207db352b",
|
|
"pattern": "[file:hashes.SHA256 = '70f72f636236fabce8eb3e99fbbcb7ff6012b84a7629327db39cd84bbff32f6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f8-6ab4-4e50-999c-43fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:44.000Z",
|
|
"modified": "2015-12-22T13:49:44.000Z",
|
|
"description": "- Xchecked via VT: 30146d472c497f002811f8c207db352b",
|
|
"pattern": "[file:hashes.SHA1 = 'ecd0445ceebc0c7e5306242aa6653131772c8ee6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f9-e38c-4547-a7fb-4303950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:45.000Z",
|
|
"modified": "2015-12-22T13:49:45.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/70f72f636236fabce8eb3e99fbbcb7ff6012b84a7629327db39cd84bbff32f6e/analysis/1392484161/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f9-a4d0-4b66-b769-4bed950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:45.000Z",
|
|
"modified": "2015-12-22T13:49:45.000Z",
|
|
"description": "- Xchecked via VT: 81c8bef50d2fffa1f21cce2b5f9810fa",
|
|
"pattern": "[file:hashes.SHA256 = '1648a359281acd61fc5d307a779e4b201b15017dcc706ba38a0635dd5dc6662a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954f9-71d0-4f64-8d07-4be2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:45.000Z",
|
|
"modified": "2015-12-22T13:49:45.000Z",
|
|
"description": "- Xchecked via VT: 81c8bef50d2fffa1f21cce2b5f9810fa",
|
|
"pattern": "[file:hashes.SHA1 = 'f103a94d62903ab289c07c36d3d5c336ddb4400d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fa-60dc-44fe-a4a0-45f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:46.000Z",
|
|
"modified": "2015-12-22T13:49:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1648a359281acd61fc5d307a779e4b201b15017dcc706ba38a0635dd5dc6662a/analysis/1445599732/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fa-9f84-4782-b5ac-40bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:46.000Z",
|
|
"modified": "2015-12-22T13:49:46.000Z",
|
|
"description": "- Xchecked via VT: c269bf0fd018ec0080f568160de3f0fb",
|
|
"pattern": "[file:hashes.SHA256 = '0a845dad9b1d9c94560a67d5529712f280148525e09f5886f14fa7f094d3f1c4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fa-522c-4832-8e6f-4900950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:46.000Z",
|
|
"modified": "2015-12-22T13:49:46.000Z",
|
|
"description": "- Xchecked via VT: c269bf0fd018ec0080f568160de3f0fb",
|
|
"pattern": "[file:hashes.SHA1 = 'f8c8cd0cdea2ce92cc6ce139c048ec46205bd857']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fa-37d0-4b38-943b-4edf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:46.000Z",
|
|
"modified": "2015-12-22T13:49:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0a845dad9b1d9c94560a67d5529712f280148525e09f5886f14fa7f094d3f1c4/analysis/1395857194/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fb-9810-4230-a222-4e0a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:47.000Z",
|
|
"modified": "2015-12-22T13:49:47.000Z",
|
|
"description": "- Xchecked via VT: 74b56c75f6527f057967c3642d7f76e0",
|
|
"pattern": "[file:hashes.SHA256 = '952f5a4f80e2fcf8225fbc5a358fcc62dae94595c1c89fd540721219b29c4f88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fb-eb44-4a18-93fa-45ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:47.000Z",
|
|
"modified": "2015-12-22T13:49:47.000Z",
|
|
"description": "- Xchecked via VT: 74b56c75f6527f057967c3642d7f76e0",
|
|
"pattern": "[file:hashes.SHA1 = 'a01c773dfd7346b192d3e21124c711dfebe56223']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fb-e140-44b1-a091-44d8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:47.000Z",
|
|
"modified": "2015-12-22T13:49:47.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/952f5a4f80e2fcf8225fbc5a358fcc62dae94595c1c89fd540721219b29c4f88/analysis/1407187511/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fc-aea0-4cca-b29d-444b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:48.000Z",
|
|
"modified": "2015-12-22T13:49:48.000Z",
|
|
"description": "- Xchecked via VT: c0eeac7e2a8757768db796a0b7519ee6",
|
|
"pattern": "[file:hashes.SHA256 = 'b505bd008a883e9cafdab3b0a2bc6affb1d5d0af308874fcdbfd27f7df4657b1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fc-8320-4254-b47a-4b18950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:48.000Z",
|
|
"modified": "2015-12-22T13:49:48.000Z",
|
|
"description": "- Xchecked via VT: c0eeac7e2a8757768db796a0b7519ee6",
|
|
"pattern": "[file:hashes.SHA1 = '294554680270643291e69908be151091327342f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fc-840c-464b-b6f5-4b62950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:48.000Z",
|
|
"modified": "2015-12-22T13:49:48.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b505bd008a883e9cafdab3b0a2bc6affb1d5d0af308874fcdbfd27f7df4657b1/analysis/1387324091/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fd-1670-432e-9a85-4916950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:49.000Z",
|
|
"modified": "2015-12-22T13:49:49.000Z",
|
|
"description": "- Xchecked via VT: e46a57c6d49b7de650ca473426741d3b",
|
|
"pattern": "[file:hashes.SHA256 = '4404fb8b1d9cd0960182bfb262fb78080c8388103e2d2694d405e095124dcb42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fd-b6fc-4d4b-80f4-4cae950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:49.000Z",
|
|
"modified": "2015-12-22T13:49:49.000Z",
|
|
"description": "- Xchecked via VT: e46a57c6d49b7de650ca473426741d3b",
|
|
"pattern": "[file:hashes.SHA1 = '3515e00d78bf60d864234ff186651b9c6a64b094']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fd-0dd8-4c7a-9174-4a82950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:49.000Z",
|
|
"modified": "2015-12-22T13:49:49.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4404fb8b1d9cd0960182bfb262fb78080c8388103e2d2694d405e095124dcb42/analysis/1445877936/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fd-75cc-4434-a8dd-41de950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:49.000Z",
|
|
"modified": "2015-12-22T13:49:49.000Z",
|
|
"description": "- Xchecked via VT: 8a5422c7d2514d7ad0ed912593547009",
|
|
"pattern": "[file:hashes.SHA256 = '3cf4cd0bd69f77c31eb0d6213bbdda7c6f54a6cd01635e917b2bc0228c60fce5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fe-5940-4b94-aa30-4b39950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:50.000Z",
|
|
"modified": "2015-12-22T13:49:50.000Z",
|
|
"description": "- Xchecked via VT: 8a5422c7d2514d7ad0ed912593547009",
|
|
"pattern": "[file:hashes.SHA1 = '2c80205d6cd0451e887d9a00a0a57c5c1fdc99ea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fe-ad64-4610-a9a8-4695950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:50.000Z",
|
|
"modified": "2015-12-22T13:49:50.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3cf4cd0bd69f77c31eb0d6213bbdda7c6f54a6cd01635e917b2bc0228c60fce5/analysis/1445869802/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954fe-8ac8-4d6e-a176-4ce4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:50.000Z",
|
|
"modified": "2015-12-22T13:49:50.000Z",
|
|
"description": "- Xchecked via VT: 07270db65db7e6bc80f7713845a8300a",
|
|
"pattern": "[file:hashes.SHA256 = '58b4756d12f29b94be8f514eb0447fae26e4f7bcae8ca9b6f55d48ba70bb6588']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ff-2bc0-4d9f-b486-4a48950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:51.000Z",
|
|
"modified": "2015-12-22T13:49:51.000Z",
|
|
"description": "- Xchecked via VT: 07270db65db7e6bc80f7713845a8300a",
|
|
"pattern": "[file:hashes.SHA1 = '32178fc2525cb1739c5ddbdceb3d86e414b87bb5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ff-d4a4-491d-9038-425f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:51.000Z",
|
|
"modified": "2015-12-22T13:49:51.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/58b4756d12f29b94be8f514eb0447fae26e4f7bcae8ca9b6f55d48ba70bb6588/analysis/1450724660/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ff-b5b0-4f81-9edb-429d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:51.000Z",
|
|
"modified": "2015-12-22T13:49:51.000Z",
|
|
"description": "- Xchecked via VT: 15d1f21dbfc9b71f285f591bebfbfe73",
|
|
"pattern": "[file:hashes.SHA256 = 'faaacdb17fcc3603d1aca5ad004586e00ca00ce15feb207f2be88520719774dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--567954ff-c870-4308-9bb1-4075950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:51.000Z",
|
|
"modified": "2015-12-22T13:49:51.000Z",
|
|
"description": "- Xchecked via VT: 15d1f21dbfc9b71f285f591bebfbfe73",
|
|
"pattern": "[file:hashes.SHA1 = '84e9f9b23fa6654095c2b0204276f1b56335d66f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795500-fdd8-4808-ae93-4218950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:52.000Z",
|
|
"modified": "2015-12-22T13:49:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/faaacdb17fcc3603d1aca5ad004586e00ca00ce15feb207f2be88520719774dc/analysis/1390791906/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795500-e718-4d41-bcb4-4a8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:52.000Z",
|
|
"modified": "2015-12-22T13:49:52.000Z",
|
|
"description": "- Xchecked via VT: 29c18600dec3e79d4a0f3d51eb1579a2",
|
|
"pattern": "[file:hashes.SHA256 = '2879925e1207309309627c054826943998c417ce1ffe77ec22b30d40ffb7f898']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795500-8538-4394-b55f-42fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:52.000Z",
|
|
"modified": "2015-12-22T13:49:52.000Z",
|
|
"description": "- Xchecked via VT: 29c18600dec3e79d4a0f3d51eb1579a2",
|
|
"pattern": "[file:hashes.SHA1 = '086b1dc04982e8707d1f1d30ce1c1099a4ef08ee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795501-3bd8-48a8-8542-4bcb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:53.000Z",
|
|
"modified": "2015-12-22T13:49:53.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2879925e1207309309627c054826943998c417ce1ffe77ec22b30d40ffb7f898/analysis/1446041351/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795501-fa44-4a86-9b3c-4dd0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:53.000Z",
|
|
"modified": "2015-12-22T13:49:53.000Z",
|
|
"description": "- Xchecked via VT: ef999ee09422d4c4c3fd48c9c439f901",
|
|
"pattern": "[file:hashes.SHA256 = '89f3264bb732408e9c9902596659b0bfd3c74740e9761f7358581a28d5935f81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795501-4910-4e69-ae86-4c9f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:53.000Z",
|
|
"modified": "2015-12-22T13:49:53.000Z",
|
|
"description": "- Xchecked via VT: ef999ee09422d4c4c3fd48c9c439f901",
|
|
"pattern": "[file:hashes.SHA1 = '58cb1835de8b9ebc11003a6f38bf661a65bd8e71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795502-8ecc-4592-bffb-4ca4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:54.000Z",
|
|
"modified": "2015-12-22T13:49:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/89f3264bb732408e9c9902596659b0bfd3c74740e9761f7358581a28d5935f81/analysis/1378932491/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795502-aecc-4ba6-a157-4e1c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:54.000Z",
|
|
"modified": "2015-12-22T13:49:54.000Z",
|
|
"description": "- Xchecked via VT: 367c1c970f80bc5ae63c0b77f2e42992",
|
|
"pattern": "[file:hashes.SHA256 = 'fcc522e4c812157981de3bd3c437df1cd17209e404800c06698a6ba7a1f57e10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795502-a89c-449b-a964-4200950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:54.000Z",
|
|
"modified": "2015-12-22T13:49:54.000Z",
|
|
"description": "- Xchecked via VT: 367c1c970f80bc5ae63c0b77f2e42992",
|
|
"pattern": "[file:hashes.SHA1 = '7d8c26bd60d4f071bf3b66d571b30f292561a72a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795502-fab4-4935-bc7a-4039950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:54.000Z",
|
|
"modified": "2015-12-22T13:49:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fcc522e4c812157981de3bd3c437df1cd17209e404800c06698a6ba7a1f57e10/analysis/1401060140/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795503-76a8-4415-b4dc-4761950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:55.000Z",
|
|
"modified": "2015-12-22T13:49:55.000Z",
|
|
"description": "- Xchecked via VT: a1a637a880cfcd4694ed3db367eee2d6",
|
|
"pattern": "[file:hashes.SHA256 = '21c27c911235493984ebd730c499427e789bd7e7d24d0c8107316dafa283c4af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795503-a5d8-4513-a7b8-4a8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:55.000Z",
|
|
"modified": "2015-12-22T13:49:55.000Z",
|
|
"description": "- Xchecked via VT: a1a637a880cfcd4694ed3db367eee2d6",
|
|
"pattern": "[file:hashes.SHA1 = 'd930892cb387ddd7cc27a80376ef94a72d2b2cbd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795503-1550-40d0-803f-4fcb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:55.000Z",
|
|
"modified": "2015-12-22T13:49:55.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/21c27c911235493984ebd730c499427e789bd7e7d24d0c8107316dafa283c4af/analysis/1390306746/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795504-c548-4049-ad55-4998950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:56.000Z",
|
|
"modified": "2015-12-22T13:49:56.000Z",
|
|
"description": "- Xchecked via VT: e9d040438f8b7fd11f9fcc87f804b433",
|
|
"pattern": "[file:hashes.SHA256 = '9b9e177ced076591ca3c2a2711045fb4c59332be6c15566a9a86da0155a2f41c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795504-5024-4c58-a5d2-4511950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:56.000Z",
|
|
"modified": "2015-12-22T13:49:56.000Z",
|
|
"description": "- Xchecked via VT: e9d040438f8b7fd11f9fcc87f804b433",
|
|
"pattern": "[file:hashes.SHA1 = 'c501d4eca28382a59a69369736ee7bc31760a728']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795504-762c-455c-8c78-4bb9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:56.000Z",
|
|
"modified": "2015-12-22T13:49:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/9b9e177ced076591ca3c2a2711045fb4c59332be6c15566a9a86da0155a2f41c/analysis/1450711080/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795505-7aa8-46e9-86f0-4681950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:57.000Z",
|
|
"modified": "2015-12-22T13:49:57.000Z",
|
|
"description": "- Xchecked via VT: 60f2e101baf829bdcc0d1caa61863bd7",
|
|
"pattern": "[file:hashes.SHA256 = '990ca7a4b8ad50064594ddb9f08b1b5c2591ac22505d481e23db6b5aa94a30b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795505-cb68-401f-8f1f-4fcf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:57.000Z",
|
|
"modified": "2015-12-22T13:49:57.000Z",
|
|
"description": "- Xchecked via VT: 60f2e101baf829bdcc0d1caa61863bd7",
|
|
"pattern": "[file:hashes.SHA1 = '88ba4fef8fc652a2c625b4997aa3f94e363ee50d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795505-f8b8-4ffd-b6ac-4068950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:57.000Z",
|
|
"modified": "2015-12-22T13:49:57.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/990ca7a4b8ad50064594ddb9f08b1b5c2591ac22505d481e23db6b5aa94a30b9/analysis/1445529444/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795505-8500-4f81-ab5f-40ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:57.000Z",
|
|
"modified": "2015-12-22T13:49:57.000Z",
|
|
"description": "- Xchecked via VT: fd94458c0de734c45a226aae6d54bf6e",
|
|
"pattern": "[file:hashes.SHA256 = '56a58de1251b66784b33259bd2c6350f38ae3ae35cb46916379d89e77f0d4ec4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795506-c238-4d1d-9c35-4dbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:58.000Z",
|
|
"modified": "2015-12-22T13:49:58.000Z",
|
|
"description": "- Xchecked via VT: fd94458c0de734c45a226aae6d54bf6e",
|
|
"pattern": "[file:hashes.SHA1 = '15c886f569a3a4758b185aa99788f0293654171b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795506-e458-4d51-9384-44fa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:58.000Z",
|
|
"modified": "2015-12-22T13:49:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/56a58de1251b66784b33259bd2c6350f38ae3ae35cb46916379d89e77f0d4ec4/analysis/1445775022/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795506-3734-4ac8-baf1-4509950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:58.000Z",
|
|
"modified": "2015-12-22T13:49:58.000Z",
|
|
"description": "- Xchecked via VT: b44aef3870c3a92d01c42e957f0410a2",
|
|
"pattern": "[file:hashes.SHA256 = 'ef90072bef255a48d144de646d17a3ca04cc3ef60e447d4a811c9b60afdc7941']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795507-520c-4fc2-8e6e-4d25950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:59.000Z",
|
|
"modified": "2015-12-22T13:49:59.000Z",
|
|
"description": "- Xchecked via VT: b44aef3870c3a92d01c42e957f0410a2",
|
|
"pattern": "[file:hashes.SHA1 = 'd14c98532da6a0805062f09e48c10b2af81e80ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795507-1e8c-411f-aa60-4529950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:59.000Z",
|
|
"modified": "2015-12-22T13:49:59.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ef90072bef255a48d144de646d17a3ca04cc3ef60e447d4a811c9b60afdc7941/analysis/1449639809/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795507-ec74-4972-ac4f-4827950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:59.000Z",
|
|
"modified": "2015-12-22T13:49:59.000Z",
|
|
"description": "- Xchecked via VT: 2bcdc5091c446e8b6888d802a3589e09",
|
|
"pattern": "[file:hashes.SHA256 = '946912b3e095c62d42c8c7acee48e5dde6fd0b6b8ebfd63392021b1786dc7835']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795507-253c-4168-a24f-48b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:49:59.000Z",
|
|
"modified": "2015-12-22T13:49:59.000Z",
|
|
"description": "- Xchecked via VT: 2bcdc5091c446e8b6888d802a3589e09",
|
|
"pattern": "[file:hashes.SHA1 = '015465716c4f1b1a4fbae608dd7dc2f80ba1bc63']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:49:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795508-1b38-4fc8-a62f-4911950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:00.000Z",
|
|
"modified": "2015-12-22T13:50:00.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/946912b3e095c62d42c8c7acee48e5dde6fd0b6b8ebfd63392021b1786dc7835/analysis/1445878466/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795508-6b2c-4134-a9e5-40a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:00.000Z",
|
|
"modified": "2015-12-22T13:50:00.000Z",
|
|
"description": "- Xchecked via VT: 02970a6af18219b9a3871b9de22ae2da",
|
|
"pattern": "[file:hashes.SHA256 = '2fd73390d1070878467ac913122bc3cd6e55b43fac424385bae5a0bb5c4f83b8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795508-1924-424c-b34d-432b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:00.000Z",
|
|
"modified": "2015-12-22T13:50:00.000Z",
|
|
"description": "- Xchecked via VT: 02970a6af18219b9a3871b9de22ae2da",
|
|
"pattern": "[file:hashes.SHA1 = '6cae275e08d0da66692eede615fe4835504e9714']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795509-5fe8-44fd-a85e-42fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:01.000Z",
|
|
"modified": "2015-12-22T13:50:01.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2fd73390d1070878467ac913122bc3cd6e55b43fac424385bae5a0bb5c4f83b8/analysis/1432341355/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795509-ef38-4580-95d5-4c1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:01.000Z",
|
|
"modified": "2015-12-22T13:50:01.000Z",
|
|
"description": "- Xchecked via VT: 8fb481592cf8547ce50d44f629619a64",
|
|
"pattern": "[file:hashes.SHA256 = '1fb953be7c4c052e9330dc453c9dfc9ad20777d6cd58cf913b096cc97470a64f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795509-6f88-4f76-8e5f-48de950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:01.000Z",
|
|
"modified": "2015-12-22T13:50:01.000Z",
|
|
"description": "- Xchecked via VT: 8fb481592cf8547ce50d44f629619a64",
|
|
"pattern": "[file:hashes.SHA1 = 'ad77fc01e5d96b423a171b75037138b9f5e8d061']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550a-2424-4fd6-8ffa-40bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:02.000Z",
|
|
"modified": "2015-12-22T13:50:02.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1fb953be7c4c052e9330dc453c9dfc9ad20777d6cd58cf913b096cc97470a64f/analysis/1445525545/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550a-d5c8-4353-b6f6-4232950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:02.000Z",
|
|
"modified": "2015-12-22T13:50:02.000Z",
|
|
"description": "- Xchecked via VT: 10a7cf11e719997ae90c9822d397dcc0",
|
|
"pattern": "[file:hashes.SHA256 = '4101361765860774f338cece106a2d1d80b0246978fd0691bdad7d74387d5ca9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550a-c988-4e7f-8ae4-4986950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:02.000Z",
|
|
"modified": "2015-12-22T13:50:02.000Z",
|
|
"description": "- Xchecked via VT: 10a7cf11e719997ae90c9822d397dcc0",
|
|
"pattern": "[file:hashes.SHA1 = 'ac81ec6014e6e6132a169f9cdb4c9c8bc3309665']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550a-7f7c-478f-93fe-4c19950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:02.000Z",
|
|
"modified": "2015-12-22T13:50:02.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4101361765860774f338cece106a2d1d80b0246978fd0691bdad7d74387d5ca9/analysis/1410129544/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550b-9d78-41a3-9542-4802950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:03.000Z",
|
|
"modified": "2015-12-22T13:50:03.000Z",
|
|
"description": "- Xchecked via VT: f975521a337dbd521fb6e63bd18b6f8e",
|
|
"pattern": "[file:hashes.SHA256 = 'af04cfaed970d361318c4984d0043dd5cec82fffa54ddb4a3fccad4a8084812e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550b-8ee8-4d07-bde9-41ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:03.000Z",
|
|
"modified": "2015-12-22T13:50:03.000Z",
|
|
"description": "- Xchecked via VT: f975521a337dbd521fb6e63bd18b6f8e",
|
|
"pattern": "[file:hashes.SHA1 = '1484ded4e6a4f70cfc23b0fd4f467ae3110c6f06']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550b-61c4-419a-81ce-4f74950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:03.000Z",
|
|
"modified": "2015-12-22T13:50:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/af04cfaed970d361318c4984d0043dd5cec82fffa54ddb4a3fccad4a8084812e/analysis/1387565103/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550c-f258-4a53-bbd7-4f5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:04.000Z",
|
|
"modified": "2015-12-22T13:50:04.000Z",
|
|
"description": "- Xchecked via VT: a5ee4fbb72543b8f884af592b9d99a93",
|
|
"pattern": "[file:hashes.SHA256 = '6098b1474aac0fe4a6c8f5c140ca6cb5cf505d50be47f46bd3fc4d54ee7b8c32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550c-b77c-4364-810f-4b73950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:04.000Z",
|
|
"modified": "2015-12-22T13:50:04.000Z",
|
|
"description": "- Xchecked via VT: a5ee4fbb72543b8f884af592b9d99a93",
|
|
"pattern": "[file:hashes.SHA1 = 'f0a49f003fe2bec38099f48d15fb4f37ecd0a88b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550c-f70c-4ca0-8aba-49ed950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:04.000Z",
|
|
"modified": "2015-12-22T13:50:04.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6098b1474aac0fe4a6c8f5c140ca6cb5cf505d50be47f46bd3fc4d54ee7b8c32/analysis/1412637152/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550c-0d50-4305-a8a1-4cb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:04.000Z",
|
|
"modified": "2015-12-22T13:50:04.000Z",
|
|
"description": "- Xchecked via VT: 0731b597e61c2fd74577239fc53c794b",
|
|
"pattern": "[file:hashes.SHA256 = 'fe23577d1480bedcd63037921bbd5a55e86171c1a7dc97667df6a674ca0044fc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550d-bb08-4bd6-b760-49e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:05.000Z",
|
|
"modified": "2015-12-22T13:50:05.000Z",
|
|
"description": "- Xchecked via VT: 0731b597e61c2fd74577239fc53c794b",
|
|
"pattern": "[file:hashes.SHA1 = '85bf7df302e1e4e096ad8d385cac2ef004457ba9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550d-44bc-49cd-8ba6-4d14950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:05.000Z",
|
|
"modified": "2015-12-22T13:50:05.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fe23577d1480bedcd63037921bbd5a55e86171c1a7dc97667df6a674ca0044fc/analysis/1447174703/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550d-7ba4-4af2-9ae4-4551950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:05.000Z",
|
|
"modified": "2015-12-22T13:50:05.000Z",
|
|
"description": "- Xchecked via VT: c5e4cbb5d1ec1ee5f28a1cdf5b8a92c9",
|
|
"pattern": "[file:hashes.SHA256 = '2e842fefca07b3819171782ee81e8f3afafbef1113a827d241ace3390db16aa5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550d-66a4-4361-b35d-42df950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:05.000Z",
|
|
"modified": "2015-12-22T13:50:05.000Z",
|
|
"description": "- Xchecked via VT: c5e4cbb5d1ec1ee5f28a1cdf5b8a92c9",
|
|
"pattern": "[file:hashes.SHA1 = 'aa146940b39f375a091fedb3aa08f0f2fe5f51ad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550e-5db8-4a04-84a9-4204950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:06.000Z",
|
|
"modified": "2015-12-22T13:50:06.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2e842fefca07b3819171782ee81e8f3afafbef1113a827d241ace3390db16aa5/analysis/1443006041/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550e-c250-4bdb-b0fe-471e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:06.000Z",
|
|
"modified": "2015-12-22T13:50:06.000Z",
|
|
"description": "- Xchecked via VT: c77aea623b26bc33c0cf2937a0c93aa3",
|
|
"pattern": "[file:hashes.SHA256 = '8a0aff7576d27e0ee1d3fbd30b65d8eea9e8bc1401ebebb4aadda9d02360186b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550e-d3ac-41ef-927e-4557950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:06.000Z",
|
|
"modified": "2015-12-22T13:50:06.000Z",
|
|
"description": "- Xchecked via VT: c77aea623b26bc33c0cf2937a0c93aa3",
|
|
"pattern": "[file:hashes.SHA1 = '9051e2cff57fe079a41c12ebd47c93fb609ea8db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550e-b338-4ced-8554-4fb6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:06.000Z",
|
|
"modified": "2015-12-22T13:50:06.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8a0aff7576d27e0ee1d3fbd30b65d8eea9e8bc1401ebebb4aadda9d02360186b/analysis/1389976141/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550f-562c-40e0-b2f7-4b0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:07.000Z",
|
|
"modified": "2015-12-22T13:50:07.000Z",
|
|
"description": "- Xchecked via VT: 4558b9bb1362385d8df2d5dc43ac1819",
|
|
"pattern": "[file:hashes.SHA256 = 'e15d390a48e83c68e1aa2f0d82d35a1437c6dac537ffff380ef20b4e39f42126']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550f-2750-40ba-8f93-418e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:07.000Z",
|
|
"modified": "2015-12-22T13:50:07.000Z",
|
|
"description": "- Xchecked via VT: 4558b9bb1362385d8df2d5dc43ac1819",
|
|
"pattern": "[file:hashes.SHA1 = 'a5cba592f24b13bbda0c2c7a948ec4f876dc19d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679550f-d1c4-4f63-87a9-42d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:07.000Z",
|
|
"modified": "2015-12-22T13:50:07.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e15d390a48e83c68e1aa2f0d82d35a1437c6dac537ffff380ef20b4e39f42126/analysis/1410172701/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795510-9750-495a-9e89-4cff950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:08.000Z",
|
|
"modified": "2015-12-22T13:50:08.000Z",
|
|
"description": "- Xchecked via VT: 89e2a404202e83cde0bbe360b3469cc3",
|
|
"pattern": "[file:hashes.SHA256 = '1701e2bbff252bd6a1a593e6495fc75d4e4b693b24950aedc0ce70a6f575e4d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795510-9650-4d88-ba12-4f0f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:08.000Z",
|
|
"modified": "2015-12-22T13:50:08.000Z",
|
|
"description": "- Xchecked via VT: 89e2a404202e83cde0bbe360b3469cc3",
|
|
"pattern": "[file:hashes.SHA1 = '5f3bb0a4f067d97c545f82595b5e199ce5e61ffb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795510-56dc-4dde-88c0-44f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:08.000Z",
|
|
"modified": "2015-12-22T13:50:08.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1701e2bbff252bd6a1a593e6495fc75d4e4b693b24950aedc0ce70a6f575e4d4/analysis/1376903300/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795510-a860-467f-bcbb-4c8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:08.000Z",
|
|
"modified": "2015-12-22T13:50:08.000Z",
|
|
"description": "- Xchecked via VT: 6289d7079d489e416fdc4633a6dc51c3",
|
|
"pattern": "[file:hashes.SHA256 = 'cfa29d4271e2877ad06226cb27532cd31cca3407fb5dd519c10f6efecdcd467f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795511-a710-4487-8c96-4d1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:09.000Z",
|
|
"modified": "2015-12-22T13:50:09.000Z",
|
|
"description": "- Xchecked via VT: 6289d7079d489e416fdc4633a6dc51c3",
|
|
"pattern": "[file:hashes.SHA1 = 'd9908cc8296b085c2e118316ed62efe39270ed62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795511-57e0-498d-a452-483e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:09.000Z",
|
|
"modified": "2015-12-22T13:50:09.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/cfa29d4271e2877ad06226cb27532cd31cca3407fb5dd519c10f6efecdcd467f/analysis/1445821402/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795511-565c-40db-baa3-47ba950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:09.000Z",
|
|
"modified": "2015-12-22T13:50:09.000Z",
|
|
"description": "- Xchecked via VT: fc93a311e8b6456c77d5e910ff6eff3a",
|
|
"pattern": "[file:hashes.SHA256 = '6c92965feb7f901b56d3b949ee2cdace9c9fc9f4ebf7cdf46056a62581f60371']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795512-9734-4f1e-adfa-4f9f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:10.000Z",
|
|
"modified": "2015-12-22T13:50:10.000Z",
|
|
"description": "- Xchecked via VT: fc93a311e8b6456c77d5e910ff6eff3a",
|
|
"pattern": "[file:hashes.SHA1 = '650198e4e1ddd588887b6abb431b55bfbfac938b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795512-9304-489e-8243-4a18950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:10.000Z",
|
|
"modified": "2015-12-22T13:50:10.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6c92965feb7f901b56d3b949ee2cdace9c9fc9f4ebf7cdf46056a62581f60371/analysis/1450367645/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795512-49a8-4b65-a547-4ef8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:10.000Z",
|
|
"modified": "2015-12-22T13:50:10.000Z",
|
|
"description": "- Xchecked via VT: bedff13cbce76b7e2cda49a68c40a533",
|
|
"pattern": "[file:hashes.SHA256 = '71abf135f0f51caffda929df03f11bf87737d3e9a5486a3c6f76cdcd31f6217d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795513-2968-4590-98ca-4da1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:11.000Z",
|
|
"modified": "2015-12-22T13:50:11.000Z",
|
|
"description": "- Xchecked via VT: bedff13cbce76b7e2cda49a68c40a533",
|
|
"pattern": "[file:hashes.SHA1 = '569dc654b0ea7d71153e19a1cc570191b93376da']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795513-8b6c-4064-b307-445e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:11.000Z",
|
|
"modified": "2015-12-22T13:50:11.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/71abf135f0f51caffda929df03f11bf87737d3e9a5486a3c6f76cdcd31f6217d/analysis/1388827206/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795513-83a0-47cc-b7a6-4b03950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:11.000Z",
|
|
"modified": "2015-12-22T13:50:11.000Z",
|
|
"description": "- Xchecked via VT: f9d875a879a9ed3cd6ec960b0af975a2",
|
|
"pattern": "[file:hashes.SHA256 = '8ee83cbe71bd82406d3213cb33e11c1ff57e7329eaa5740450fad297ddb35524']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795513-7868-490a-88ba-4c2f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:11.000Z",
|
|
"modified": "2015-12-22T13:50:11.000Z",
|
|
"description": "- Xchecked via VT: f9d875a879a9ed3cd6ec960b0af975a2",
|
|
"pattern": "[file:hashes.SHA1 = 'f796a2c3f4bf43957c1b0479b3d2d5791ea4ff99']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795514-ea04-46b0-a148-49c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:12.000Z",
|
|
"modified": "2015-12-22T13:50:12.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8ee83cbe71bd82406d3213cb33e11c1ff57e7329eaa5740450fad297ddb35524/analysis/1406940091/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795514-7720-4923-9336-4d50950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:12.000Z",
|
|
"modified": "2015-12-22T13:50:12.000Z",
|
|
"description": "- Xchecked via VT: 2aa75eee002fab24049b162ce8407015",
|
|
"pattern": "[file:hashes.SHA256 = 'b39302d002e1991fa61b38f2f6d8211e812e19a5bc801b409fc11d1f0e857a68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795514-e524-443a-ac3d-4def950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:12.000Z",
|
|
"modified": "2015-12-22T13:50:12.000Z",
|
|
"description": "- Xchecked via VT: 2aa75eee002fab24049b162ce8407015",
|
|
"pattern": "[file:hashes.SHA1 = 'd756489dd7ca2b8c484a10520625f76e5bb53252']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795515-cf44-466d-a5e8-4f89950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:13.000Z",
|
|
"modified": "2015-12-22T13:50:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b39302d002e1991fa61b38f2f6d8211e812e19a5bc801b409fc11d1f0e857a68/analysis/1392416703/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795515-dad8-4b1c-ae77-4d13950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:13.000Z",
|
|
"modified": "2015-12-22T13:50:13.000Z",
|
|
"description": "- Xchecked via VT: 9b041817fe2dbe1b58af0842b4b15e01",
|
|
"pattern": "[file:hashes.SHA256 = '9e7a92a3f1ef7df653cfc86110033ee8a4e9c4aa0b2d9dff4ede7bd9e51fabd5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795515-f15c-419c-8b5e-4a6b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:13.000Z",
|
|
"modified": "2015-12-22T13:50:13.000Z",
|
|
"description": "- Xchecked via VT: 9b041817fe2dbe1b58af0842b4b15e01",
|
|
"pattern": "[file:hashes.SHA1 = '4bbacf1bb1f33bc6e848fdf47182987511ded854']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795515-48b8-4b28-8a75-4c73950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:13.000Z",
|
|
"modified": "2015-12-22T13:50:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/9e7a92a3f1ef7df653cfc86110033ee8a4e9c4aa0b2d9dff4ede7bd9e51fabd5/analysis/1396293998/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795516-3e5c-494b-8851-4169950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:14.000Z",
|
|
"modified": "2015-12-22T13:50:14.000Z",
|
|
"description": "- Xchecked via VT: ee9e3b26bbbb89c4582f940ed03115c5",
|
|
"pattern": "[file:hashes.SHA256 = '50e7f7d0e420bf620927aff500baa0d9c4e0cfce971929de5f9a52ba46c8ebff']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795516-0d50-4314-8c1d-4b5e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:14.000Z",
|
|
"modified": "2015-12-22T13:50:14.000Z",
|
|
"description": "- Xchecked via VT: ee9e3b26bbbb89c4582f940ed03115c5",
|
|
"pattern": "[file:hashes.SHA1 = '1288630cfe18b37d94c759084bc72137dff493a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795516-ec78-462b-b405-4575950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:14.000Z",
|
|
"modified": "2015-12-22T13:50:14.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/50e7f7d0e420bf620927aff500baa0d9c4e0cfce971929de5f9a52ba46c8ebff/analysis/1378155943/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795517-8c48-4f57-bd2b-4c59950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:15.000Z",
|
|
"modified": "2015-12-22T13:50:15.000Z",
|
|
"description": "- Xchecked via VT: 07561810d818905851ce6ab2c1152871",
|
|
"pattern": "[file:hashes.SHA256 = 'bcdf41a52496b9bb01b88b74bedba23b043380950109ec609c0c0a39ef708497']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795517-8eb4-4e85-b349-48ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:15.000Z",
|
|
"modified": "2015-12-22T13:50:15.000Z",
|
|
"description": "- Xchecked via VT: 07561810d818905851ce6ab2c1152871",
|
|
"pattern": "[file:hashes.SHA1 = '900804af148968f3bb18f94bc005b6bd6e7b0010']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795517-8334-41b1-b218-4ba5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:15.000Z",
|
|
"modified": "2015-12-22T13:50:15.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bcdf41a52496b9bb01b88b74bedba23b043380950109ec609c0c0a39ef708497/analysis/1388743674/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795518-fcd8-4bb3-9e7c-4c73950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:16.000Z",
|
|
"modified": "2015-12-22T13:50:16.000Z",
|
|
"description": "- Xchecked via VT: fea84eb04892bbabf73e8f494fa05e15",
|
|
"pattern": "[file:hashes.SHA256 = '88aac5816ecf596581d705f4ec05006b8f3b0706dbd73bf4ea040589eac8db19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795518-d62c-4d35-a016-480f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:16.000Z",
|
|
"modified": "2015-12-22T13:50:16.000Z",
|
|
"description": "- Xchecked via VT: fea84eb04892bbabf73e8f494fa05e15",
|
|
"pattern": "[file:hashes.SHA1 = '5145b1e6073c9cb9950d1e6946c3ac8cb1cc1c53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795518-36c8-4348-b240-4e70950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:16.000Z",
|
|
"modified": "2015-12-22T13:50:16.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/88aac5816ecf596581d705f4ec05006b8f3b0706dbd73bf4ea040589eac8db19/analysis/1348513613/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795518-d3ec-4ba3-8bee-4d87950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:16.000Z",
|
|
"modified": "2015-12-22T13:50:16.000Z",
|
|
"description": "- Xchecked via VT: 933126ab45f10b76c90672099ab3c432",
|
|
"pattern": "[file:hashes.SHA256 = '1ddff48986f410542a10bc035661dc30907208b99f26bd3b8ca9e51c21e21f41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795519-3ea0-4c85-a6a8-4a7b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:17.000Z",
|
|
"modified": "2015-12-22T13:50:17.000Z",
|
|
"description": "- Xchecked via VT: 933126ab45f10b76c90672099ab3c432",
|
|
"pattern": "[file:hashes.SHA1 = '5552a625a6ddb82a9f001a50bb0c582e0296f998']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795519-3994-4ea0-952a-4794950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:17.000Z",
|
|
"modified": "2015-12-22T13:50:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1ddff48986f410542a10bc035661dc30907208b99f26bd3b8ca9e51c21e21f41/analysis/1393852160/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795519-5aa8-4fc9-bcef-4897950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:17.000Z",
|
|
"modified": "2015-12-22T13:50:17.000Z",
|
|
"description": "- Xchecked via VT: 30e22da1e83695a42804b339fb72d364",
|
|
"pattern": "[file:hashes.SHA256 = '80c40d34f9e361686d882f51a165c3f10360d0148293e48a75e93d50a87fe1cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551a-554c-4055-a073-419f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:18.000Z",
|
|
"modified": "2015-12-22T13:50:18.000Z",
|
|
"description": "- Xchecked via VT: 30e22da1e83695a42804b339fb72d364",
|
|
"pattern": "[file:hashes.SHA1 = 'beb907e8145e0c6536ba4bc3814eddeda184778c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551a-684c-4a3b-b149-4235950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:18.000Z",
|
|
"modified": "2015-12-22T13:50:18.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/80c40d34f9e361686d882f51a165c3f10360d0148293e48a75e93d50a87fe1cc/analysis/1390307854/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551a-1968-4c51-b79c-498b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:18.000Z",
|
|
"modified": "2015-12-22T13:50:18.000Z",
|
|
"description": "- Xchecked via VT: 4a8b6c73a347e928930af80349864471",
|
|
"pattern": "[file:hashes.SHA256 = '1570e9903cbac9d1042d0dd0fa17a7e8120dc12fb0bf3b518663d2e162e7d953']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551a-2a50-4a5d-9605-4a7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:18.000Z",
|
|
"modified": "2015-12-22T13:50:18.000Z",
|
|
"description": "- Xchecked via VT: 4a8b6c73a347e928930af80349864471",
|
|
"pattern": "[file:hashes.SHA1 = 'f7af610c69ead71ddb54d9aeb9c6996f4e0283d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551b-56b4-4913-ba79-4275950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:19.000Z",
|
|
"modified": "2015-12-22T13:50:19.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1570e9903cbac9d1042d0dd0fa17a7e8120dc12fb0bf3b518663d2e162e7d953/analysis/1445887865/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551b-fcbc-4cd2-81dc-451f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:19.000Z",
|
|
"modified": "2015-12-22T13:50:19.000Z",
|
|
"description": "- Xchecked via VT: 2d24c8355288f3f10271cbd13af4f43e",
|
|
"pattern": "[file:hashes.SHA256 = '1efd3bd9b16ca64e2b5eafb0daf015dc006eafe0fe7e7e9d761ffd7c709d62f6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551b-3558-416c-9fe2-4955950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:19.000Z",
|
|
"modified": "2015-12-22T13:50:19.000Z",
|
|
"description": "- Xchecked via VT: 2d24c8355288f3f10271cbd13af4f43e",
|
|
"pattern": "[file:hashes.SHA1 = 'dc62899866b403355926b7847bcfbde969da5ba8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551c-85bc-4778-afd2-4527950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:20.000Z",
|
|
"modified": "2015-12-22T13:50:20.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1efd3bd9b16ca64e2b5eafb0daf015dc006eafe0fe7e7e9d761ffd7c709d62f6/analysis/1424893429/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551c-07d4-486e-acf3-4ca9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:20.000Z",
|
|
"modified": "2015-12-22T13:50:20.000Z",
|
|
"description": "- Xchecked via VT: 8d2c1314c63b98fd3a74e5258f0ea0f8",
|
|
"pattern": "[file:hashes.SHA256 = '5f113c63bb0cce4b51d477c6a9f4a430d3d7bbe5607d423eed1414fb0b76d960']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551c-0dcc-4fd5-a46e-4ec4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:20.000Z",
|
|
"modified": "2015-12-22T13:50:20.000Z",
|
|
"description": "- Xchecked via VT: 8d2c1314c63b98fd3a74e5258f0ea0f8",
|
|
"pattern": "[file:hashes.SHA1 = 'c0c0f98d8cc7dffd991624109789d5c459a6f70c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551d-0de8-4104-8080-429c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:21.000Z",
|
|
"modified": "2015-12-22T13:50:21.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/5f113c63bb0cce4b51d477c6a9f4a430d3d7bbe5607d423eed1414fb0b76d960/analysis/1401876380/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551d-e11c-4f23-8e56-41c9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:21.000Z",
|
|
"modified": "2015-12-22T13:50:21.000Z",
|
|
"description": "- Xchecked via VT: 1eac78fc15d2463d9b5a940b74959241",
|
|
"pattern": "[file:hashes.SHA256 = '7e24fdf1b73a9fd0d8b86a01173f20650a80026bfae15e911bcb225066f2764b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551d-8ef0-4692-955f-44ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:21.000Z",
|
|
"modified": "2015-12-22T13:50:21.000Z",
|
|
"description": "- Xchecked via VT: 1eac78fc15d2463d9b5a940b74959241",
|
|
"pattern": "[file:hashes.SHA1 = '3f1cf83eb953d780f8617aa4d8cc84420a3bccde']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551d-c8ac-4da4-9ff3-4642950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:21.000Z",
|
|
"modified": "2015-12-22T13:50:21.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7e24fdf1b73a9fd0d8b86a01173f20650a80026bfae15e911bcb225066f2764b/analysis/1410575956/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551e-28d0-49c2-a93f-4e6f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:22.000Z",
|
|
"modified": "2015-12-22T13:50:22.000Z",
|
|
"description": "- Xchecked via VT: ccc100b9b54597da7a7d4f6b4c2db234",
|
|
"pattern": "[file:hashes.SHA256 = '38444848f23b7de491fface257d2f68161fb48042666051b66f9556059a03101']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551e-1d34-4497-8671-4935950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:22.000Z",
|
|
"modified": "2015-12-22T13:50:22.000Z",
|
|
"description": "- Xchecked via VT: ccc100b9b54597da7a7d4f6b4c2db234",
|
|
"pattern": "[file:hashes.SHA1 = '6457002bcae6f511d6a6bd9a408679cfda3165ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551e-c760-4692-a1d0-44d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:22.000Z",
|
|
"modified": "2015-12-22T13:50:22.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/38444848f23b7de491fface257d2f68161fb48042666051b66f9556059a03101/analysis/1383144636/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551f-6cc4-4360-93d5-4550950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:23.000Z",
|
|
"modified": "2015-12-22T13:50:23.000Z",
|
|
"description": "- Xchecked via VT: 96662139f5058164a04aa7cf4e486ef5",
|
|
"pattern": "[file:hashes.SHA256 = '97de9e88290b8858a9c361c258f3c42e1b59fbad576a7b3c33913a3a7ee1f0d6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551f-9ea0-48c5-b91c-47a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:23.000Z",
|
|
"modified": "2015-12-22T13:50:23.000Z",
|
|
"description": "- Xchecked via VT: 96662139f5058164a04aa7cf4e486ef5",
|
|
"pattern": "[file:hashes.SHA1 = 'c9c96109b38d55f2188ff1d7cbf8a196dd3b8b2e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679551f-2d74-4c85-9100-4d43950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:23.000Z",
|
|
"modified": "2015-12-22T13:50:23.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/97de9e88290b8858a9c361c258f3c42e1b59fbad576a7b3c33913a3a7ee1f0d6/analysis/1436491738/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795520-9ec0-47c8-8a5b-43a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:24.000Z",
|
|
"modified": "2015-12-22T13:50:24.000Z",
|
|
"description": "- Xchecked via VT: 1f139ee4a6091d4125102bb5dcdb1191",
|
|
"pattern": "[file:hashes.SHA256 = '993c26e5f7f2e6af89becbe9e8b494612c396efe4a7469b319ee47a5b2793c2c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795520-1d44-4aa5-8ee7-447d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:24.000Z",
|
|
"modified": "2015-12-22T13:50:24.000Z",
|
|
"description": "- Xchecked via VT: 1f139ee4a6091d4125102bb5dcdb1191",
|
|
"pattern": "[file:hashes.SHA1 = '0e1478279f0ebf184d8f1148831cbd9791133a82']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795520-1b90-408c-b035-438b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:24.000Z",
|
|
"modified": "2015-12-22T13:50:24.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/993c26e5f7f2e6af89becbe9e8b494612c396efe4a7469b319ee47a5b2793c2c/analysis/1381460576/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795520-1b54-4bcf-9b6e-416f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:24.000Z",
|
|
"modified": "2015-12-22T13:50:24.000Z",
|
|
"description": "- Xchecked via VT: 5d7bf2f79727fe332035728dfce9fccb",
|
|
"pattern": "[file:hashes.SHA256 = '0d1141e948034a66453651550ff2ddcd44e8f6cf00990bdc270751f17e8b3b20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795521-6a3c-4ee6-b878-450a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:25.000Z",
|
|
"modified": "2015-12-22T13:50:25.000Z",
|
|
"description": "- Xchecked via VT: 5d7bf2f79727fe332035728dfce9fccb",
|
|
"pattern": "[file:hashes.SHA1 = '4721e86a87ac3d1df71916cdf243edf7e213944f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795521-7f94-46d4-b0bd-4e32950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:25.000Z",
|
|
"modified": "2015-12-22T13:50:25.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0d1141e948034a66453651550ff2ddcd44e8f6cf00990bdc270751f17e8b3b20/analysis/1422730851/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795521-67e8-4609-9b18-422a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:25.000Z",
|
|
"modified": "2015-12-22T13:50:25.000Z",
|
|
"description": "- Xchecked via VT: e22202c0f39502b530dfa70733876013",
|
|
"pattern": "[file:hashes.SHA256 = 'da288b65ace414c47fd75f8136e70070d44297d159ead2f3a42cfd6b422dcfb2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795522-b4f8-43aa-b45d-4979950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:26.000Z",
|
|
"modified": "2015-12-22T13:50:26.000Z",
|
|
"description": "- Xchecked via VT: e22202c0f39502b530dfa70733876013",
|
|
"pattern": "[file:hashes.SHA1 = '38f34f335b144d0338ee35fe969284cde8df5c28']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795522-3340-4adf-9603-4be4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:26.000Z",
|
|
"modified": "2015-12-22T13:50:26.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/da288b65ace414c47fd75f8136e70070d44297d159ead2f3a42cfd6b422dcfb2/analysis/1411041968/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795522-5650-4dc3-8180-4ae6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:26.000Z",
|
|
"modified": "2015-12-22T13:50:26.000Z",
|
|
"description": "- Xchecked via VT: ceb4a5b0c484514b61b290ca82b1ba68",
|
|
"pattern": "[file:hashes.SHA256 = 'e15977256b0157b5239aa2d3af7a0c690ac4baac299a1120b9f8fa2923bbc958']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795522-7194-40a8-9577-4a6c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:26.000Z",
|
|
"modified": "2015-12-22T13:50:26.000Z",
|
|
"description": "- Xchecked via VT: ceb4a5b0c484514b61b290ca82b1ba68",
|
|
"pattern": "[file:hashes.SHA1 = '109a68643a521d42dacf974edb41e686425c297e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795523-a0f4-4b98-87c8-4103950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:27.000Z",
|
|
"modified": "2015-12-22T13:50:27.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e15977256b0157b5239aa2d3af7a0c690ac4baac299a1120b9f8fa2923bbc958/analysis/1408115756/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795523-3824-4913-87c4-4d0b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:27.000Z",
|
|
"modified": "2015-12-22T13:50:27.000Z",
|
|
"description": "- Xchecked via VT: b7f04d268134faa3f8aaec5e8e25d0f8",
|
|
"pattern": "[file:hashes.SHA256 = 'b8368af3c1aab14ed32bccb398cc700fe3484f76dfe28d38cec7db896e0a725c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795523-b9b0-435b-8528-4732950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:27.000Z",
|
|
"modified": "2015-12-22T13:50:27.000Z",
|
|
"description": "- Xchecked via VT: b7f04d268134faa3f8aaec5e8e25d0f8",
|
|
"pattern": "[file:hashes.SHA1 = '67e3a848338d4707b693e586e9d356aaa8cebded']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795524-4a9c-47d8-8832-42dc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:28.000Z",
|
|
"modified": "2015-12-22T13:50:28.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b8368af3c1aab14ed32bccb398cc700fe3484f76dfe28d38cec7db896e0a725c/analysis/1450458836/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795524-8858-4f5b-a6e4-4f38950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:28.000Z",
|
|
"modified": "2015-12-22T13:50:28.000Z",
|
|
"description": "- Xchecked via VT: f70ed3e755f2aa6c1dac27fe2ffc5d6f",
|
|
"pattern": "[file:hashes.SHA256 = 'bc0afb9e46f423c420806bcd4908b2fc13e893245fa22f10f906e772716f89de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795524-5de0-4a64-9d21-45d4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:28.000Z",
|
|
"modified": "2015-12-22T13:50:28.000Z",
|
|
"description": "- Xchecked via VT: f70ed3e755f2aa6c1dac27fe2ffc5d6f",
|
|
"pattern": "[file:hashes.SHA1 = '1ce9a50139e5442ed281fd09b87b4985ea0a0749']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795525-a00c-42c2-899d-4d69950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:29.000Z",
|
|
"modified": "2015-12-22T13:50:29.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bc0afb9e46f423c420806bcd4908b2fc13e893245fa22f10f906e772716f89de/analysis/1364959693/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795525-8500-4927-96ca-444b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:29.000Z",
|
|
"modified": "2015-12-22T13:50:29.000Z",
|
|
"description": "- Xchecked via VT: 9ccfc2041d5a3b98db5c85b8a8a875da",
|
|
"pattern": "[file:hashes.SHA256 = 'ca15c8fff3ea9c9a48e6eae9aca70c15d9be8346a2198d608d1bc60b3c86e53c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795525-b374-4bc4-bb78-458e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:29.000Z",
|
|
"modified": "2015-12-22T13:50:29.000Z",
|
|
"description": "- Xchecked via VT: 9ccfc2041d5a3b98db5c85b8a8a875da",
|
|
"pattern": "[file:hashes.SHA1 = '5616dde8b995d786ef3c546d2b67aab0a660e0c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795525-2138-435d-a81e-41eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:29.000Z",
|
|
"modified": "2015-12-22T13:50:29.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/ca15c8fff3ea9c9a48e6eae9aca70c15d9be8346a2198d608d1bc60b3c86e53c/analysis/1410140229/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795526-1a7c-4141-a5da-4725950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:30.000Z",
|
|
"modified": "2015-12-22T13:50:30.000Z",
|
|
"description": "- Xchecked via VT: 4820b8649083f2c7a64912cd3cb72c87",
|
|
"pattern": "[file:hashes.SHA256 = '63b2699cd7fd7ede2fe5ca3cc6e6882741d23914d10d4d6fc4b7df812b2c9b67']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795526-6770-4f3f-ac9a-4ac3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:30.000Z",
|
|
"modified": "2015-12-22T13:50:30.000Z",
|
|
"description": "- Xchecked via VT: 4820b8649083f2c7a64912cd3cb72c87",
|
|
"pattern": "[file:hashes.SHA1 = '6f88e532abaa12ebf39bd79d6f14512406a48a81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795526-f628-4e6c-aab3-4120950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:30.000Z",
|
|
"modified": "2015-12-22T13:50:30.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/63b2699cd7fd7ede2fe5ca3cc6e6882741d23914d10d4d6fc4b7df812b2c9b67/analysis/1445881677/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795527-db88-4449-9a23-4690950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:31.000Z",
|
|
"modified": "2015-12-22T13:50:31.000Z",
|
|
"description": "- Xchecked via VT: 6788b33b1577a0b450888075a6700916",
|
|
"pattern": "[file:hashes.SHA256 = '08866ad53c34fd0812a42fccb80836b448e9aaede4341fd167b3d8cc54da68c3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795527-26ec-4138-8305-4405950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:31.000Z",
|
|
"modified": "2015-12-22T13:50:31.000Z",
|
|
"description": "- Xchecked via VT: 6788b33b1577a0b450888075a6700916",
|
|
"pattern": "[file:hashes.SHA1 = 'fe5fbca18227a464cc7d38a709eae290a3c9e13b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795527-af1c-4944-b076-48fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:31.000Z",
|
|
"modified": "2015-12-22T13:50:31.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/08866ad53c34fd0812a42fccb80836b448e9aaede4341fd167b3d8cc54da68c3/analysis/1446040046/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795528-dd40-4150-bb8d-4c6a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:32.000Z",
|
|
"modified": "2015-12-22T13:50:32.000Z",
|
|
"description": "- Xchecked via VT: 77e2e77977feec8ac5ed6555d52b4b16",
|
|
"pattern": "[file:hashes.SHA256 = '75bf28dc646c68028b7d40e1f34d81a89e7fd3c036b723357d0aa91f68079091']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795528-d36c-435e-8d2c-4c1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:32.000Z",
|
|
"modified": "2015-12-22T13:50:32.000Z",
|
|
"description": "- Xchecked via VT: 77e2e77977feec8ac5ed6555d52b4b16",
|
|
"pattern": "[file:hashes.SHA1 = '6810ac28209c6e6db551017e922dec9ac65eef6a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795528-f0c0-4ce0-b754-4135950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:32.000Z",
|
|
"modified": "2015-12-22T13:50:32.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/75bf28dc646c68028b7d40e1f34d81a89e7fd3c036b723357d0aa91f68079091/analysis/1437647165/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795528-0c40-46e8-a94a-4d21950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:32.000Z",
|
|
"modified": "2015-12-22T13:50:32.000Z",
|
|
"description": "- Xchecked via VT: 2108153096436c8629349d0083810bc0",
|
|
"pattern": "[file:hashes.SHA256 = '600f388164226acdd6690b1d392e5b620093aaa5c956a33655fa207b91cef425']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795529-8dd4-4a46-b608-4fbf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:33.000Z",
|
|
"modified": "2015-12-22T13:50:33.000Z",
|
|
"description": "- Xchecked via VT: 2108153096436c8629349d0083810bc0",
|
|
"pattern": "[file:hashes.SHA1 = '54d2efb68c2abf8ea5548fa492869aeb618ef310']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795529-8938-42b8-a610-4a98950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:33.000Z",
|
|
"modified": "2015-12-22T13:50:33.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/600f388164226acdd6690b1d392e5b620093aaa5c956a33655fa207b91cef425/analysis/1444234133/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795529-de88-4379-91fa-4d2a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:33.000Z",
|
|
"modified": "2015-12-22T13:50:33.000Z",
|
|
"description": "- Xchecked via VT: 0a22547458eee07f8a218892f6fc76ee",
|
|
"pattern": "[file:hashes.SHA256 = 'b35104b5abd02f4a5ec4f39998028e86439e1d9d921be84a6128922de3cd7e13']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552a-a51c-401a-b9dd-4c21950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:34.000Z",
|
|
"modified": "2015-12-22T13:50:34.000Z",
|
|
"description": "- Xchecked via VT: 0a22547458eee07f8a218892f6fc76ee",
|
|
"pattern": "[file:hashes.SHA1 = '064101a5680e91bf6c7f777190a249adc136fe48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552a-c99c-44e9-af24-4a46950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:34.000Z",
|
|
"modified": "2015-12-22T13:50:34.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b35104b5abd02f4a5ec4f39998028e86439e1d9d921be84a6128922de3cd7e13/analysis/1389800161/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552a-4028-43c1-9355-4ebe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:34.000Z",
|
|
"modified": "2015-12-22T13:50:34.000Z",
|
|
"description": "- Xchecked via VT: 3fabccdb91cf9038dcffff47bc364830",
|
|
"pattern": "[file:hashes.SHA256 = '852180e4894dd3692d5916629db735eaa9b0c46fa80e8e76aa6016dfd45c814a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552a-f304-4226-aab3-41da950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:34.000Z",
|
|
"modified": "2015-12-22T13:50:34.000Z",
|
|
"description": "- Xchecked via VT: 3fabccdb91cf9038dcffff47bc364830",
|
|
"pattern": "[file:hashes.SHA1 = '1977db032abd4cd8c8288fce7850d6e4ce568c6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552b-c80c-40e2-aadf-456e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:35.000Z",
|
|
"modified": "2015-12-22T13:50:35.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/852180e4894dd3692d5916629db735eaa9b0c46fa80e8e76aa6016dfd45c814a/analysis/1443392379/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552b-a788-4927-99c1-441b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:35.000Z",
|
|
"modified": "2015-12-22T13:50:35.000Z",
|
|
"description": "- Xchecked via VT: 030f521773150db68d1ca7f3c31f41f9",
|
|
"pattern": "[file:hashes.SHA256 = '8baa0dccd652091f949aae045e7db5124acf983de5ec641bd7fa51b577cad364']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552b-49f4-4cc5-8483-4e6a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:35.000Z",
|
|
"modified": "2015-12-22T13:50:35.000Z",
|
|
"description": "- Xchecked via VT: 030f521773150db68d1ca7f3c31f41f9",
|
|
"pattern": "[file:hashes.SHA1 = '6528b30a7addfcce3b85a5f3f7e565c2eb7c3700']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552c-c3f8-4b28-9971-4aad950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:36.000Z",
|
|
"modified": "2015-12-22T13:50:36.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8baa0dccd652091f949aae045e7db5124acf983de5ec641bd7fa51b577cad364/analysis/1355563757/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552c-a544-44a9-ac33-42a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:36.000Z",
|
|
"modified": "2015-12-22T13:50:36.000Z",
|
|
"description": "- Xchecked via VT: 1aa9fdfc1ef3f15447be83144dbba584",
|
|
"pattern": "[file:hashes.SHA256 = '63a9967dbc73dc7c0ad34eaa3aa038c0b9d45f32c0f4ac130b407f65f8c21e5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552c-4954-44e6-af8a-4a74950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:36.000Z",
|
|
"modified": "2015-12-22T13:50:36.000Z",
|
|
"description": "- Xchecked via VT: 1aa9fdfc1ef3f15447be83144dbba584",
|
|
"pattern": "[file:hashes.SHA1 = '14f56bf7a909fe534a3fad49bf9143bc5900dd61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552d-c4e8-416e-b19e-49eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:37.000Z",
|
|
"modified": "2015-12-22T13:50:37.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/63a9967dbc73dc7c0ad34eaa3aa038c0b9d45f32c0f4ac130b407f65f8c21e5d/analysis/1395280650/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552d-5f80-48eb-af12-4313950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:37.000Z",
|
|
"modified": "2015-12-22T13:50:37.000Z",
|
|
"description": "- Xchecked via VT: da93bd8355aaf4eeed5d5aa0e5fbd50c",
|
|
"pattern": "[file:hashes.SHA256 = '29a9993c1ddec96f4fd601742b536c882346c973ed7b4f486a59fb5c45d4dd71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552d-915c-4352-8cb1-4093950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:37.000Z",
|
|
"modified": "2015-12-22T13:50:37.000Z",
|
|
"description": "- Xchecked via VT: da93bd8355aaf4eeed5d5aa0e5fbd50c",
|
|
"pattern": "[file:hashes.SHA1 = 'a7dcb3230a46ce38169c03786e1907c6b82e5006']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552d-d2d8-4a02-ab0e-496f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:37.000Z",
|
|
"modified": "2015-12-22T13:50:37.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/29a9993c1ddec96f4fd601742b536c882346c973ed7b4f486a59fb5c45d4dd71/analysis/1377445709/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552e-3e2c-49af-856f-434b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:38.000Z",
|
|
"modified": "2015-12-22T13:50:38.000Z",
|
|
"description": "- Xchecked via VT: b5c01ffd82cf87cdc5e78a9291890bdb",
|
|
"pattern": "[file:hashes.SHA256 = '79468986927bf4129ad31b23f0b664019e3e015cfa87fd31c1d3aadb037901f2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552e-8468-4122-926f-4468950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:38.000Z",
|
|
"modified": "2015-12-22T13:50:38.000Z",
|
|
"description": "- Xchecked via VT: b5c01ffd82cf87cdc5e78a9291890bdb",
|
|
"pattern": "[file:hashes.SHA1 = 'c402f284e5adb8f70dd53662a42b04746a65e50a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552e-c244-4644-9ea7-4bec950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:38.000Z",
|
|
"modified": "2015-12-22T13:50:38.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/79468986927bf4129ad31b23f0b664019e3e015cfa87fd31c1d3aadb037901f2/analysis/1414142462/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552f-bb00-4fb2-859e-4f55950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:39.000Z",
|
|
"modified": "2015-12-22T13:50:39.000Z",
|
|
"description": "- Xchecked via VT: ba028705ce114c4f7e8c179e7dfda802",
|
|
"pattern": "[file:hashes.SHA256 = 'dfc1f5dfb1d3394a522fabd57a9099e6117889f832d9797ee00b94211d59648e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552f-b230-4e43-af53-48dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:39.000Z",
|
|
"modified": "2015-12-22T13:50:39.000Z",
|
|
"description": "- Xchecked via VT: ba028705ce114c4f7e8c179e7dfda802",
|
|
"pattern": "[file:hashes.SHA1 = '379869eb404f20371490e456805c081525a3bdbb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679552f-1368-4037-bb85-4b84950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:39.000Z",
|
|
"modified": "2015-12-22T13:50:39.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/dfc1f5dfb1d3394a522fabd57a9099e6117889f832d9797ee00b94211d59648e/analysis/1393357030/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795530-5eb4-401c-b109-480b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:40.000Z",
|
|
"modified": "2015-12-22T13:50:40.000Z",
|
|
"description": "- Xchecked via VT: 00236a27a5d20c88aae81166a0d26537",
|
|
"pattern": "[file:hashes.SHA256 = '28f4c9e800a81844edf2bf8a6ac23013023a149137d422698738f79db5d9cd5a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795530-2970-4ef4-9061-4274950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:40.000Z",
|
|
"modified": "2015-12-22T13:50:40.000Z",
|
|
"description": "- Xchecked via VT: 00236a27a5d20c88aae81166a0d26537",
|
|
"pattern": "[file:hashes.SHA1 = 'd7aff7e8cd357a7ac9c4cc1aa67808a1e21ebaf0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795530-c164-4805-ac66-47bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:40.000Z",
|
|
"modified": "2015-12-22T13:50:40.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/28f4c9e800a81844edf2bf8a6ac23013023a149137d422698738f79db5d9cd5a/analysis/1420771736/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795530-f110-435e-ad0f-4f3d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:40.000Z",
|
|
"modified": "2015-12-22T13:50:40.000Z",
|
|
"description": "- Xchecked via VT: 315f824b529fb2cf66bfeba16f28e6c5",
|
|
"pattern": "[file:hashes.SHA256 = '6ec71aa8a8b7b381ae229f6023beb07d1b73dc497de012362d5d3898c380676a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795531-3e04-4c40-9b1b-4993950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:41.000Z",
|
|
"modified": "2015-12-22T13:50:41.000Z",
|
|
"description": "- Xchecked via VT: 315f824b529fb2cf66bfeba16f28e6c5",
|
|
"pattern": "[file:hashes.SHA1 = 'd9efb4ee76ce0097e2844bdcf1beae31f190ef46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795531-dcdc-4da9-a50a-46fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:41.000Z",
|
|
"modified": "2015-12-22T13:50:41.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6ec71aa8a8b7b381ae229f6023beb07d1b73dc497de012362d5d3898c380676a/analysis/1376185977/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795531-80d4-49df-9b9b-44a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:41.000Z",
|
|
"modified": "2015-12-22T13:50:41.000Z",
|
|
"description": "- Xchecked via VT: e2f6464abdba14d2ceb66916affd070d",
|
|
"pattern": "[file:hashes.SHA256 = '3a7e731cf933fad11e4630bf9355f6cf63c6fc8e7008a2fa33dd7cb38228b100']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795532-4fdc-4788-9307-49f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:42.000Z",
|
|
"modified": "2015-12-22T13:50:42.000Z",
|
|
"description": "- Xchecked via VT: e2f6464abdba14d2ceb66916affd070d",
|
|
"pattern": "[file:hashes.SHA1 = 'a38cdbb5621f6175c883f9b7c98ff8826c15a0a8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795532-8ac4-4f4c-b3c1-4b86950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:42.000Z",
|
|
"modified": "2015-12-22T13:50:42.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3a7e731cf933fad11e4630bf9355f6cf63c6fc8e7008a2fa33dd7cb38228b100/analysis/1395277812/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795532-abe0-464e-8cdf-4a39950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:42.000Z",
|
|
"modified": "2015-12-22T13:50:42.000Z",
|
|
"description": "- Xchecked via VT: 81fd7838bbf7ab58f3f597d339f07c72",
|
|
"pattern": "[file:hashes.SHA256 = '25e8670efd0e031e4d6ff4e73bc2801233e7af6a5280f4f2bed994c4ca30c3cb']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795533-e8c0-486b-90e6-4b9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:43.000Z",
|
|
"modified": "2015-12-22T13:50:43.000Z",
|
|
"description": "- Xchecked via VT: 81fd7838bbf7ab58f3f597d339f07c72",
|
|
"pattern": "[file:hashes.SHA1 = '14424350004f5b421a8f4970fa9977bc24276d44']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795533-37c4-4fbe-aab9-429f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:43.000Z",
|
|
"modified": "2015-12-22T13:50:43.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/25e8670efd0e031e4d6ff4e73bc2801233e7af6a5280f4f2bed994c4ca30c3cb/analysis/1305525122/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795533-f00c-4a16-b312-4e60950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:43.000Z",
|
|
"modified": "2015-12-22T13:50:43.000Z",
|
|
"description": "- Xchecked via VT: 01c2dc978ebedb5f6b50647492faa2f0",
|
|
"pattern": "[file:hashes.SHA256 = '7c739c55c37ee01489cab886206f194bb15c4d957b780f7052be832adcec9081']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795533-faf0-47e8-9b40-47ea950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:43.000Z",
|
|
"modified": "2015-12-22T13:50:43.000Z",
|
|
"description": "- Xchecked via VT: 01c2dc978ebedb5f6b50647492faa2f0",
|
|
"pattern": "[file:hashes.SHA1 = 'd6a18018bc8acf5f00012dde80f76691cbc0eb87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795534-39d4-44ce-bc55-4d4f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:44.000Z",
|
|
"modified": "2015-12-22T13:50:44.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/7c739c55c37ee01489cab886206f194bb15c4d957b780f7052be832adcec9081/analysis/1421347715/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795534-a4b0-474c-974e-44a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:44.000Z",
|
|
"modified": "2015-12-22T13:50:44.000Z",
|
|
"description": "- Xchecked via VT: fcf22c940acb461bd66964021f47c0f3",
|
|
"pattern": "[file:hashes.SHA256 = 'fad08b9d043278f00e240c8ea0c5f18f015af05b51c02b59599c929ca30ac087']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795534-6738-46b5-8859-413d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:44.000Z",
|
|
"modified": "2015-12-22T13:50:44.000Z",
|
|
"description": "- Xchecked via VT: fcf22c940acb461bd66964021f47c0f3",
|
|
"pattern": "[file:hashes.SHA1 = '577a9e2ecfeee2cc1e6c18dae5271a2ebb8cd0b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795535-ca70-480a-8381-41ba950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:45.000Z",
|
|
"modified": "2015-12-22T13:50:45.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fad08b9d043278f00e240c8ea0c5f18f015af05b51c02b59599c929ca30ac087/analysis/1376029148/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795535-bc48-4382-82fe-4323950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:45.000Z",
|
|
"modified": "2015-12-22T13:50:45.000Z",
|
|
"description": "- Xchecked via VT: c66f749b2d6ac0cc6d49b2cea366effd",
|
|
"pattern": "[file:hashes.SHA256 = 'de2303914426964bcba26dc6d350d625b27665720f69d99c2001b71aee674142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795535-7a84-4ba7-bd83-4bc9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:45.000Z",
|
|
"modified": "2015-12-22T13:50:45.000Z",
|
|
"description": "- Xchecked via VT: c66f749b2d6ac0cc6d49b2cea366effd",
|
|
"pattern": "[file:hashes.SHA1 = '154de3ca930c768fcfa12baefb1c49ff0f8ebc6f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795535-6ea8-4a45-bee9-4993950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:45.000Z",
|
|
"modified": "2015-12-22T13:50:45.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/de2303914426964bcba26dc6d350d625b27665720f69d99c2001b71aee674142/analysis/1449072439/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795536-8d6c-4185-b42b-4755950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:46.000Z",
|
|
"modified": "2015-12-22T13:50:46.000Z",
|
|
"description": "- Xchecked via VT: 61609d3b70b678b9530cce3ef7f0e7d5",
|
|
"pattern": "[file:hashes.SHA256 = '58aceb8b52a3d9c4067ab694d1d7833d79e26c057db5bafaa6d04e6e013f6a9a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795536-dd70-4f38-bfc0-4063950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:46.000Z",
|
|
"modified": "2015-12-22T13:50:46.000Z",
|
|
"description": "- Xchecked via VT: 61609d3b70b678b9530cce3ef7f0e7d5",
|
|
"pattern": "[file:hashes.SHA1 = '6bce44e12fc680352b2c7265889aefd0bba2b18b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795536-5a0c-4154-80a8-4069950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:46.000Z",
|
|
"modified": "2015-12-22T13:50:46.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/58aceb8b52a3d9c4067ab694d1d7833d79e26c057db5bafaa6d04e6e013f6a9a/analysis/1418581952/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795537-fd54-44f3-877a-4531950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:47.000Z",
|
|
"modified": "2015-12-22T13:50:47.000Z",
|
|
"description": "- Xchecked via VT: 1817d132ae3da088c90aba65a16d7fd5",
|
|
"pattern": "[file:hashes.SHA256 = '2a2dad77d13474bb9903499aa0e9cf8455079700aca41c70c69af537ba88dd40']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795537-24f4-4379-96d7-4ee3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:47.000Z",
|
|
"modified": "2015-12-22T13:50:47.000Z",
|
|
"description": "- Xchecked via VT: 1817d132ae3da088c90aba65a16d7fd5",
|
|
"pattern": "[file:hashes.SHA1 = '91d84aa627d06f1506b08fe4e50168056f67ed3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795537-2cbc-458f-981a-402e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:47.000Z",
|
|
"modified": "2015-12-22T13:50:47.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2a2dad77d13474bb9903499aa0e9cf8455079700aca41c70c69af537ba88dd40/analysis/1383595085/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795537-a85c-457e-8bde-44e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:47.000Z",
|
|
"modified": "2015-12-22T13:50:47.000Z",
|
|
"description": "- Xchecked via VT: 182f08870c22e4f41b20bc0c72040e63",
|
|
"pattern": "[file:hashes.SHA256 = 'b50e49a5e7e34856ba3a88568c6aaa7e766aab8f7117a5cd7ca54b89a15d2c54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795538-5dc0-42a4-8dab-4f34950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:48.000Z",
|
|
"modified": "2015-12-22T13:50:48.000Z",
|
|
"description": "- Xchecked via VT: 182f08870c22e4f41b20bc0c72040e63",
|
|
"pattern": "[file:hashes.SHA1 = 'b025cebbda05dc5e06f4874167c138eee15a91ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795538-baf8-42dc-b0d6-4f1d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:48.000Z",
|
|
"modified": "2015-12-22T13:50:48.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/b50e49a5e7e34856ba3a88568c6aaa7e766aab8f7117a5cd7ca54b89a15d2c54/analysis/1393436392/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795538-f468-41df-b938-4336950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:48.000Z",
|
|
"modified": "2015-12-22T13:50:48.000Z",
|
|
"description": "- Xchecked via VT: af63eaf76efd27aa88e89b60805bd311",
|
|
"pattern": "[file:hashes.SHA256 = '95b4474763f3205f99bff317e13cc7a002a968ad8865dda96579e7fb078a3740']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795539-975c-48f5-9a84-4734950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:49.000Z",
|
|
"modified": "2015-12-22T13:50:49.000Z",
|
|
"description": "- Xchecked via VT: af63eaf76efd27aa88e89b60805bd311",
|
|
"pattern": "[file:hashes.SHA1 = 'b2332e7bd567ec657a1e9adf3615159676391b42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795539-1410-4669-b2ca-4514950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:49.000Z",
|
|
"modified": "2015-12-22T13:50:49.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/95b4474763f3205f99bff317e13cc7a002a968ad8865dda96579e7fb078a3740/analysis/1392485489/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795539-044c-4cbf-87c7-49e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:49.000Z",
|
|
"modified": "2015-12-22T13:50:49.000Z",
|
|
"description": "- Xchecked via VT: 334696b5abdcfe6ff4e9bfa33388506d",
|
|
"pattern": "[file:hashes.SHA256 = '818d4e89d291c5c95d32df353d672c4a23f5dbb62b0e6dd0472b335c8937cf1f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553a-a168-423c-910c-42b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:50.000Z",
|
|
"modified": "2015-12-22T13:50:50.000Z",
|
|
"description": "- Xchecked via VT: 334696b5abdcfe6ff4e9bfa33388506d",
|
|
"pattern": "[file:hashes.SHA1 = '50b02274d8638d23db36ea47b7514dd845041c07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553a-1e68-4256-af98-4503950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:50.000Z",
|
|
"modified": "2015-12-22T13:50:50.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/818d4e89d291c5c95d32df353d672c4a23f5dbb62b0e6dd0472b335c8937cf1f/analysis/1416419867/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553a-231c-4b2a-9894-4ceb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:50.000Z",
|
|
"modified": "2015-12-22T13:50:50.000Z",
|
|
"description": "- Xchecked via VT: 70854fb3717d8e692a4a79c347a91021",
|
|
"pattern": "[file:hashes.SHA256 = 'da00ed0664f79fa025786ff9700141f2baabe431583b671e86b25db92252dd14']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553a-a65c-48bb-b7be-4ec6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:50.000Z",
|
|
"modified": "2015-12-22T13:50:50.000Z",
|
|
"description": "- Xchecked via VT: 70854fb3717d8e692a4a79c347a91021",
|
|
"pattern": "[file:hashes.SHA1 = '67bf64c551099e301840f53e1206711eb8b768c1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553b-4300-423e-9908-4721950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:51.000Z",
|
|
"modified": "2015-12-22T13:50:51.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/da00ed0664f79fa025786ff9700141f2baabe431583b671e86b25db92252dd14/analysis/1376064059/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553b-6798-4c5e-8eb4-42f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:51.000Z",
|
|
"modified": "2015-12-22T13:50:51.000Z",
|
|
"description": "- Xchecked via VT: 27830c13968be6caefd2e75c9095fff6",
|
|
"pattern": "[file:hashes.SHA256 = '2d8d9a4d769eed7a094121ba7f4718d6f76ea23dfb6593d7e91a72d91314db3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553b-e988-4156-96e2-4e2b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:51.000Z",
|
|
"modified": "2015-12-22T13:50:51.000Z",
|
|
"description": "- Xchecked via VT: 27830c13968be6caefd2e75c9095fff6",
|
|
"pattern": "[file:hashes.SHA1 = '4f6203e3a197cfd06516e84a47f5bdcd2e018c23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553c-a658-4c83-808b-4f26950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:52.000Z",
|
|
"modified": "2015-12-22T13:50:52.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2d8d9a4d769eed7a094121ba7f4718d6f76ea23dfb6593d7e91a72d91314db3f/analysis/1390948443/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553c-76ac-43e4-b189-4082950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:52.000Z",
|
|
"modified": "2015-12-22T13:50:52.000Z",
|
|
"description": "- Xchecked via VT: 3d5e46300d7391e0fda235b3e28a63b0",
|
|
"pattern": "[file:hashes.SHA256 = '15b7cd86e51d9549c23be6cf1083470331d4ff2eae96ac3a7eeb6428c095df26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553c-0e08-460b-bcae-4912950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:52.000Z",
|
|
"modified": "2015-12-22T13:50:52.000Z",
|
|
"description": "- Xchecked via VT: 3d5e46300d7391e0fda235b3e28a63b0",
|
|
"pattern": "[file:hashes.SHA1 = 'f195a065e73f0b3cc894a2c71e6c60632ef43ca8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553d-3c20-4d86-a4b1-41bf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:53.000Z",
|
|
"modified": "2015-12-22T13:50:53.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/15b7cd86e51d9549c23be6cf1083470331d4ff2eae96ac3a7eeb6428c095df26/analysis/1421814345/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553d-ce70-42b2-af9a-4154950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:53.000Z",
|
|
"modified": "2015-12-22T13:50:53.000Z",
|
|
"description": "- Xchecked via VT: 0079ee50f8d1240aa2ac7306ecff563b",
|
|
"pattern": "[file:hashes.SHA256 = '3a810e8211034c3f7f8df7e559a5c30f5c54f744640671134f8914bb7995ccc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553d-ad58-4dab-be3a-4250950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:53.000Z",
|
|
"modified": "2015-12-22T13:50:53.000Z",
|
|
"description": "- Xchecked via VT: 0079ee50f8d1240aa2ac7306ecff563b",
|
|
"pattern": "[file:hashes.SHA1 = '373b2172f470ece5cd2af049e3cdd0f56aa54054']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553d-2288-4a22-a284-4c27950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:53.000Z",
|
|
"modified": "2015-12-22T13:50:53.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3a810e8211034c3f7f8df7e559a5c30f5c54f744640671134f8914bb7995ccc6/analysis/1416002304/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553e-9d3c-4f96-84b4-41a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:54.000Z",
|
|
"modified": "2015-12-22T13:50:54.000Z",
|
|
"description": "- Xchecked via VT: ad2ccb7d07729e78266415f9a1b9dd16",
|
|
"pattern": "[file:hashes.SHA256 = 'aba678da55dec20b2d8155e47d4c8358a3d5d85c2755c0a34197a078e65e9c7a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553e-9498-4423-955b-48f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:54.000Z",
|
|
"modified": "2015-12-22T13:50:54.000Z",
|
|
"description": "- Xchecked via VT: ad2ccb7d07729e78266415f9a1b9dd16",
|
|
"pattern": "[file:hashes.SHA1 = '77859a1435f5bf6ab5a4ba18757db3c0cff5fb02']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553e-7a08-426a-809a-4b45950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:54.000Z",
|
|
"modified": "2015-12-22T13:50:54.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/aba678da55dec20b2d8155e47d4c8358a3d5d85c2755c0a34197a078e65e9c7a/analysis/1422538928/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553f-034c-4310-a20f-46d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:55.000Z",
|
|
"modified": "2015-12-22T13:50:55.000Z",
|
|
"description": "- Xchecked via VT: d34990862aee318c3c4c9a64eb87f020",
|
|
"pattern": "[file:hashes.SHA256 = 'f1a7b3705044c66db10c2b7575ba04bc052073d022813877859c61474c9497de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553f-ca90-4fa9-b9a9-4bdc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:55.000Z",
|
|
"modified": "2015-12-22T13:50:55.000Z",
|
|
"description": "- Xchecked via VT: d34990862aee318c3c4c9a64eb87f020",
|
|
"pattern": "[file:hashes.SHA1 = '72f907d31a3c2edd658a4c7e6b7628287e21bfcc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553f-651c-4443-b61a-498a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:55.000Z",
|
|
"modified": "2015-12-22T13:50:55.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f1a7b3705044c66db10c2b7575ba04bc052073d022813877859c61474c9497de/analysis/1354877150/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679553f-4ec0-4f2a-b5ca-413a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:55.000Z",
|
|
"modified": "2015-12-22T13:50:55.000Z",
|
|
"description": "- Xchecked via VT: 00d75b02a237e896e653b5108cc730c5",
|
|
"pattern": "[file:hashes.SHA256 = '2981d8c24cf654b716d27cdb18419f15035a6d5d21984d254e50fdfd033b5b5d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795540-2d80-467d-bf74-4959950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:56.000Z",
|
|
"modified": "2015-12-22T13:50:56.000Z",
|
|
"description": "- Xchecked via VT: 00d75b02a237e896e653b5108cc730c5",
|
|
"pattern": "[file:hashes.SHA1 = 'b82f270ecb0937774c2299f55192bb849ed4f612']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795540-830c-402a-a984-4f14950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:56.000Z",
|
|
"modified": "2015-12-22T13:50:56.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/2981d8c24cf654b716d27cdb18419f15035a6d5d21984d254e50fdfd033b5b5d/analysis/1415133727/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795540-d5b0-4079-8402-4766950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:56.000Z",
|
|
"modified": "2015-12-22T13:50:56.000Z",
|
|
"description": "- Xchecked via VT: 7a8e3a9ebf365caf568a5383b6e3e861",
|
|
"pattern": "[file:hashes.SHA256 = '3719563b8ac653d4430e187b7384c35376190d9e3d3629d490a485634fe35c6b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795541-90f0-42c7-a881-402f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:57.000Z",
|
|
"modified": "2015-12-22T13:50:57.000Z",
|
|
"description": "- Xchecked via VT: 7a8e3a9ebf365caf568a5383b6e3e861",
|
|
"pattern": "[file:hashes.SHA1 = 'f85da879e4c06738d94b43a6b21650d21e53d035']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795541-f134-4d52-8668-46fb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:57.000Z",
|
|
"modified": "2015-12-22T13:50:57.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3719563b8ac653d4430e187b7384c35376190d9e3d3629d490a485634fe35c6b/analysis/1415810708/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795541-d348-463d-ba82-4ef8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:57.000Z",
|
|
"modified": "2015-12-22T13:50:57.000Z",
|
|
"description": "- Xchecked via VT: 07bcc42508b3d95e4549bb1617c06a50",
|
|
"pattern": "[file:hashes.SHA256 = 'bd5e1101593d65e6206c00cb714144102efbc7dc5e5a20b723889d8cefa92d55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795542-470c-4ded-b0b7-46c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:58.000Z",
|
|
"modified": "2015-12-22T13:50:58.000Z",
|
|
"description": "- Xchecked via VT: 07bcc42508b3d95e4549bb1617c06a50",
|
|
"pattern": "[file:hashes.SHA1 = 'd1414a201634302985324cd5dbd9f55a1027b7dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795542-9340-492a-8cf4-4f2e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:58.000Z",
|
|
"modified": "2015-12-22T13:50:58.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/bd5e1101593d65e6206c00cb714144102efbc7dc5e5a20b723889d8cefa92d55/analysis/1418665273/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795542-bf8c-457a-81ed-4392950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:58.000Z",
|
|
"modified": "2015-12-22T13:50:58.000Z",
|
|
"description": "- Xchecked via VT: f5ad6be82ab101e2a1e92bb21884a2f8",
|
|
"pattern": "[file:hashes.SHA256 = '9b86b3b5c24bb9b186d4daf1cd1fd6ec73fb9e3354b6003a99311560085e0345']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795542-b98c-46ec-a138-4644950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:58.000Z",
|
|
"modified": "2015-12-22T13:50:58.000Z",
|
|
"description": "- Xchecked via VT: f5ad6be82ab101e2a1e92bb21884a2f8",
|
|
"pattern": "[file:hashes.SHA1 = '47434ecd60a11271f26d11220241f70c4ac7b022']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795543-90ec-442d-9495-48cd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:59.000Z",
|
|
"modified": "2015-12-22T13:50:59.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/9b86b3b5c24bb9b186d4daf1cd1fd6ec73fb9e3354b6003a99311560085e0345/analysis/1392487032/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795543-0450-420a-ad3d-4a4f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:59.000Z",
|
|
"modified": "2015-12-22T13:50:59.000Z",
|
|
"description": "- Xchecked via VT: 308863c8460af5589b9e10cf1029af46",
|
|
"pattern": "[file:hashes.SHA256 = '286e4d5bfcebcd0d057d2b1d7b809520e7790523dd30eb2505bf53d27a4e8296']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795543-68e0-45f8-9930-4030950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:50:59.000Z",
|
|
"modified": "2015-12-22T13:50:59.000Z",
|
|
"description": "- Xchecked via VT: 308863c8460af5589b9e10cf1029af46",
|
|
"pattern": "[file:hashes.SHA1 = '441306dd0a9ad4c7f30661ba981fa26353347082']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:50:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795544-65c0-457c-a2f9-4d8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:00.000Z",
|
|
"modified": "2015-12-22T13:51:00.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/286e4d5bfcebcd0d057d2b1d7b809520e7790523dd30eb2505bf53d27a4e8296/analysis/1376275392/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795544-4028-4e1c-a9b0-4ad1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:00.000Z",
|
|
"modified": "2015-12-22T13:51:00.000Z",
|
|
"description": "- Xchecked via VT: f2826d8c314b6f4a055527f5dcc731dd",
|
|
"pattern": "[file:hashes.SHA256 = '8a00d16eae1528e861666e5b1779571bad5865f0496da4a546e0bf2259c2574c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795544-0760-45f7-9ac9-4ec6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:00.000Z",
|
|
"modified": "2015-12-22T13:51:00.000Z",
|
|
"description": "- Xchecked via VT: f2826d8c314b6f4a055527f5dcc731dd",
|
|
"pattern": "[file:hashes.SHA1 = 'ef0827b9af2b616309ade65b1999cbf71085e924']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795545-a200-4167-9e6c-4559950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:01.000Z",
|
|
"modified": "2015-12-22T13:51:01.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/8a00d16eae1528e861666e5b1779571bad5865f0496da4a546e0bf2259c2574c/analysis/1393440090/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795545-f6ac-470d-98d5-44fa950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:01.000Z",
|
|
"modified": "2015-12-22T13:51:01.000Z",
|
|
"description": "- Xchecked via VT: ecceae8cba0f8de575066852f82669c9",
|
|
"pattern": "[file:hashes.SHA256 = '38c65ad98af33be222ab225869d92547be6ca9e196f79cde2752b09860b282de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795545-56cc-4e12-bab8-4dac950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:01.000Z",
|
|
"modified": "2015-12-22T13:51:01.000Z",
|
|
"description": "- Xchecked via VT: ecceae8cba0f8de575066852f82669c9",
|
|
"pattern": "[file:hashes.SHA1 = '9f90431323af8649521cb7d8a5606188cdc03631']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795545-b274-441f-a96e-42cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:01.000Z",
|
|
"modified": "2015-12-22T13:51:01.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/38c65ad98af33be222ab225869d92547be6ca9e196f79cde2752b09860b282de/analysis/1421877008/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795546-b57c-4ab1-a727-4728950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:02.000Z",
|
|
"modified": "2015-12-22T13:51:02.000Z",
|
|
"description": "- Xchecked via VT: 72b59a43a94bf6dfb26329d13bc5ac74",
|
|
"pattern": "[file:hashes.SHA256 = '4a212085dd835e24d8920d5acaad68d53995b3b8a8326e574a2db2ede54abb41']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795546-06e4-45be-aa25-4fa8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:02.000Z",
|
|
"modified": "2015-12-22T13:51:02.000Z",
|
|
"description": "- Xchecked via VT: 72b59a43a94bf6dfb26329d13bc5ac74",
|
|
"pattern": "[file:hashes.SHA1 = 'e7065ece0d4d2f19394d45c384ab39872d224f88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795546-89f8-4ba0-b1bb-41f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:02.000Z",
|
|
"modified": "2015-12-22T13:51:02.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4a212085dd835e24d8920d5acaad68d53995b3b8a8326e574a2db2ede54abb41/analysis/1384846504/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795547-6a94-41c4-9ae8-4c01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:03.000Z",
|
|
"modified": "2015-12-22T13:51:03.000Z",
|
|
"description": "- Xchecked via VT: 35883e06b8875fae96ccafc2959b80c8",
|
|
"pattern": "[file:hashes.SHA256 = '1d9525f049932799cbadb785311da858399815dadd5469c6944682915ddb2d51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795547-6868-490a-8916-425a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:03.000Z",
|
|
"modified": "2015-12-22T13:51:03.000Z",
|
|
"description": "- Xchecked via VT: 35883e06b8875fae96ccafc2959b80c8",
|
|
"pattern": "[file:hashes.SHA1 = 'ec04d00650f26e6f539e64368d7164a659b673ae']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795547-3c78-4bc4-8d0f-4f33950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:03.000Z",
|
|
"modified": "2015-12-22T13:51:03.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/1d9525f049932799cbadb785311da858399815dadd5469c6944682915ddb2d51/analysis/1411077948/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795547-af9c-4164-a42d-4201950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:03.000Z",
|
|
"modified": "2015-12-22T13:51:03.000Z",
|
|
"description": "- Xchecked via VT: 8c0a2c24a756e139cac57783ef3493b3",
|
|
"pattern": "[file:hashes.SHA256 = 'f716f284427ebf8c33ed5a664785fb6bfdcfcb5511884ca1fa6554ef6849c6b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795548-b320-4aca-89b2-4fa2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:04.000Z",
|
|
"modified": "2015-12-22T13:51:04.000Z",
|
|
"description": "- Xchecked via VT: 8c0a2c24a756e139cac57783ef3493b3",
|
|
"pattern": "[file:hashes.SHA1 = '75aaeafa430e8f0109d885625faf40c4e4895aea']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795548-1200-4eec-afba-4621950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:04.000Z",
|
|
"modified": "2015-12-22T13:51:04.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/f716f284427ebf8c33ed5a664785fb6bfdcfcb5511884ca1fa6554ef6849c6b6/analysis/1380071406/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795548-3ddc-4611-90f2-4b4c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:04.000Z",
|
|
"modified": "2015-12-22T13:51:04.000Z",
|
|
"description": "- Xchecked via VT: 8989bc6d429387323dffdb7aec650b24",
|
|
"pattern": "[file:hashes.SHA256 = '51d209f66eeaa959cce714695bd950a6c6cacc260899ba36bbf3bd6126c6c252']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795549-7fcc-4621-b889-4758950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:05.000Z",
|
|
"modified": "2015-12-22T13:51:05.000Z",
|
|
"description": "- Xchecked via VT: 8989bc6d429387323dffdb7aec650b24",
|
|
"pattern": "[file:hashes.SHA1 = '993443fb02634b24dc600106bf79446c14e04649']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795549-c080-44bb-9ff2-4aad950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:05.000Z",
|
|
"modified": "2015-12-22T13:51:05.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/51d209f66eeaa959cce714695bd950a6c6cacc260899ba36bbf3bd6126c6c252/analysis/1288534009/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795549-8168-4ce5-9894-4828950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:05.000Z",
|
|
"modified": "2015-12-22T13:51:05.000Z",
|
|
"description": "- Xchecked via VT: 8ca9e218801597212bfa6bc687723874",
|
|
"pattern": "[file:hashes.SHA256 = '618c64801a921de5fb2cfa720a98cce701ae272baadf501c8e276b47525b7c6c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554a-cd94-467a-9c78-4506950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:06.000Z",
|
|
"modified": "2015-12-22T13:51:06.000Z",
|
|
"description": "- Xchecked via VT: 8ca9e218801597212bfa6bc687723874",
|
|
"pattern": "[file:hashes.SHA1 = '74435b953205f3514f5280961cb89c6601bfccac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554a-fd68-4a30-9a2d-4a79950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:06.000Z",
|
|
"modified": "2015-12-22T13:51:06.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/618c64801a921de5fb2cfa720a98cce701ae272baadf501c8e276b47525b7c6c/analysis/1378793794/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554a-27c0-4716-96cd-4824950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:06.000Z",
|
|
"modified": "2015-12-22T13:51:06.000Z",
|
|
"description": "- Xchecked via VT: 9c279314d46c89dff020551326137791",
|
|
"pattern": "[file:hashes.SHA256 = '40b0088590b580bd9e61c412e10b373b7a9e417df6754c01722215a70bce6e7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554a-da44-4588-80b5-4bc8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:06.000Z",
|
|
"modified": "2015-12-22T13:51:06.000Z",
|
|
"description": "- Xchecked via VT: 9c279314d46c89dff020551326137791",
|
|
"pattern": "[file:hashes.SHA1 = 'cb50aaaf4e9aad90ff56c8e545010655365fa3f4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554b-f3a8-459f-9b09-4a2f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:07.000Z",
|
|
"modified": "2015-12-22T13:51:07.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/40b0088590b580bd9e61c412e10b373b7a9e417df6754c01722215a70bce6e7c/analysis/1381853208/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554b-2dfc-4a78-a7f4-4997950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:07.000Z",
|
|
"modified": "2015-12-22T13:51:07.000Z",
|
|
"description": "- Xchecked via VT: 0252e8d909b8b0e064c87ee994449170",
|
|
"pattern": "[file:hashes.SHA256 = '4a7ec34129a52855c434741d1636765cc36d28950281e959531cc79abd02cff5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554b-2720-4211-96e7-4f98950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:07.000Z",
|
|
"modified": "2015-12-22T13:51:07.000Z",
|
|
"description": "- Xchecked via VT: 0252e8d909b8b0e064c87ee994449170",
|
|
"pattern": "[file:hashes.SHA1 = '13d85e9d4d9f05b319e97e3ad56b820e92227851']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554c-87d4-4339-bbab-4c18950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:08.000Z",
|
|
"modified": "2015-12-22T13:51:08.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/4a7ec34129a52855c434741d1636765cc36d28950281e959531cc79abd02cff5/analysis/1411482772/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554c-071c-49a3-be43-436d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:08.000Z",
|
|
"modified": "2015-12-22T13:51:08.000Z",
|
|
"description": "- Xchecked via VT: d44d9f02bd8a958369c5a8f06a818355",
|
|
"pattern": "[file:hashes.SHA256 = '3731ecc441c66babd6e8da4786cde55086aad4f3177b846714ebd98ffba14579']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554c-135c-4099-8d93-4017950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:08.000Z",
|
|
"modified": "2015-12-22T13:51:08.000Z",
|
|
"description": "- Xchecked via VT: d44d9f02bd8a958369c5a8f06a818355",
|
|
"pattern": "[file:hashes.SHA1 = '718479c3e0419094c7e21e3cff8c080e98baa9a0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554c-0ac4-441b-9feb-4c34950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:08.000Z",
|
|
"modified": "2015-12-22T13:51:08.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/3731ecc441c66babd6e8da4786cde55086aad4f3177b846714ebd98ffba14579/analysis/1379483896/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554d-0bbc-4c4e-9a1e-41e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:09.000Z",
|
|
"modified": "2015-12-22T13:51:09.000Z",
|
|
"description": "- Xchecked via VT: 0041a9e075aace5d952a3bf7934df3d0",
|
|
"pattern": "[file:hashes.SHA256 = 'fbfcd933d0599b7cb62dde4d5c09cad4fa193797d8f845610753c7a4dab48b88']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554d-8c1c-424f-b2ee-47a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:09.000Z",
|
|
"modified": "2015-12-22T13:51:09.000Z",
|
|
"description": "- Xchecked via VT: 0041a9e075aace5d952a3bf7934df3d0",
|
|
"pattern": "[file:hashes.SHA1 = 'a382404dcbab271459050d2c91c5e207260b225f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554d-55ac-4610-9994-4c13950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:09.000Z",
|
|
"modified": "2015-12-22T13:51:09.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/fbfcd933d0599b7cb62dde4d5c09cad4fa193797d8f845610753c7a4dab48b88/analysis/1410824232/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554e-05c0-49d5-9078-4c38950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:10.000Z",
|
|
"modified": "2015-12-22T13:51:10.000Z",
|
|
"description": "- Xchecked via VT: e313ddcaa2706327f46be85d2d167fb7",
|
|
"pattern": "[file:hashes.SHA256 = '400448141fe401888e60577cb6726b5df2379aa4c172ec72dfb55d61fb20bcad']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554e-e3c4-4b74-987f-4502950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:10.000Z",
|
|
"modified": "2015-12-22T13:51:10.000Z",
|
|
"description": "- Xchecked via VT: e313ddcaa2706327f46be85d2d167fb7",
|
|
"pattern": "[file:hashes.SHA1 = '2fb1032db4a5f195a2321673acbee465e261c16d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554e-d20c-41db-bb82-4b94950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:10.000Z",
|
|
"modified": "2015-12-22T13:51:10.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/400448141fe401888e60577cb6726b5df2379aa4c172ec72dfb55d61fb20bcad/analysis/1421347252/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554e-6a28-444e-ac83-4214950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:10.000Z",
|
|
"modified": "2015-12-22T13:51:10.000Z",
|
|
"description": "- Xchecked via VT: 0ac82fef5edbf57df9ce608cbb98400b",
|
|
"pattern": "[file:hashes.SHA256 = 'a9ee970005a3dc5b9178cf7a49fd2159fbd2c8a33157f4015837e780db7ac79c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554f-8c50-4dbc-bdf0-483c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:11.000Z",
|
|
"modified": "2015-12-22T13:51:11.000Z",
|
|
"description": "- Xchecked via VT: 0ac82fef5edbf57df9ce608cbb98400b",
|
|
"pattern": "[file:hashes.SHA1 = '7fadf1d3d4e26164936118b82b88b717e20c419a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554f-ead8-4101-bab6-45ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:11.000Z",
|
|
"modified": "2015-12-22T13:51:11.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a9ee970005a3dc5b9178cf7a49fd2159fbd2c8a33157f4015837e780db7ac79c/analysis/1416049042/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679554f-38ec-469e-9eb6-4df8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:11.000Z",
|
|
"modified": "2015-12-22T13:51:11.000Z",
|
|
"description": "- Xchecked via VT: 4124496faa7e2b44435af02873b0edf3",
|
|
"pattern": "[file:hashes.SHA256 = 'c1c4fb24b24acfeaf79be8742b365e2812be0905d93b2db07855cd3e775cc383']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795550-5fe4-4429-be55-4dc4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:12.000Z",
|
|
"modified": "2015-12-22T13:51:12.000Z",
|
|
"description": "- Xchecked via VT: 4124496faa7e2b44435af02873b0edf3",
|
|
"pattern": "[file:hashes.SHA1 = 'bdc51c57ee8f30ff70c27fa764093dd27f2ea6af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795550-10c4-4f03-9607-4e7b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:12.000Z",
|
|
"modified": "2015-12-22T13:51:12.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c1c4fb24b24acfeaf79be8742b365e2812be0905d93b2db07855cd3e775cc383/analysis/1384357722/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795550-b39c-4e29-9c46-44f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:12.000Z",
|
|
"modified": "2015-12-22T13:51:12.000Z",
|
|
"description": "- Xchecked via VT: 05895f49bfb6f92e20bc0cc2407d9191",
|
|
"pattern": "[file:hashes.SHA256 = 'caf9cea81adc9eaa7e514e51adf4e43edf73ca85092e6e655cdac933f99ab9e0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795550-4cf8-47c5-97e9-482c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:12.000Z",
|
|
"modified": "2015-12-22T13:51:12.000Z",
|
|
"description": "- Xchecked via VT: 05895f49bfb6f92e20bc0cc2407d9191",
|
|
"pattern": "[file:hashes.SHA1 = 'a90844c86665d89178b90af9c0fec88b9ad1e249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795551-1774-4668-8a4d-4c78950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:13.000Z",
|
|
"modified": "2015-12-22T13:51:13.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/caf9cea81adc9eaa7e514e51adf4e43edf73ca85092e6e655cdac933f99ab9e0/analysis/1449579428/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795551-1738-42a4-892f-437d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:13.000Z",
|
|
"modified": "2015-12-22T13:51:13.000Z",
|
|
"description": "- Xchecked via VT: 85439bfe10537e815542a03194c8e674",
|
|
"pattern": "[file:hashes.SHA256 = '92eb81030001af7989c9be57ac470723a19705ed01cdc86e58ec51080c281a51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795551-d0a0-4f92-967f-49c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:13.000Z",
|
|
"modified": "2015-12-22T13:51:13.000Z",
|
|
"description": "- Xchecked via VT: 85439bfe10537e815542a03194c8e674",
|
|
"pattern": "[file:hashes.SHA1 = '55199236417ce941d045682c7c26ada75198eff2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795552-1948-4682-abe0-4bcb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:14.000Z",
|
|
"modified": "2015-12-22T13:51:14.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/92eb81030001af7989c9be57ac470723a19705ed01cdc86e58ec51080c281a51/analysis/1379386253/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795552-0d54-4cba-87c2-4853950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:14.000Z",
|
|
"modified": "2015-12-22T13:51:14.000Z",
|
|
"description": "- Xchecked via VT: a84fc4f3f628082da37ec22800f2dc72",
|
|
"pattern": "[file:hashes.SHA256 = '37808c0fe6d46f1fe998050d0814fe07eed2c2a81ae4203deae258593fe859b9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795552-1440-41c5-9af0-4035950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:14.000Z",
|
|
"modified": "2015-12-22T13:51:14.000Z",
|
|
"description": "- Xchecked via VT: a84fc4f3f628082da37ec22800f2dc72",
|
|
"pattern": "[file:hashes.SHA1 = '3937bba947c794fec30d518c37bedb36f3a26625']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795553-02ac-44fd-956d-4edb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:15.000Z",
|
|
"modified": "2015-12-22T13:51:15.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/37808c0fe6d46f1fe998050d0814fe07eed2c2a81ae4203deae258593fe859b9/analysis/1380560356/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795553-c06c-4f2b-bc4b-40db950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:15.000Z",
|
|
"modified": "2015-12-22T13:51:15.000Z",
|
|
"description": "- Xchecked via VT: b6d2f293e58d082273e36ea05acf1f43",
|
|
"pattern": "[file:hashes.SHA256 = '28cea5d653d3970889741980921666155d8217635a5aa10fb7a539ba38f2e1d9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795553-0a48-40d0-977d-4e83950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:15.000Z",
|
|
"modified": "2015-12-22T13:51:15.000Z",
|
|
"description": "- Xchecked via VT: b6d2f293e58d082273e36ea05acf1f43",
|
|
"pattern": "[file:hashes.SHA1 = '5486a6712e4a21da60388afdedce239599324f4c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795553-ec10-45b0-bf90-4af5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:15.000Z",
|
|
"modified": "2015-12-22T13:51:15.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/28cea5d653d3970889741980921666155d8217635a5aa10fb7a539ba38f2e1d9/analysis/1381183539/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795554-9fc0-4a09-a2aa-48b0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:16.000Z",
|
|
"modified": "2015-12-22T13:51:16.000Z",
|
|
"description": "- Xchecked via VT: e53bb81ab8bb57344055f5ceb704adc3",
|
|
"pattern": "[file:hashes.SHA256 = 'e95789ef0c81a1570c852d6f072f987e7126c764607f3b2891ccdf7f409b6a91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795554-e718-452d-92b5-42f4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:16.000Z",
|
|
"modified": "2015-12-22T13:51:16.000Z",
|
|
"description": "- Xchecked via VT: e53bb81ab8bb57344055f5ceb704adc3",
|
|
"pattern": "[file:hashes.SHA1 = '6f47c8fe2eeb1159eb8d5b42b80db1216637afe9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795554-e2a8-431e-847a-4347950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:16.000Z",
|
|
"modified": "2015-12-22T13:51:16.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/e95789ef0c81a1570c852d6f072f987e7126c764607f3b2891ccdf7f409b6a91/analysis/1384794265/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795555-55a8-4e08-818a-4fd4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:17.000Z",
|
|
"modified": "2015-12-22T13:51:17.000Z",
|
|
"description": "- Xchecked via VT: d743a22cab2e219035e5474175decdc3",
|
|
"pattern": "[file:hashes.SHA256 = '645d7b308678aa46faa63108e25f922d14aca0600cbc181f8d92ea5d4e46690a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795555-bdac-44e0-85ac-4caf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:17.000Z",
|
|
"modified": "2015-12-22T13:51:17.000Z",
|
|
"description": "- Xchecked via VT: d743a22cab2e219035e5474175decdc3",
|
|
"pattern": "[file:hashes.SHA1 = 'bc47621686f9d04ddaff6c65b9cc8e8b928f39cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795555-45b8-4e8c-8d99-4748950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:17.000Z",
|
|
"modified": "2015-12-22T13:51:17.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/645d7b308678aa46faa63108e25f922d14aca0600cbc181f8d92ea5d4e46690a/analysis/1380546529/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795555-da90-400f-9ca6-4589950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:17.000Z",
|
|
"modified": "2015-12-22T13:51:17.000Z",
|
|
"description": "- Xchecked via VT: b617ed6c9ab846249c893a51175dc29b",
|
|
"pattern": "[file:hashes.SHA256 = 'c47c6cb5321e6da2aacb6f09a420fc3f750eb6e9c070a515aae129943ab2a0c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795556-8e80-4340-b2f4-4241950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:18.000Z",
|
|
"modified": "2015-12-22T13:51:18.000Z",
|
|
"description": "- Xchecked via VT: b617ed6c9ab846249c893a51175dc29b",
|
|
"pattern": "[file:hashes.SHA1 = '597a5a6b4f92091db6fcc2f3be333ea1852c371d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795556-62a4-48a0-bce3-4e2a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:18.000Z",
|
|
"modified": "2015-12-22T13:51:18.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/c47c6cb5321e6da2aacb6f09a420fc3f750eb6e9c070a515aae129943ab2a0c2/analysis/1421863806/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795556-bb54-4e0e-99c1-4f54950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:18.000Z",
|
|
"modified": "2015-12-22T13:51:18.000Z",
|
|
"description": "- Xchecked via VT: 70d53c44138160a495a5089d619e2a03",
|
|
"pattern": "[file:hashes.SHA256 = '6782c8fa4f93cd277939bfccce4f2f7d7de7a7c483e0443ad126c4491b8191c7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795557-88f0-4790-958c-4396950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:19.000Z",
|
|
"modified": "2015-12-22T13:51:19.000Z",
|
|
"description": "- Xchecked via VT: 70d53c44138160a495a5089d619e2a03",
|
|
"pattern": "[file:hashes.SHA1 = 'f8f2ded21777f380f2609eabe99ae82e094425d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795557-2c78-4b49-9b3f-461a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:19.000Z",
|
|
"modified": "2015-12-22T13:51:19.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/6782c8fa4f93cd277939bfccce4f2f7d7de7a7c483e0443ad126c4491b8191c7/analysis/1381185295/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795557-fa18-4a36-a03d-4228950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:19.000Z",
|
|
"modified": "2015-12-22T13:51:19.000Z",
|
|
"description": "- Xchecked via VT: 08da77cef3d56ecaa5fe98624fd80b1e",
|
|
"pattern": "[file:hashes.SHA256 = '24700fd0b3f92c62673dc002085b3ddfa3d9282f2b11e04ed0882ce517dc119f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795558-bc74-4c29-9fb1-4e68950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:20.000Z",
|
|
"modified": "2015-12-22T13:51:20.000Z",
|
|
"description": "- Xchecked via VT: 08da77cef3d56ecaa5fe98624fd80b1e",
|
|
"pattern": "[file:hashes.SHA1 = '6985c45e24444205abbd4acc8445f74093d63137']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795558-f5bc-467e-a395-4607950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:20.000Z",
|
|
"modified": "2015-12-22T13:51:20.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/24700fd0b3f92c62673dc002085b3ddfa3d9282f2b11e04ed0882ce517dc119f/analysis/1410824846/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795558-8ec4-4082-9e6a-4c8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:20.000Z",
|
|
"modified": "2015-12-22T13:51:20.000Z",
|
|
"description": "- Xchecked via VT: a0c01a209e6aea92aa52febe305d6fd3",
|
|
"pattern": "[file:hashes.SHA256 = '5cd9e1c99899d525fe3864ba1054f69b3ab0b716d4e14a06c09999b6a5a6c378']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795558-356c-4026-91d6-4fcc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:20.000Z",
|
|
"modified": "2015-12-22T13:51:20.000Z",
|
|
"description": "- Xchecked via VT: a0c01a209e6aea92aa52febe305d6fd3",
|
|
"pattern": "[file:hashes.SHA1 = '1de96c22157792ea33f89a6be3bac6ac5804ff19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795559-6af0-490b-9a39-448a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:21.000Z",
|
|
"modified": "2015-12-22T13:51:21.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/5cd9e1c99899d525fe3864ba1054f69b3ab0b716d4e14a06c09999b6a5a6c378/analysis/1379281649/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795559-9524-4a9f-813b-41db950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:21.000Z",
|
|
"modified": "2015-12-22T13:51:21.000Z",
|
|
"description": "- Xchecked via VT: c6f40338e3cb0d5e7543c30f527a3583",
|
|
"pattern": "[file:hashes.SHA256 = '0de89ce2a7d5a12ad54f2db1a4243fa6d9c1935a7bfb11f3912e6050ec30e36c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56795559-ab68-49da-9400-49db950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:21.000Z",
|
|
"modified": "2015-12-22T13:51:21.000Z",
|
|
"description": "- Xchecked via VT: c6f40338e3cb0d5e7543c30f527a3583",
|
|
"pattern": "[file:hashes.SHA1 = 'f71b720db98c08a7bf4b763f70d6d902d2bd1896']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679555a-55f8-47d3-8a97-40a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:22.000Z",
|
|
"modified": "2015-12-22T13:51:22.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/0de89ce2a7d5a12ad54f2db1a4243fa6d9c1935a7bfb11f3912e6050ec30e36c/analysis/1417095493/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679555a-b26c-4a94-a8f7-43c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:22.000Z",
|
|
"modified": "2015-12-22T13:51:22.000Z",
|
|
"description": "- Xchecked via VT: 1812ec5f8fe477ce63efe232dd0b4873",
|
|
"pattern": "[file:hashes.SHA256 = 'a3c60862c919154390f075bef57bdbd88d3192577a59cf68c54e31f675d24f2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679555a-1fb4-4fd9-a475-475a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:22.000Z",
|
|
"modified": "2015-12-22T13:51:22.000Z",
|
|
"description": "- Xchecked via VT: 1812ec5f8fe477ce63efe232dd0b4873",
|
|
"pattern": "[file:hashes.SHA1 = '467b9524784bdd8a05554ec16acafbea42fc6fa0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5679555a-34ec-44a1-af9c-4809950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-12-22T13:51:22.000Z",
|
|
"modified": "2015-12-22T13:51:22.000Z",
|
|
"pattern": "[url:value = 'https://www.virustotal.com/file/a3c60862c919154390f075bef57bdbd88d3192577a59cf68c54e31f675d24f2d/analysis/1395649654/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-22T13:51:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c8f-ad34-4ff0-9761-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-06-28T13:48:37.000Z",
|
|
"modified": "2016-06-28T13:48:37.000Z",
|
|
"first_observed": "2016-06-28T13:48:37Z",
|
|
"last_observed": "2016-06-28T13:48:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c8f-ad34-4ff0-9761-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c8f-ad34-4ff0-9761-3798950d210b",
|
|
"value": "www.baidu.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cad-b964-42ed-8103-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cad-b964-42ed-8103-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cad-b964-42ed-8103-3798950d210b",
|
|
"value": "google.com"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5d20-7bf0-45af-831a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5d20-7bf0-45af-831a-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5d20-7bf0-45af-831a-3798950d210b",
|
|
"value": "server-54-192-144-91.sfo4.r.cloudfront.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d21-4654-4cd5-b476-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-32-214-155.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b87-66b0-4d75-84f0-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '87-106-149-145.sinkhole.shadowserver.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5d29-54d4-4683-922b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5d29-54d4-4683-922b-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5d29-54d4-4683-922b-3798950d210b",
|
|
"value": "fra07s32-in-f0.1e100.net"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5d38-c4e8-4487-a05b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5d38-c4e8-4487-a05b-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5d38-c4e8-4487-a05b-3798950d210b",
|
|
"value": "fra07s31-in-f2.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba2-fe00-468d-a15c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '87-106-20-192.sinkhole.shadowserver.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d41-e0e0-416e-bc15-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-201-74-147.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bab-d898-4c35-a8d8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-61-68-172.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bac-9f00-496c-ac63-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-73-79-107.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb7-87a0-4e2b-9007-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a104-82-46-253.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5bb9-82f0-441f-899a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5bb9-82f0-441f-899a-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5bb9-82f0-441f-899a-3798950d210b",
|
|
"value": "nuq04s30-in-f14.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc8-87ac-4fec-b10e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-79-207-194.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5bc9-28a8-455f-9868-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5bc9-28a8-455f-9868-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5bc9-28a8-455f-9868-3798950d210b",
|
|
"value": "fra07s31-in-f20.1e100.net"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5bcc-09e0-4ccc-a141-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5bcc-09e0-4ccc-a141-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5bcc-09e0-4ccc-a141-3798950d210b",
|
|
"value": "fra07s31-in-f5.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bd1-22a8-4e77-a702-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-62-200-154.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5bde-0f0c-4c7b-8f1a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5bde-0f0c-4c7b-8f1a-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5bde-0f0c-4c7b-8f1a-3798950d210b",
|
|
"value": "fra07s31-in-f1.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5be7-8268-4558-8a64-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-48-210-38.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c02-5aa4-4c9b-b3ef-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '87-106-253-18.sinkhole.shadowserver.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c04-3b48-44e9-ad38-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c04-3b48-44e9-ad38-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c04-3b48-44e9-ad38-3798950d210b",
|
|
"value": "fra07s31-in-f6.1e100.net"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c05-e808-4813-b72f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c05-e808-4813-b72f-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c05-e808-4813-b72f-3798950d210b",
|
|
"value": "fra07s31-in-f4.1e100.net"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c06-08c8-4106-bf80-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c06-08c8-4106-bf80-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c06-08c8-4106-bf80-3798950d210b",
|
|
"value": "www.microsoft.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c07-cd98-488d-a296-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '1.counter.b.statcounter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c0c-751c-4ee4-ae42-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c0c-751c-4ee4-ae42-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c0c-751c-4ee4-ae42-3798950d210b",
|
|
"value": "fra07s31-in-f3.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c10-1ad8-46f8-92f6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a92-123-111-162.deploy.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c16-6e3c-4909-98ad-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-36-63-164.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1a-0fc8-408c-b737-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-214-113-209.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c1f-c764-452d-8b81-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a172-227-95-162.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c2a-3974-4938-84ed-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-63-175-164.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c37-3fa0-4682-9829-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-214-166-231.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c37-40e4-4dba-82a8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'e10088.dscb.akamaiedge.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c41-bda4-4190-8db3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-63-233-233.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5f-4940-4456-a5f4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a104-67-84-228.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c60-13d4-4be2-a0c8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c60-13d4-4be2-a0c8-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c60-13d4-4be2-a0c8-3798950d210b",
|
|
"value": "fra07s31-in-f8.1e100.net"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c63-f7ec-4cbc-a4eb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c63-f7ec-4cbc-a4eb-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c63-f7ec-4cbc-a4eb-3798950d210b",
|
|
"value": "server-54-230-147-225.sfo4.r.cloudfront.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6a-5ca8-446a-b48b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a104-72-230-162.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c80-9bd4-4f20-878c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-222-253-19.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5c8c-cd50-4766-aca5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5c8c-cd50-4766-aca5-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5c8c-cd50-4766-aca5-3798950d210b",
|
|
"value": "fra07s31-in-f7.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca3-db08-4b1c-b7f1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a69-192-72-154.deploy.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ca6-9444-434d-a400-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-198-24-154.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cb2-e7ac-4b87-a228-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cb2-e7ac-4b87-a228-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cb2-e7ac-4b87-a228-3798950d210b",
|
|
"value": "fra07s31-in-f18.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cce-fac8-4388-bff9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-60-135-187.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cd2-9bcc-4829-b357-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cd2-9bcc-4829-b357-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cd2-9bcc-4829-b357-3798950d210b",
|
|
"value": "fra07s32-in-f1.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cd6-3e14-4721-ad50-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-197-31-194.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ce6-bb4c-4c50-b565-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-66-24-154.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cef-4578-47f6-b43d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-6-135-212.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf5-4ed8-445b-99b6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = '87-106-250-34.sinkhole.shadowserver.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--563b5cf7-93f8-4672-901b-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2018-02-05T08:04:53.000Z",
|
|
"modified": "2018-02-05T08:04:53.000Z",
|
|
"first_observed": "2018-02-05T08:04:53Z",
|
|
"last_observed": "2018-02-05T08:04:53Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"domain-name--563b5cf7-93f8-4672-901b-3798950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "domain-name",
|
|
"spec_version": "2.1",
|
|
"id": "domain-name--563b5cf7-93f8-4672-901b-3798950d210b",
|
|
"value": "nuq04s30-in-f46.1e100.net"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cfc-abe8-49b4-b076-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'fhr.data.mozilla.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cfc-d5b4-4bcd-9929-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-199-200-154.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d07-3ebc-4730-a5bd-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a104-68-116-229.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d09-1eac-4d5c-9619-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-194-126-155.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d12-96f4-4558-a706-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a23-62-127-137.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b71-9c4c-4d50-989d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a104-67-70-15.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d16-dc54-449b-baf2-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[domain-name:value = 'a104-68-131-39.deploy.static.akamaitechnologies.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bf8-0464-429c-9f03-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.250.34']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c08-440c-4e82-af88-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.24.200']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c0f-476c-44d1-b0d4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.134']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c20-9624-45e7-928e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.60.135.187']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3b-257c-4995-af04-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.135']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c3e-70e4-4543-bf9c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.61.68.172']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c4a-9c9c-4f22-a4a3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.201.74.147']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c51-3f14-406d-abd5-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.192.144.91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c53-8d94-49bc-b558-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.62.127.137']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5b-d5bc-43d6-ab98-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.32.214.155']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c5d-eab4-4c97-a0eb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.125.137.108']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c63-fba4-45af-8bed-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.20.192']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c64-ee94-4c4d-a2e3-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.131']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c6a-86f4-4f08-9032-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.192.72.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c73-5848-44af-885c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.6.135.212']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c7d-1eb4-45e3-991d-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.222.253.19']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c93-b4fc-438e-ad27-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.149.145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5c9a-dde8-41ce-882e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.63.233.233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cab-50b8-416b-a8a1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cbb-6f20-42fb-840c-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.48.210.38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b3ee6-fc74-4cd8-b2c9-4d51950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '172.227.95.162']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5cf4-569c-428b-bc1a-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.125.137.109']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d04-6f70-4642-b073-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.198.24.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d06-c474-44bc-a028-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.36.63.164']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d10-faa8-4458-ab52-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.161']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d11-7394-4e7a-82a9-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '2.22.213.235']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d2d-7900-4e99-8761-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.136']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d37-182c-4cb6-9929-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.129']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d37-a640-44d4-b2e8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.148']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5d3f-29e4-456f-84b6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.63.175.164']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b69-bd58-4727-8f57-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.123.111.162']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b6c-53d4-4861-85ce-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.230.147.225']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b70-2830-423f-81e8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '65.55.57.27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b83-4fdc-4331-8ce6-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.146']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b83-8bac-4aab-9497-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.197.31.194']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8b-2d30-47eb-a4bb-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.73.79.107']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8d-bdc0-4dae-8c4e-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.199.200.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5b8f-21d0-414f-85ac-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.160']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5ba7-448c-43a7-b246-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.214.113.209']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb1-e0ec-460e-befe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.66.24.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bb4-4e88-479a-97b1-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.108.91.182']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc4-07e0-4899-9d14-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.58.192.46']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bc5-b864-49fb-9f2f-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.130']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bcb-8108-4a06-bbbe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.194.126.155']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bdf-49e0-4154-9e55-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.253.18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bec-4ea4-430d-b8b8-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.194.112.132']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bee-6b10-4808-8ba4-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.214.166.231']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--563b5bee-1dc0-45ee-9afe-3798950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2015-11-05T13:56:14.000Z",
|
|
"modified": "2015-11-05T13:56:14.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.79.207.194']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-11-05T13:56:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:GREEN",
|
|
"definition": {
|
|
"tlp": "green"
|
|
}
|
|
}
|
|
]
|
|
} |