adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/551427fe-47ac-4247-93f0-c906950d210b.json

2170 lines
91 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--551427fe-47ac-4247-93f0-c906950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:36.000Z",
"modified": "2015-08-19T13:06:36.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--551427fe-47ac-4247-93f0-c906950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:36.000Z",
"modified": "2015-08-19T13:06:36.000Z",
"name": "OSINT - PlugX goes to the registry (and India)",
"published": "2015-03-26T15:54:57Z",
"object_refs": [
"observed-data--5514281c-0d28-49da-b97e-cac2950d210b",
"url--5514281c-0d28-49da-b97e-cac2950d210b",
"x-misp-attribute--55142838-f558-43f8-9a55-0988950d210b",
"observed-data--55142850-c100-4215-a3aa-c2b7950d210b",
"file--55142850-c100-4215-a3aa-c2b7950d210b",
"indicator--5514286b-63ac-4c17-8c3f-4ceb950d210b",
"indicator--55142881-d534-4df9-b4c9-c2b7950d210b",
"indicator--55142893-e034-4995-873c-d140950d210b",
"indicator--551428b4-efc4-419a-affa-c941950d210b",
"indicator--551428c2-858c-4fe1-99e6-c2d9950d210b",
"indicator--551428d5-05ec-4c11-ad75-0988950d210b",
"indicator--551428f5-e528-4919-a060-c2d9950d210b",
"indicator--55142900-be34-46d4-afc2-463a950d210b",
"indicator--55142918-8be4-4f90-b698-c941950d210b",
"indicator--55142935-0734-41c4-b46e-4d9d950d210b",
"indicator--55142944-0010-4e16-ac95-c2b7950d210b",
"indicator--55142951-d724-48cb-9bdc-c2d9950d210b",
"indicator--55142961-cb80-43f6-ada1-c906950d210b",
"indicator--5514296f-c200-4084-bda1-d140950d210b",
"indicator--55142980-5538-4b73-9b14-0988950d210b",
"indicator--551429a4-5b40-4546-adfd-0988950d210b",
"indicator--551429b9-c6e8-4a70-b37f-c2d9950d210b",
"observed-data--551429d3-5ee8-444b-b241-c2b7950d210b",
"file--551429d3-5ee8-444b-b241-c2b7950d210b",
"indicator--551429e8-6fcc-4190-ae4b-4b0b950d210b",
"indicator--55142a0e-8c8c-45ba-8798-cac2950d210b",
"indicator--55142a1d-ac64-4456-a442-0988950d210b",
"indicator--55142a2e-71c0-42b3-b1c1-c2d9950d210b",
"indicator--55142a43-226c-40a7-bb80-4930950d210b",
"indicator--55142a52-c084-4607-a8e8-c906950d210b",
"indicator--55142a60-7d28-4e38-b873-48ce950d210b",
"indicator--55142a74-5f38-42e6-b2a1-c2b7950d210b",
"indicator--55142aa5-4630-4a46-94dd-d140950d210b",
"indicator--55142ab5-7cd4-4304-bb9c-c942950d210b",
"indicator--55142af0-2450-4c8b-967b-0988950d210b",
"indicator--55142b06-3d98-4782-9976-c2b7950d210b",
"indicator--55142b15-3858-41ed-b77c-0988950d210b",
"indicator--55142b25-e2e0-4728-9930-410b950d210b",
"indicator--55142b51-fe90-4efd-9378-c906950d210b",
"indicator--55142b64-4edc-45f6-b021-c942950d210b",
"indicator--55142b77-9914-4a2d-9ad6-d140950d210b",
"indicator--55142b86-ead0-4ab3-991f-c941950d210b",
"indicator--55142b9b-2814-449c-b369-d140950d210b",
"indicator--55142baf-33e8-4cb9-a585-c941950d210b",
"indicator--55d47f5d-411c-49cc-8b4e-4a05950d210b",
"indicator--55d47f5d-2ea0-4537-b56c-4a75950d210b",
"observed-data--55d47f5d-5260-4c37-a024-4c22950d210b",
"url--55d47f5d-5260-4c37-a024-4c22950d210b",
"indicator--55d47f5d-4ef8-4993-84dd-48ef950d210b",
"indicator--55d47f5d-baa8-46f5-965b-4b86950d210b",
"observed-data--55d47f5e-cec4-4589-b62d-439a950d210b",
"url--55d47f5e-cec4-4589-b62d-439a950d210b",
"indicator--55d47f5e-0df8-460b-80cd-42b8950d210b",
"indicator--55d47f5e-3d0c-45d9-94e9-4576950d210b",
"observed-data--55d47f5e-bee0-47d5-bcb9-46e7950d210b",
"url--55d47f5e-bee0-47d5-bcb9-46e7950d210b",
"indicator--55d47f5f-7930-4084-9379-421e950d210b",
"indicator--55d47f5f-78f0-4668-8d40-4955950d210b",
"observed-data--55d47f5f-a5e4-4025-bc8b-418f950d210b",
"url--55d47f5f-a5e4-4025-bc8b-418f950d210b",
"indicator--55d47f5f-af58-46b3-ad3a-4f94950d210b",
"indicator--55d47f5f-12fc-4cf4-8d45-43f3950d210b",
"observed-data--55d47f60-8bdc-4bd2-8518-4623950d210b",
"url--55d47f60-8bdc-4bd2-8518-4623950d210b",
"indicator--55d47f60-6160-42d5-9242-4ccd950d210b",
"indicator--55d47f60-2b98-4005-a170-4409950d210b",
"observed-data--55d47f60-596c-4c4c-99cc-4d12950d210b",
"url--55d47f60-596c-4c4c-99cc-4d12950d210b",
"indicator--55d47f60-53e0-4220-bec3-407a950d210b",
"indicator--55d47f61-0d7c-4a61-8e48-4e19950d210b",
"observed-data--55d47f61-a6b4-41f0-8afa-4e77950d210b",
"url--55d47f61-a6b4-41f0-8afa-4e77950d210b",
"indicator--55d47f61-60a0-4529-ad61-4c75950d210b",
"indicator--55d47f61-341c-41e6-b4f6-492f950d210b",
"observed-data--55d47f61-c380-4311-a946-4ab6950d210b",
"url--55d47f61-c380-4311-a946-4ab6950d210b",
"indicator--55d47f62-617c-4760-b0e5-490f950d210b",
"indicator--55d47f62-fd14-4aa8-8359-4691950d210b",
"observed-data--55d47f62-4890-43b3-bc78-4d25950d210b",
"url--55d47f62-4890-43b3-bc78-4d25950d210b",
"indicator--55d47f62-8994-40df-aa97-4c27950d210b",
"indicator--55d47f62-23e4-4fdd-87b2-4dfd950d210b",
"observed-data--55d47f62-7704-471f-863b-40ee950d210b",
"url--55d47f62-7704-471f-863b-40ee950d210b",
"indicator--55d47f63-6118-4d47-8c9f-4381950d210b",
"indicator--55d47f63-c840-4b95-abea-4dc2950d210b",
"observed-data--55d47f63-5c80-4c71-8495-45bc950d210b",
"url--55d47f63-5c80-4c71-8495-45bc950d210b",
"indicator--55d47f63-a864-450a-bb1d-41a5950d210b",
"indicator--55d47f63-4c20-4f2a-9b78-4f99950d210b",
"observed-data--55d47f64-468c-4563-8019-4c5b950d210b",
"url--55d47f64-468c-4563-8019-4c5b950d210b",
"indicator--55d47f64-625c-45d3-8384-45a7950d210b",
"indicator--55d47f64-9ebc-4586-bb3b-4fec950d210b",
"observed-data--55d47f64-6208-45ee-83f0-4cf9950d210b",
"url--55d47f64-6208-45ee-83f0-4cf9950d210b",
"indicator--55d47f64-5688-42a9-b84b-4bc2950d210b",
"indicator--55d47f65-84b0-4147-9245-4deb950d210b",
"observed-data--55d47f65-d564-447e-bb14-4945950d210b",
"url--55d47f65-d564-447e-bb14-4945950d210b",
"indicator--55d47f65-2208-4e14-b2c0-4dbe950d210b",
"indicator--55d47f65-af80-48f6-8e57-4351950d210b",
"observed-data--55d47f65-86dc-4142-9daf-4f54950d210b",
"url--55d47f65-86dc-4142-9daf-4f54950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5514281c-0d28-49da-b97e-cac2950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:39:08.000Z",
"modified": "2015-03-26T15:39:08.000Z",
"first_observed": "2015-03-26T15:39:08Z",
"last_observed": "2015-03-26T15:39:08Z",
"number_observed": 1,
"object_refs": [
"url--5514281c-0d28-49da-b97e-cac2950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5514281c-0d28-49da-b97e-cac2950d210b",
"value": "https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/plugx-goes-to-the-registry-and-india.pdf"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--55142838-f558-43f8-9a55-0988950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:39:36.000Z",
"modified": "2015-03-26T15:39:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Other\""
],
"x_misp_category": "Other",
"x_misp_type": "text",
"x_misp_value": "PlugX"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55142850-c100-4215-a3aa-c2b7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:40:00.000Z",
"modified": "2015-03-26T15:40:00.000Z",
"first_observed": "2015-03-26T15:40:00Z",
"last_observed": "2015-03-26T15:40:00Z",
"number_observed": 1,
"object_refs": [
"file--55142850-c100-4215-a3aa-c2b7950d210b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--55142850-c100-4215-a3aa-c2b7950d210b",
"name": "ghozaresh amniyati.doc"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5514286b-63ac-4c17-8c3f-4ceb950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:40:27.000Z",
"modified": "2015-03-26T15:40:27.000Z",
"pattern": "[file:name = 'ghozaresh amniyati.doc' AND file:hashes.SHA1 = '19e9dfabdb9b10a90b62c12f205ff0d1eeef3f14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:40:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142881-d534-4df9-b4c9-c2b7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:40:49.000Z",
"modified": "2015-03-26T15:40:49.000Z",
"pattern": "[file:name = '\\\\%PROFILE\\\\%\\\\Application Data\\\\Erease.vbe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:40:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142893-e034-4995-873c-d140950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:41:07.000Z",
"modified": "2015-03-26T15:41:07.000Z",
"pattern": "[domain-name:value = 'www.freetimes.dns05.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:41:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--551428b4-efc4-419a-affa-c941950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:41:40.000Z",
"modified": "2015-03-26T15:41:40.000Z",
"pattern": "[file:name = '\u00d0\u0178\u00d1\u20ac\u00d0\u00be\u00d0\u00b5\u00d0\u00ba\u00d1\u201a\u00d1\u2039.doc' AND file:hashes.SHA1 = 'd746ca9b74fb04782e0e783980f7702a9356f1c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:41:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--551428c2-858c-4fe1-99e6-c2d9950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:41:54.000Z",
"modified": "2015-03-26T15:41:54.000Z",
"pattern": "[domain-name:value = 'lucas1.dnset.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:41:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--551428d5-05ec-4c11-ad75-0988950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:42:13.000Z",
"modified": "2015-03-26T15:42:13.000Z",
"pattern": "[file:name = '\u00d1\u201a\u00d0\u00b5\u00d0\u00bb\u00d0\u00b5\u00d1\u201e\u00d0\u00be\u00d0\u00bd\u00d0\u00bd\u00d0\u00b0\u00d1\u008f \u00d0\u00ba\u00d0\u00bd\u00d0\u00b8\u00d0\u00b3\u00d0\u00b0 \u00d0\u00b8 \u00d0\u00bf\u00d0\u00be\u00d1\u2021\u00d1\u201a\u00d0\u00be\u00d0\u00b2\u00d1\u2039\u00d0\u00b9 \u00d0\u00b0\u00d0\u00b4\u00d1\u20ac\u00d0\u00b5\u00d1\u0081(2014.10).doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:42:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--551428f5-e528-4919-a060-c2d9950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:42:45.000Z",
"modified": "2015-03-26T15:42:45.000Z",
"pattern": "[domain-name:value = 'supercat.strangled.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:42:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142900-be34-46d4-afc2-463a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:42:56.000Z",
"modified": "2015-03-26T15:42:56.000Z",
"pattern": "[file:hashes.SHA1 = 'a97827aef54e7969b9cbbec64d9ee81a835f2240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:42:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142918-8be4-4f90-b698-c941950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:43:20.000Z",
"modified": "2015-03-26T15:43:20.000Z",
"pattern": "[file:hashes.SHA1 = '6f845ef154a0b456afcf8b562a0387dabf4f5f85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142935-0734-41c4-b46e-4d9d950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:43:49.000Z",
"modified": "2015-03-26T15:43:49.000Z",
"pattern": "[file:name = 'Calling Off India-Pak Talks.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:43:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142944-0010-4e16-ac95-c2b7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:44:04.000Z",
"modified": "2015-03-26T15:44:04.000Z",
"pattern": "[domain-name:value = 'nusteachers.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:44:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142951-d724-48cb-9bdc-c2d9950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:44:17.000Z",
"modified": "2015-03-26T15:44:17.000Z",
"pattern": "[file:hashes.SHA1 = 'e8a29bb90422fa6116563073725fa54169998325']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:44:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142961-cb80-43f6-ada1-c906950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:44:33.000Z",
"modified": "2015-03-26T15:44:33.000Z",
"pattern": "[file:name = 'Human Rights Violations of Tibet.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:44:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5514296f-c200-4084-bda1-d140950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:44:47.000Z",
"modified": "2015-03-26T15:44:47.000Z",
"pattern": "[domain-name:value = 'ruchi.mysq1.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:44:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142980-5538-4b73-9b14-0988950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:45:04.000Z",
"modified": "2015-03-26T15:45:04.000Z",
"pattern": "[file:hashes.SHA1 = 'a7e52cb429ac22cc20be77158f97d6f9dd887e1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:45:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--551429a4-5b40-4546-adfd-0988950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:45:40.000Z",
"modified": "2015-03-26T15:45:40.000Z",
"pattern": "[domain-name:value = 'lucas1.freetcp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:45:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--551429b9-c6e8-4a70-b37f-c2d9950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:46:01.000Z",
"modified": "2015-03-26T15:46:01.000Z",
"pattern": "[file:hashes.SHA1 = '147fbdfeed9f0825026b3b3ce558c3ad00410b11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:46:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--551429d3-5ee8-444b-b241-c2b7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:46:27.000Z",
"modified": "2015-03-26T15:46:27.000Z",
"first_observed": "2015-03-26T15:46:27Z",
"last_observed": "2015-03-26T15:46:27Z",
"number_observed": 1,
"object_refs": [
"file--551429d3-5ee8-444b-b241-c2b7950d210b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--551429d3-5ee8-444b-b241-c2b7950d210b",
"name": "Minutes of meeting.doc"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--551429e8-6fcc-4190-ae4b-4b0b950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:46:48.000Z",
"modified": "2015-03-26T15:46:48.000Z",
"pattern": "[file:hashes.SHA1 = '8ee8ab984cb01762dfc6d341278b87a7c83906cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:46:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142a0e-8c8c-45ba-8798-cac2950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:47:26.000Z",
"modified": "2015-03-26T15:47:26.000Z",
"pattern": "[file:name = 'U.S.,_India_to_formulate_smart_city_action_plans_in_three_months.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:47:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142a1d-ac64-4456-a442-0988950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:47:41.000Z",
"modified": "2015-03-26T15:47:41.000Z",
"pattern": "[domain-name:value = 'unisers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:47:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142a2e-71c0-42b3-b1c1-c2d9950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:47:58.000Z",
"modified": "2015-03-26T15:47:58.000Z",
"pattern": "[file:hashes.SHA1 = 'a4602a357360b0ed8e9b0814b1322146156fb7f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:47:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142a43-226c-40a7-bb80-4930950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:48:19.000Z",
"modified": "2015-03-26T15:48:19.000Z",
"pattern": "[file:name = 'CHINA NEWS BRIEF 09 of 2015.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:48:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142a52-c084-4607-a8e8-c906950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:48:34.000Z",
"modified": "2015-03-26T15:48:34.000Z",
"pattern": "[domain-name:value = 'freemoney.ignorelist.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:48:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142a60-7d28-4e38-b873-48ce950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:48:48.000Z",
"modified": "2015-03-26T15:48:48.000Z",
"pattern": "[file:hashes.SHA1 = '03b2a660d68004444a5189173e3b8001f4a7cd0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:48:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142a74-5f38-42e6-b2a1-c2b7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:49:08.000Z",
"modified": "2015-03-26T15:49:08.000Z",
"pattern": "[file:name = 'Draft contract CMS Trg System.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:49:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142aa5-4630-4a46-94dd-d140950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:49:57.000Z",
"modified": "2015-03-26T15:49:57.000Z",
"description": "The underlying shellcode is multi-stage andhas already been observed in an earlier sample dropping a PlugX v2 variant (SHA1: 9b90d6608ba6167619b5991fd70319dfcd1fa881, date constant 0x20140613), but in that case without the top level cryptor",
"pattern": "[file:hashes.SHA1 = '9b90d6608ba6167619b5991fd70319dfcd1fa881']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:49:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142ab5-7cd4-4304-bb9c-c942950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:50:25.000Z",
"modified": "2015-03-26T15:50:25.000Z",
"pattern": "[file:hashes.SHA1 = 'dea6525b696df4643b10eb91381d95eec51479d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:50:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142af0-2450-4c8b-967b-0988950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:51:12.000Z",
"modified": "2015-03-26T15:51:12.000Z",
"pattern": "[file:name = 'paris_declaration january_final.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:51:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b06-3d98-4782-9976-c2b7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:51:34.000Z",
"modified": "2015-03-26T15:51:34.000Z",
"pattern": "[domain-name:value = 'sumy2012.jkub.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:51:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b15-3858-41ed-b77c-0988950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:51:49.000Z",
"modified": "2015-03-26T15:51:49.000Z",
"pattern": "[file:hashes.SHA1 = '6340a7916db67c1b6dc1731014bb440435578c66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:51:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b25-e2e0-4728-9930-410b950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:52:05.000Z",
"modified": "2015-03-26T15:52:05.000Z",
"pattern": "[file:name = 'Obama against IS.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:52:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b51-fe90-4efd-9378-c906950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:52:49.000Z",
"modified": "2015-03-26T15:52:49.000Z",
"description": "Origin contains underscore (but not RFC valid)",
"pattern": "[domain-name:value = 'dheeraj-gaurav.mooo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b64-4edc-45f6-b021-c942950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:53:08.000Z",
"modified": "2015-03-26T15:53:08.000Z",
"pattern": "[file:hashes.SHA1 = '739405cad3650ed0447a475f50f814f7c9787ff4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:53:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b77-9914-4a2d-9ad6-d140950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:53:27.000Z",
"modified": "2015-03-26T15:53:27.000Z",
"pattern": "[domain-name:value = 'www.notebookhk.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:53:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b86-ead0-4ab3-991f-c941950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:53:42.000Z",
"modified": "2015-03-26T15:53:42.000Z",
"pattern": "[file:hashes.SHA1 = '56b3f0f03ae12b56c000df67c1153d518c8a66fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142b9b-2814-449c-b369-d140950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:54:03.000Z",
"modified": "2015-03-26T15:54:03.000Z",
"pattern": "[file:name = 'United Nations Security Council Committee Pursuant to Resolutions1267.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:54:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55142baf-33e8-4cb9-a585-c941950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-03-26T15:54:23.000Z",
"modified": "2015-03-26T15:54:23.000Z",
"pattern": "[domain-name:value = 'www.togolaga.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-03-26T15:54:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5d-411c-49cc-8b4e-4a05950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:37.000Z",
"modified": "2015-08-19T13:06:37.000Z",
"description": "- Xchecked via VT: 6f845ef154a0b456afcf8b562a0387dabf4f5f85",
"pattern": "[file:hashes.MD5 = 'b81879328ef8e954f94fdc9c1e8cbdf7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5d-2ea0-4537-b56c-4a75950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:37.000Z",
"modified": "2015-08-19T13:06:37.000Z",
"description": "- Xchecked via VT: 6f845ef154a0b456afcf8b562a0387dabf4f5f85",
"pattern": "[file:hashes.SHA256 = 'a7f4a24c028d52543e5b62bc3369dff33dd39996c76d1d9c0437fd2e2d9c84dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f5d-5260-4c37-a024-4c22950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:37.000Z",
"modified": "2015-08-19T13:06:37.000Z",
"first_observed": "2015-08-19T13:06:37Z",
"last_observed": "2015-08-19T13:06:37Z",
"number_observed": 1,
"object_refs": [
"url--55d47f5d-5260-4c37-a024-4c22950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f5d-5260-4c37-a024-4c22950d210b",
"value": "https://www.virustotal.com/file/a7f4a24c028d52543e5b62bc3369dff33dd39996c76d1d9c0437fd2e2d9c84dd/analysis/1438951622/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5d-4ef8-4993-84dd-48ef950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:37.000Z",
"modified": "2015-08-19T13:06:37.000Z",
"description": "- Xchecked via VT: dea6525b696df4643b10eb91381d95eec51479d7",
"pattern": "[file:hashes.MD5 = 'db65cf057815a6fd7111f2f690b872b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5d-baa8-46f5-965b-4b86950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:37.000Z",
"modified": "2015-08-19T13:06:37.000Z",
"description": "- Xchecked via VT: dea6525b696df4643b10eb91381d95eec51479d7",
"pattern": "[file:hashes.SHA256 = '847f01049fefea4877249ee72e1757ded4445fa61b45a352f7c9101169dbe2fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f5e-cec4-4589-b62d-439a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:38.000Z",
"modified": "2015-08-19T13:06:38.000Z",
"first_observed": "2015-08-19T13:06:38Z",
"last_observed": "2015-08-19T13:06:38Z",
"number_observed": 1,
"object_refs": [
"url--55d47f5e-cec4-4589-b62d-439a950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f5e-cec4-4589-b62d-439a950d210b",
"value": "https://www.virustotal.com/file/847f01049fefea4877249ee72e1757ded4445fa61b45a352f7c9101169dbe2fa/analysis/1427410306/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5e-0df8-460b-80cd-42b8950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:38.000Z",
"modified": "2015-08-19T13:06:38.000Z",
"description": "- Xchecked via VT: 8ee8ab984cb01762dfc6d341278b87a7c83906cf",
"pattern": "[file:hashes.MD5 = 'b0ae36bcf725d53ed73126ed56e55951']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5e-3d0c-45d9-94e9-4576950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:38.000Z",
"modified": "2015-08-19T13:06:38.000Z",
"description": "- Xchecked via VT: 8ee8ab984cb01762dfc6d341278b87a7c83906cf",
"pattern": "[file:hashes.SHA256 = '7bd0ecace68819b7f4038084d380a4e698b94dc6381965567fbd4910b55ae53a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f5e-bee0-47d5-bcb9-46e7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:38.000Z",
"modified": "2015-08-19T13:06:38.000Z",
"first_observed": "2015-08-19T13:06:38Z",
"last_observed": "2015-08-19T13:06:38Z",
"number_observed": 1,
"object_refs": [
"url--55d47f5e-bee0-47d5-bcb9-46e7950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f5e-bee0-47d5-bcb9-46e7950d210b",
"value": "https://www.virustotal.com/file/7bd0ecace68819b7f4038084d380a4e698b94dc6381965567fbd4910b55ae53a/analysis/1427409129/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5f-7930-4084-9379-421e950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:39.000Z",
"modified": "2015-08-19T13:06:39.000Z",
"description": "- Xchecked via VT: 739405cad3650ed0447a475f50f814f7c9787ff4",
"pattern": "[file:hashes.MD5 = '52248e78413d8f2bfb22677bc0b3b1ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5f-78f0-4668-8d40-4955950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:39.000Z",
"modified": "2015-08-19T13:06:39.000Z",
"description": "- Xchecked via VT: 739405cad3650ed0447a475f50f814f7c9787ff4",
"pattern": "[file:hashes.SHA256 = 'eac9ce7e475226bb30def1e652f6952dcd1461419af005b10a87aa6b11226b6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f5f-a5e4-4025-bc8b-418f950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:39.000Z",
"modified": "2015-08-19T13:06:39.000Z",
"first_observed": "2015-08-19T13:06:39Z",
"last_observed": "2015-08-19T13:06:39Z",
"number_observed": 1,
"object_refs": [
"url--55d47f5f-a5e4-4025-bc8b-418f950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f5f-a5e4-4025-bc8b-418f950d210b",
"value": "https://www.virustotal.com/file/eac9ce7e475226bb30def1e652f6952dcd1461419af005b10a87aa6b11226b6f/analysis/1430987211/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5f-af58-46b3-ad3a-4f94950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:39.000Z",
"modified": "2015-08-19T13:06:39.000Z",
"description": "- Xchecked via VT: a97827aef54e7969b9cbbec64d9ee81a835f2240",
"pattern": "[file:hashes.MD5 = 'a4c31191657992a4ae0ed1490f5497ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f5f-12fc-4cf4-8d45-43f3950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:39.000Z",
"modified": "2015-08-19T13:06:39.000Z",
"description": "- Xchecked via VT: a97827aef54e7969b9cbbec64d9ee81a835f2240",
"pattern": "[file:hashes.SHA256 = 'e298b31c186c7e9d1585cce10321f200aed5da7b2b9bf2f465d22b980378a287']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f60-8bdc-4bd2-8518-4623950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:40.000Z",
"modified": "2015-08-19T13:06:40.000Z",
"first_observed": "2015-08-19T13:06:40Z",
"last_observed": "2015-08-19T13:06:40Z",
"number_observed": 1,
"object_refs": [
"url--55d47f60-8bdc-4bd2-8518-4623950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f60-8bdc-4bd2-8518-4623950d210b",
"value": "https://www.virustotal.com/file/e298b31c186c7e9d1585cce10321f200aed5da7b2b9bf2f465d22b980378a287/analysis/1424874254/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f60-6160-42d5-9242-4ccd950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:40.000Z",
"modified": "2015-08-19T13:06:40.000Z",
"description": "- Xchecked via VT: 6340a7916db67c1b6dc1731014bb440435578c66",
"pattern": "[file:hashes.MD5 = '9eca81dd6953e4ff691d8a534280a8f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f60-2b98-4005-a170-4409950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:40.000Z",
"modified": "2015-08-19T13:06:40.000Z",
"description": "- Xchecked via VT: 6340a7916db67c1b6dc1731014bb440435578c66",
"pattern": "[file:hashes.SHA256 = 'd474eec649cb1825c487df07a1ef2a0c9767949bdcadf60ab996f71fd143a214']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f60-596c-4c4c-99cc-4d12950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:40.000Z",
"modified": "2015-08-19T13:06:40.000Z",
"first_observed": "2015-08-19T13:06:40Z",
"last_observed": "2015-08-19T13:06:40Z",
"number_observed": 1,
"object_refs": [
"url--55d47f60-596c-4c4c-99cc-4d12950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f60-596c-4c4c-99cc-4d12950d210b",
"value": "https://www.virustotal.com/file/d474eec649cb1825c487df07a1ef2a0c9767949bdcadf60ab996f71fd143a214/analysis/1427410305/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f60-53e0-4220-bec3-407a950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:40.000Z",
"modified": "2015-08-19T13:06:40.000Z",
"description": "- Xchecked via VT: 03b2a660d68004444a5189173e3b8001f4a7cd0b",
"pattern": "[file:hashes.MD5 = '5bb6be7fcddcd1cc51957ebc17ed872a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f61-0d7c-4a61-8e48-4e19950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:41.000Z",
"modified": "2015-08-19T13:06:41.000Z",
"description": "- Xchecked via VT: 03b2a660d68004444a5189173e3b8001f4a7cd0b",
"pattern": "[file:hashes.SHA256 = 'add84116acee953f6606a2240059a05fb4658cfacdee6dd75be752e183c5cab7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f61-a6b4-41f0-8afa-4e77950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:41.000Z",
"modified": "2015-08-19T13:06:41.000Z",
"first_observed": "2015-08-19T13:06:41Z",
"last_observed": "2015-08-19T13:06:41Z",
"number_observed": 1,
"object_refs": [
"url--55d47f61-a6b4-41f0-8afa-4e77950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f61-a6b4-41f0-8afa-4e77950d210b",
"value": "https://www.virustotal.com/file/add84116acee953f6606a2240059a05fb4658cfacdee6dd75be752e183c5cab7/analysis/1427409131/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f61-60a0-4529-ad61-4c75950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:41.000Z",
"modified": "2015-08-19T13:06:41.000Z",
"description": "The underlying shellcode is multi-stage andhas already been observed in an earlier sample dropping a PlugX v2 variant (SHA1: 9b90d6608ba6167619b5991fd70319dfcd1fa881, date constant 0x20140613), but in that case without the top level cryptor - Xchecked via VT: 9b90d6608ba6167619b5991fd70319dfcd1fa881",
"pattern": "[file:hashes.MD5 = '0f0c9e1dfc278687d00cffeef7d3f942']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f61-341c-41e6-b4f6-492f950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:41.000Z",
"modified": "2015-08-19T13:06:41.000Z",
"description": "The underlying shellcode is multi-stage andhas already been observed in an earlier sample dropping a PlugX v2 variant (SHA1: 9b90d6608ba6167619b5991fd70319dfcd1fa881, date constant 0x20140613), but in that case without the top level cryptor - Xchecked via VT: 9b90d6608ba6167619b5991fd70319dfcd1fa881",
"pattern": "[file:hashes.SHA256 = '9691a0c0407bee4df7ded82650aa8b9a52d2194523b604b8d1bfb09ac39b3a75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f61-c380-4311-a946-4ab6950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:41.000Z",
"modified": "2015-08-19T13:06:41.000Z",
"first_observed": "2015-08-19T13:06:41Z",
"last_observed": "2015-08-19T13:06:41Z",
"number_observed": 1,
"object_refs": [
"url--55d47f61-c380-4311-a946-4ab6950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f61-c380-4311-a946-4ab6950d210b",
"value": "https://www.virustotal.com/file/9691a0c0407bee4df7ded82650aa8b9a52d2194523b604b8d1bfb09ac39b3a75/analysis/1427410306/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f62-617c-4760-b0e5-490f950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:41.000Z",
"modified": "2015-08-19T13:06:41.000Z",
"description": "- Xchecked via VT: 147fbdfeed9f0825026b3b3ce558c3ad00410b11",
"pattern": "[file:hashes.MD5 = '80e420a8e3895cd2c059777cea60c256']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f62-fd14-4aa8-8359-4691950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:42.000Z",
"modified": "2015-08-19T13:06:42.000Z",
"description": "- Xchecked via VT: 147fbdfeed9f0825026b3b3ce558c3ad00410b11",
"pattern": "[file:hashes.SHA256 = 'b7268e28be84a705b3076e4c3fa9e591a88fe320698e92b1470cf31e1932ca6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f62-4890-43b3-bc78-4d25950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:42.000Z",
"modified": "2015-08-19T13:06:42.000Z",
"first_observed": "2015-08-19T13:06:42Z",
"last_observed": "2015-08-19T13:06:42Z",
"number_observed": 1,
"object_refs": [
"url--55d47f62-4890-43b3-bc78-4d25950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f62-4890-43b3-bc78-4d25950d210b",
"value": "https://www.virustotal.com/file/b7268e28be84a705b3076e4c3fa9e591a88fe320698e92b1470cf31e1932ca6c/analysis/1426784898/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f62-8994-40df-aa97-4c27950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:42.000Z",
"modified": "2015-08-19T13:06:42.000Z",
"description": "- Xchecked via VT: 56b3f0f03ae12b56c000df67c1153d518c8a66fc",
"pattern": "[file:hashes.MD5 = '1bfa72cc55fb5c4f9a388959590caea5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f62-23e4-4fdd-87b2-4dfd950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:42.000Z",
"modified": "2015-08-19T13:06:42.000Z",
"description": "- Xchecked via VT: 56b3f0f03ae12b56c000df67c1153d518c8a66fc",
"pattern": "[file:hashes.SHA256 = '00b51d18a00bc6a257d81ed67374d06ef006eb4db02840cefc94f314f3e05ad7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f62-7704-471f-863b-40ee950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:42.000Z",
"modified": "2015-08-19T13:06:42.000Z",
"first_observed": "2015-08-19T13:06:42Z",
"last_observed": "2015-08-19T13:06:42Z",
"number_observed": 1,
"object_refs": [
"url--55d47f62-7704-471f-863b-40ee950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f62-7704-471f-863b-40ee950d210b",
"value": "https://www.virustotal.com/file/00b51d18a00bc6a257d81ed67374d06ef006eb4db02840cefc94f314f3e05ad7/analysis/1429525184/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f63-6118-4d47-8c9f-4381950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:43.000Z",
"modified": "2015-08-19T13:06:43.000Z",
"description": "- Xchecked via VT: e8a29bb90422fa6116563073725fa54169998325",
"pattern": "[file:hashes.MD5 = 'b57c06d70beeb3897d57a5864cd332ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f63-c840-4b95-abea-4dc2950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:43.000Z",
"modified": "2015-08-19T13:06:43.000Z",
"description": "- Xchecked via VT: e8a29bb90422fa6116563073725fa54169998325",
"pattern": "[file:hashes.SHA256 = '38f44746c0ee83f9e82fd6a6b1859a711919edec0e414c1da025e999f48f7ae5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f63-5c80-4c71-8495-45bc950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:43.000Z",
"modified": "2015-08-19T13:06:43.000Z",
"first_observed": "2015-08-19T13:06:43Z",
"last_observed": "2015-08-19T13:06:43Z",
"number_observed": 1,
"object_refs": [
"url--55d47f63-5c80-4c71-8495-45bc950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f63-5c80-4c71-8495-45bc950d210b",
"value": "https://www.virustotal.com/file/38f44746c0ee83f9e82fd6a6b1859a711919edec0e414c1da025e999f48f7ae5/analysis/1424874013/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f63-a864-450a-bb1d-41a5950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:43.000Z",
"modified": "2015-08-19T13:06:43.000Z",
"description": "- Xchecked via VT: a7e52cb429ac22cc20be77158f97d6f9dd887e1f",
"pattern": "[file:hashes.MD5 = 'ceda8f6c88caf95def0c280505860f54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f63-4c20-4f2a-9b78-4f99950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:43.000Z",
"modified": "2015-08-19T13:06:43.000Z",
"description": "- Xchecked via VT: a7e52cb429ac22cc20be77158f97d6f9dd887e1f",
"pattern": "[file:hashes.SHA256 = '387b687cddaf993d06320a05f4d73433a6d31f712c8a34c8a76e991ae54a9998']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f64-468c-4563-8019-4c5b950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:44.000Z",
"modified": "2015-08-19T13:06:44.000Z",
"first_observed": "2015-08-19T13:06:44Z",
"last_observed": "2015-08-19T13:06:44Z",
"number_observed": 1,
"object_refs": [
"url--55d47f64-468c-4563-8019-4c5b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f64-468c-4563-8019-4c5b950d210b",
"value": "https://www.virustotal.com/file/387b687cddaf993d06320a05f4d73433a6d31f712c8a34c8a76e991ae54a9998/analysis/1422689777/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f64-625c-45d3-8384-45a7950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:44.000Z",
"modified": "2015-08-19T13:06:44.000Z",
"description": "- Xchecked via VT: 19e9dfabdb9b10a90b62c12f205ff0d1eeef3f14",
"pattern": "[file:hashes.MD5 = 'ce002e76ce3038070934fd6b883a2033']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f64-9ebc-4586-bb3b-4fec950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:44.000Z",
"modified": "2015-08-19T13:06:44.000Z",
"description": "- Xchecked via VT: 19e9dfabdb9b10a90b62c12f205ff0d1eeef3f14",
"pattern": "[file:hashes.SHA256 = 'f24b873fa61d48d5436099a79ccc5524b276fd0626a6e915dd3c5e5d231a9600']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f64-6208-45ee-83f0-4cf9950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:44.000Z",
"modified": "2015-08-19T13:06:44.000Z",
"first_observed": "2015-08-19T13:06:44Z",
"last_observed": "2015-08-19T13:06:44Z",
"number_observed": 1,
"object_refs": [
"url--55d47f64-6208-45ee-83f0-4cf9950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f64-6208-45ee-83f0-4cf9950d210b",
"value": "https://www.virustotal.com/file/f24b873fa61d48d5436099a79ccc5524b276fd0626a6e915dd3c5e5d231a9600/analysis/1427409128/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f64-5688-42a9-b84b-4bc2950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:44.000Z",
"modified": "2015-08-19T13:06:44.000Z",
"description": "- Xchecked via VT: a4602a357360b0ed8e9b0814b1322146156fb7f6",
"pattern": "[file:hashes.MD5 = '9d0388251cbaf3648aba463f66a8fee8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f65-84b0-4147-9245-4deb950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:45.000Z",
"modified": "2015-08-19T13:06:45.000Z",
"description": "- Xchecked via VT: a4602a357360b0ed8e9b0814b1322146156fb7f6",
"pattern": "[file:hashes.SHA256 = '89ab2d9643bdefd6d46618b2f11fb1357bb555a0e33d5d8fc8bb33eba3fe7cc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f65-d564-447e-bb14-4945950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:45.000Z",
"modified": "2015-08-19T13:06:45.000Z",
"first_observed": "2015-08-19T13:06:45Z",
"last_observed": "2015-08-19T13:06:45Z",
"number_observed": 1,
"object_refs": [
"url--55d47f65-d564-447e-bb14-4945950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f65-d564-447e-bb14-4945950d210b",
"value": "https://www.virustotal.com/file/89ab2d9643bdefd6d46618b2f11fb1357bb555a0e33d5d8fc8bb33eba3fe7cc3/analysis/1427409129/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f65-2208-4e14-b2c0-4dbe950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:45.000Z",
"modified": "2015-08-19T13:06:45.000Z",
"description": "- Xchecked via VT: d746ca9b74fb04782e0e783980f7702a9356f1c7",
"pattern": "[file:hashes.MD5 = '0064b8f850f36d2043892230c8c50e68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--55d47f65-af80-48f6-8e57-4351950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:45.000Z",
"modified": "2015-08-19T13:06:45.000Z",
"description": "- Xchecked via VT: d746ca9b74fb04782e0e783980f7702a9356f1c7",
"pattern": "[file:hashes.SHA256 = '68c5516e00166721acb775522cc033e1ccee6428e8d64eb9d7582b26b50c73f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-08-19T13:06:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--55d47f65-86dc-4142-9daf-4f54950d210b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2015-08-19T13:06:45.000Z",
"modified": "2015-08-19T13:06:45.000Z",
"first_observed": "2015-08-19T13:06:45Z",
"last_observed": "2015-08-19T13:06:45Z",
"number_observed": 1,
"object_refs": [
"url--55d47f65-86dc-4142-9daf-4f54950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--55d47f65-86dc-4142-9daf-4f54950d210b",
"value": "https://www.virustotal.com/file/68c5516e00166721acb775522cc033e1ccee6428e8d64eb9d7582b26b50c73f2/analysis/1427409128/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink