adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/57b47152-b938-42f7-aa36-4bf1950d210f.json

646 lines
No EOL
28 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--57b47152-b938-42f7-aa36-4bf1950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:10.000Z",
"modified": "2016-08-17T14:16:10.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57b47152-b938-42f7-aa36-4bf1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:10.000Z",
"modified": "2016-08-17T14:16:10.000Z",
"name": "OSINT Generic Yara rule to detect PlugX by Jay DiMartino",
"published": "2016-09-25T20:36:29Z",
"object_refs": [
"observed-data--57b4716e-624c-431e-af53-40c2950d210f",
"url--57b4716e-624c-431e-af53-40c2950d210f",
"indicator--57b4717f-cc50-4b81-9fd1-4f64950d210f",
"indicator--57b471a5-25b0-4f2d-9181-489a950d210f",
"indicator--57b471a5-9708-4b32-885d-4249950d210f",
"indicator--57b471a6-5574-48ae-84e9-4d11950d210f",
"indicator--57b471a6-137c-4dd7-9756-46db950d210f",
"indicator--57b471a6-4dc4-4f35-a8f4-4d2d950d210f",
"indicator--57b471a6-c6e0-49f9-8e12-440b950d210f",
"indicator--57b471a6-7f80-4c6d-8825-4e11950d210f",
"indicator--57b471a7-58e0-40fe-9ce5-400c950d210f",
"indicator--57b471a7-43b0-44ef-80f9-4b20950d210f",
"indicator--57b471a7-a564-48fd-8a5e-4c05950d210f",
"indicator--57b471a7-9994-4528-be80-45fe950d210f",
"indicator--57b471a8-357c-4f03-aff5-4230950d210f",
"indicator--57b471a8-c8a8-4844-8897-46b1950d210f",
"indicator--57b471a8-fb7c-4dd7-b366-495f950d210f",
"indicator--57b471a8-fb24-4246-8f8e-4093950d210f",
"indicator--57b471a8-c074-49c5-a84a-4c2b950d210f",
"indicator--57b471a9-29f0-4524-9743-4ffb950d210f",
"indicator--57b471a9-4a44-46d5-94ad-400c950d210f",
"indicator--57b471a9-0f70-4473-9189-41f6950d210f",
"indicator--57b471a9-2588-4b70-8997-4f2f950d210f",
"indicator--57b471a9-83b8-4570-81c2-45f8950d210f",
"indicator--57b471aa-ef54-405c-a475-4d95950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57b4716e-624c-431e-af53-40c2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:15:10.000Z",
"modified": "2016-08-17T14:15:10.000Z",
"first_observed": "2016-08-17T14:15:10Z",
"last_observed": "2016-08-17T14:15:10Z",
"number_observed": 1,
"object_refs": [
"url--57b4716e-624c-431e-af53-40c2950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57b4716e-624c-431e-af53-40c2950d210f",
"value": "https://github.com/Neo23x0/signature-base/blob/master/yara/apt_plugx.yar"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b4717f-cc50-4b81-9fd1-4f64950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:15:27.000Z",
"modified": "2016-08-17T14:15:27.000Z",
"pattern": "[rule APTGroupX_PlugXTrojanLoader_StringDecode {\r\n meta:\r\n author = \"Jay DiMartino\"\r\n \tdescription = \"Rule to detect PlugX Malware\"\r\n\t\tscore = 80\r\n \treference = \"https://t.co/4xQ8G2mNap\"\r\n hash1 = \"0535e8c300204e257f0fa57630f386e9fcc8e779\"\r\n hash2 = \"088ebf9ccde958f32d11f4e7eb14f5332332f97d\"\r\n hash3 = \"0c999d0bffa007e9e6b6fe593933b52f40c75b3d\"\r\n hash4 = \"2f644e7131ec0a4f12ce04ba1e54d23856dbbfbf\"\r\n hash5 = \"3be9148ad132ca342d5fbabea1119a175ef1df7c\"\r\n hash6 = \"4c1ee94ec0e15491fc4f6b4095f67eee6309e62a\"\r\n hash7 = \"587af7ce05e61d4c312d6bae12ea380116b08d7e\"\r\n hash8 = \"5990efd83b5646a7ba419541d3a2c19260224ca3\"\r\n hash9 = \"67970367c250c44a5feb263843cf45fd91336df5\"\r\n hash10 = \"68f53f7188910a4cf67843aedd38c1523f1f2e7c\"\r\n hash11 = \"962dc7e0ad37286df012f623423ac4182fe791ca\"\r\n hash12 = \"aa0976906807af2e1b127608040aa3ef6e118a13\"\r\n hash13 = \"b170d015e32b39fa4ac15f94d58e45e65cd16d6c\"\r\n hash14 = \"c9b3d2cef3b34c7ee18fc2f60ff022965959613d\"\r\n hash15 = \"cd425ce7f3e4a823d9027780e1b439759c4dc665\"\r\n hash16 = \"d5e82513c6472d3826a22d9a15c05af8c0d33b58\"\r\n hash17 = \"d9b32084f27ef13001060e1dcee8a1a9e95d89a6\"\r\n hash18 = \"daa2d1cb9148b7ba5a86fa9ab593678e77c92672\"\r\n hash19 = \"e2c098a95d1c1f0e29f207af9c5ffc5bd69a92ee\"\r\n hash20 = \"ef8cf68dc3c80e9cb5a3fa0f92b544eab583812e\"\r\n hash21 = \"f0fc0a4e4e0748464caa6a202d0083cd33458677\"\r\n hash22 = \"fe1abe55529c1d6aa6b2a2f02d7e41ea58040feb\"\r\n strings:\r\n $byte1 = { 8A [2-4] 8A [2-4] FF 05 00 30 00 10 [0-5] 2A [1-6] 80 [2-7] 02 [1-6] 88 0? }\r\n $byte2 = { 8B [2-4] 8A [2-4] FF 05 00 30 00 10 [0-5] 2A [1-6] 80 [2-7] 02 [1-6] 88 0? }\r\n condition:\r\n any of them\r\n}]",
"pattern_type": "yara",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a5-25b0-4f2d-9181-489a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:05.000Z",
"modified": "2016-08-17T14:16:05.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '0535e8c300204e257f0fa57630f386e9fcc8e779']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a5-9708-4b32-885d-4249950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:05.000Z",
"modified": "2016-08-17T14:16:05.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '088ebf9ccde958f32d11f4e7eb14f5332332f97d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a6-5574-48ae-84e9-4d11950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:06.000Z",
"modified": "2016-08-17T14:16:06.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '0c999d0bffa007e9e6b6fe593933b52f40c75b3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a6-137c-4dd7-9756-46db950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:06.000Z",
"modified": "2016-08-17T14:16:06.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '2f644e7131ec0a4f12ce04ba1e54d23856dbbfbf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a6-4dc4-4f35-a8f4-4d2d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:06.000Z",
"modified": "2016-08-17T14:16:06.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '3be9148ad132ca342d5fbabea1119a175ef1df7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a6-c6e0-49f9-8e12-440b950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:06.000Z",
"modified": "2016-08-17T14:16:06.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '4c1ee94ec0e15491fc4f6b4095f67eee6309e62a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a6-7f80-4c6d-8825-4e11950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:06.000Z",
"modified": "2016-08-17T14:16:06.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '587af7ce05e61d4c312d6bae12ea380116b08d7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a7-58e0-40fe-9ce5-400c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:07.000Z",
"modified": "2016-08-17T14:16:07.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '5990efd83b5646a7ba419541d3a2c19260224ca3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a7-43b0-44ef-80f9-4b20950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:07.000Z",
"modified": "2016-08-17T14:16:07.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '67970367c250c44a5feb263843cf45fd91336df5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a7-a564-48fd-8a5e-4c05950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:07.000Z",
"modified": "2016-08-17T14:16:07.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '68f53f7188910a4cf67843aedd38c1523f1f2e7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a7-9994-4528-be80-45fe950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:07.000Z",
"modified": "2016-08-17T14:16:07.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = '962dc7e0ad37286df012f623423ac4182fe791ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a8-357c-4f03-aff5-4230950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:07.000Z",
"modified": "2016-08-17T14:16:07.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'aa0976906807af2e1b127608040aa3ef6e118a13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a8-c8a8-4844-8897-46b1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:08.000Z",
"modified": "2016-08-17T14:16:08.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'b170d015e32b39fa4ac15f94d58e45e65cd16d6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a8-fb7c-4dd7-b366-495f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:08.000Z",
"modified": "2016-08-17T14:16:08.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'c9b3d2cef3b34c7ee18fc2f60ff022965959613d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a8-fb24-4246-8f8e-4093950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:08.000Z",
"modified": "2016-08-17T14:16:08.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'cd425ce7f3e4a823d9027780e1b439759c4dc665']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a8-c074-49c5-a84a-4c2b950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:08.000Z",
"modified": "2016-08-17T14:16:08.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'd5e82513c6472d3826a22d9a15c05af8c0d33b58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a9-29f0-4524-9743-4ffb950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:09.000Z",
"modified": "2016-08-17T14:16:09.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'd9b32084f27ef13001060e1dcee8a1a9e95d89a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a9-4a44-46d5-94ad-400c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:09.000Z",
"modified": "2016-08-17T14:16:09.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'daa2d1cb9148b7ba5a86fa9ab593678e77c92672']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a9-0f70-4473-9189-41f6950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:09.000Z",
"modified": "2016-08-17T14:16:09.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'e2c098a95d1c1f0e29f207af9c5ffc5bd69a92ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a9-2588-4b70-8997-4f2f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:09.000Z",
"modified": "2016-08-17T14:16:09.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'ef8cf68dc3c80e9cb5a3fa0f92b544eab583812e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471a9-83b8-4570-81c2-45f8950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:09.000Z",
"modified": "2016-08-17T14:16:09.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'f0fc0a4e4e0748464caa6a202d0083cd33458677']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57b471aa-ef54-405c-a475-4d95950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-08-17T14:16:10.000Z",
"modified": "2016-08-17T14:16:10.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA1 = 'fe1abe55529c1d6aa6b2a2f02d7e41ea58040feb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-08-17T14:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink