adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/555cacaa-4a44-43f0-909e-919a950d210b.json

3054 lines
126 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--555cacaa-4a44-43f0-909e-919a950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:58:44.000Z",
"modified": "2015-05-21T11:58:44.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--555cacaa-4a44-43f0-909e-919a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:58:44.000Z",
"modified": "2015-05-21T11:58:44.000Z",
"name": "OSINT Cmstar Downloader: Lurid and Enfal\u00e2\u20ac\u2122s New Cousin by Palo Alto Unit 42",
"published": "2016-02-22T14:17:05Z",
"object_refs": [
"observed-data--555cacb5-6720-417f-b869-cd10950d210b",
"url--555cacb5-6720-417f-b869-cd10950d210b",
"x-misp-attribute--555cacfd-4428-40f9-b5d3-3e56950d210b",
"x-misp-attribute--555cacfd-be3c-43b1-97c6-3e56950d210b",
"x-misp-attribute--555cacfd-4e08-40e1-ace6-3e56950d210b",
"indicator--555cad7c-a468-4122-b90c-4669950d210b",
"indicator--555cad8a-da98-4257-a20d-23b4950d210b",
"indicator--555cadb5-a460-482d-81ee-b9ab950d210b",
"indicator--555dc5aa-7bc4-4da4-98dd-175c950d210b",
"indicator--555dc5aa-ce8c-40ff-a218-175c950d210b",
"indicator--555dc5aa-fbcc-4b72-afba-175c950d210b",
"indicator--555dc5aa-3690-4dcb-970d-175c950d210b",
"indicator--555dc5aa-27ec-4b57-bb0e-175c950d210b",
"indicator--555dc5aa-4144-4158-a885-175c950d210b",
"indicator--555dc652-b4b4-48ba-8167-177c950d210b",
"indicator--555dc652-4498-4298-aab7-177c950d210b",
"indicator--555dc652-c2b0-4fec-877b-177c950d210b",
"indicator--555dc652-bb88-41f9-a014-177c950d210b",
"indicator--555dc652-c760-4328-9c5e-177c950d210b",
"indicator--555dc653-7694-4757-a90c-177c950d210b",
"indicator--555dc653-8450-43e4-ba34-177c950d210b",
"indicator--555dc653-0c34-410e-8b3e-177c950d210b",
"indicator--555dc653-d348-49e7-bb7a-177c950d210b",
"indicator--555dc653-f220-4ab8-9440-177c950d210b",
"indicator--555dc653-41bc-4974-9741-177c950d210b",
"indicator--555dc653-69ec-4e80-a444-177c950d210b",
"indicator--555dc653-04e4-4d97-91a1-177c950d210b",
"indicator--555dc654-e080-43c9-be8c-177c950d210b",
"indicator--555dc654-0834-4af6-bd30-177c950d210b",
"indicator--555dc654-8b9c-48cd-996b-177c950d210b",
"indicator--555dc654-0c10-4370-8cc8-177c950d210b",
"indicator--555dc6b9-3be8-4503-b4bb-175d950d210b",
"indicator--555dc6b9-bed0-4a52-9c11-175d950d210b",
"indicator--555dc6cc-a63c-45f0-9d2f-175b950d210b",
"indicator--555dc6cc-6c04-4024-a65e-175b950d210b",
"indicator--555dc6cc-5090-437a-8943-175b950d210b",
"indicator--555dc6cc-c53c-4bbd-bab4-175b950d210b",
"indicator--555dc6ec-43c0-4539-9bb4-1754950d210b",
"indicator--555dc6ec-43f4-4114-9dfd-1754950d210b",
"indicator--555dc6ec-328c-4439-b8e4-1754950d210b",
"indicator--555dc6ec-ef98-47f8-bd36-1754950d210b",
"indicator--555dc6ec-85c4-4feb-abf3-1754950d210b",
"indicator--555dc6ec-9e14-44d8-93ea-1754950d210b",
"indicator--555dc6ed-9f30-487b-b87c-1754950d210b",
"indicator--555dc6ed-9514-4db1-9903-1754950d210b",
"indicator--555dc6ed-a56c-4afb-8fc1-1754950d210b",
"indicator--555dc6ed-6438-4289-8043-1754950d210b",
"indicator--555dc6ed-f584-414b-b98a-1754950d210b",
"indicator--555dc6ed-e5f4-4fe8-b413-1754950d210b",
"indicator--555dc6ed-e504-47aa-bcb1-1754950d210b",
"indicator--555dc6ed-4c58-4108-a113-1754950d210b",
"indicator--555dc6ee-06cc-4338-8501-1754950d210b",
"indicator--555dc752-bf20-4425-8ae6-175b950d210b",
"indicator--555dc752-4ac8-4991-bc59-175b950d210b",
"indicator--555dc752-2e48-4923-8027-175b950d210b",
"indicator--555dc752-25ac-4916-a97f-175b950d210b",
"indicator--555dc752-3c2c-47d6-bdcf-175b950d210b",
"indicator--555dc752-0d50-4d3f-bd14-175b950d210b",
"indicator--555dc752-48e0-43a2-998d-175b950d210b",
"indicator--555dc752-8194-48eb-898e-175b950d210b",
"indicator--555dc753-f3d0-48d7-af3d-175b950d210b",
"indicator--555dc753-e044-4ddd-ac35-175b950d210b",
"indicator--555dc753-3f50-45d9-ab55-175b950d210b",
"indicator--555dc760-6e10-48ea-b776-4b5c950d210b",
"indicator--555dc760-94a8-4af4-a78b-4093950d210b",
"indicator--555dc760-25d0-461a-9102-4c1c950d210b",
"indicator--555dc760-f414-4d85-b127-46d3950d210b",
"indicator--555dc760-cd40-47bd-a0e4-4cb6950d210b",
"indicator--555dc760-73b0-4a45-bb17-4fd0950d210b",
"indicator--555dc760-25a8-4580-8157-4997950d210b",
"indicator--555dc760-98a0-43f2-a20b-44ee950d210b",
"indicator--555dc761-8aa0-4eec-baf7-4406950d210b",
"indicator--555dc761-bed0-4697-866f-42d3950d210b",
"indicator--555dc761-64e8-49c8-b2a6-47c6950d210b",
"indicator--555dc761-6da0-4a83-b09a-4e75950d210b",
"x-misp-attribute--555dc77a-a7cc-474b-878b-4453950d210b",
"indicator--555dc7c9-7054-4521-a4ca-175d950d210b",
"indicator--555dc7c9-0b4c-4ca3-aab0-175d950d210b",
"indicator--555dc7c9-3494-4f92-b2ed-175d950d210b",
"indicator--555dc7c9-6a14-46f2-94e6-175d950d210b",
"indicator--555dc7c9-2fcc-4d08-81e8-175d950d210b",
"indicator--555dc7c9-97c4-48bf-b5ae-175d950d210b",
"indicator--555dc7c9-c020-477b-901a-175d950d210b",
"indicator--555dc7dc-4fd8-400c-a514-175b950d210b",
"indicator--555dc7dc-ee50-4360-8e92-175b950d210b",
"indicator--555dc7dc-ccc8-4d1c-b3ce-175b950d210b",
"indicator--555dc7dc-4c8c-4cbb-9a28-175b950d210b",
"indicator--555dc7e9-9160-4fe2-827f-42dd950d210b",
"indicator--555dc7e9-9c20-429f-9339-464e950d210b",
"indicator--555dc7e9-0710-42ed-8cb9-4b45950d210b",
"indicator--555dc7e9-9c7c-400f-91cb-4b23950d210b",
"indicator--555dc809-2c04-442c-a28c-177c950d210b",
"observed-data--555dc874-6224-441d-8c57-175d950d210b",
"url--555dc874-6224-441d-8c57-175d950d210b",
"observed-data--555dc875-5c98-497e-85e7-175d950d210b",
"url--555dc875-5c98-497e-85e7-175d950d210b",
"observed-data--555dc875-d69c-4ba3-9689-175d950d210b",
"url--555dc875-d69c-4ba3-9689-175d950d210b",
"indicator--56c65c46-8458-40ca-896a-40ef950d210f",
"indicator--56c65c48-6024-414a-a083-41eb950d210f",
"indicator--56c65c4a-8858-42df-9b42-c651950d210f",
"indicator--56c65c4b-c0f0-41eb-8546-59a0950d210f",
"indicator--56c65c4d-3ed8-4edd-98e7-59a2950d210f",
"indicator--56c65c4f-1408-4cca-a419-4889950d210f",
"indicator--56c65c51-3c40-4830-8daa-59a0950d210f",
"indicator--56c65c52-84d8-465a-bb6b-c654950d210f",
"indicator--56c65c54-f3a8-4b60-a7db-59a1950d210f",
"indicator--56c65c56-f490-49b5-9555-c654950d210f",
"indicator--56c65c58-9680-4018-a0a9-5f51950d210f",
"indicator--56c65c59-5164-4826-b929-42f6950d210f",
"indicator--56c65c5c-d68c-4042-b4b4-59a1950d210f",
"indicator--56c65c5d-1a64-4ffa-9460-c650950d210f",
"indicator--56c65c43-7c2c-42e7-a79c-59a3950d210f",
"indicator--56c65c44-e774-4a38-bd44-5ca1950d210f",
"indicator--56c65c45-e174-4cf7-8f6f-c651950d210f",
"indicator--56c65c47-b4bc-41ae-ad18-59a2950d210f",
"indicator--56c65c49-debc-4a80-952d-5ca1950d210f",
"indicator--56c65c4a-3740-4a85-b31d-c652950d210f",
"indicator--56c65c4c-0564-4276-84ed-c654950d210f",
"indicator--56c65c4e-3f90-4e21-acd0-59a3950d210f",
"indicator--56c65c4f-ad98-4e1b-a1b7-599c950d210f",
"indicator--56c65c51-9788-4de7-9d0c-59a2950d210f",
"indicator--56c65c53-8798-4ef0-b2e3-4be2950d210f",
"indicator--56c65c55-9908-4fbf-a6e8-c651950d210f",
"indicator--56c65c56-97d8-467b-9e0d-423a950d210f",
"indicator--56c65c58-55c4-47e5-9b27-59a0950d210f",
"indicator--56c65c5a-4b70-4275-a51a-c651950d210f",
"indicator--56c65c5c-7608-4141-b377-59a0950d210f",
"indicator--56c65c5f-7ac0-4eb7-97d4-5f51950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555cacb5-6720-417f-b869-cd10950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-20T15:48:05.000Z",
"modified": "2015-05-20T15:48:05.000Z",
"first_observed": "2015-05-20T15:48:05Z",
"last_observed": "2015-05-20T15:48:05Z",
"number_observed": 1,
"object_refs": [
"url--555cacb5-6720-417f-b869-cd10950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555cacb5-6720-417f-b869-cd10950d210b",
"value": "http://researchcenter.paloaltonetworks.com/2015/05/cmstar-downloader-lurid-and-enfals-new-cousin/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555cacfd-4428-40f9-b5d3-3e56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-20T15:49:17.000Z",
"modified": "2015-05-20T15:49:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Cmstar"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555cacfd-be3c-43b1-97c6-3e56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-20T15:49:17.000Z",
"modified": "2015-05-20T15:49:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Lurid"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555cacfd-4e08-40e1-ace6-3e56950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-20T15:49:17.000Z",
"modified": "2015-05-20T15:49:17.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Enfal"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555cad7c-a468-4122-b90c-4669950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-20T15:51:24.000Z",
"modified": "2015-05-20T15:51:24.000Z",
"pattern": "[url:value = 'http://happy.launchtrue.com:8080/cgl-bin/update.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-20T15:51:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555cad8a-da98-4257-a20d-23b4950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-20T15:51:38.000Z",
"modified": "2015-05-20T15:51:38.000Z",
"pattern": "[url:value = '/cgl-bin/update.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-20T15:51:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555cadb5-a460-482d-81ee-b9ab950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-20T15:52:21.000Z",
"modified": "2015-05-20T15:52:21.000Z",
"pattern": "[mutex:name = '{53A4988C-F91F-4054-9076-220AC5EC03F3}']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-20T15:52:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc5aa-7bc4-4da4-98dd-175c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:46:50.000Z",
"modified": "2015-05-21T11:46:50.000Z",
"pattern": "[domain-name:value = 'links.dogsforhelp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc5aa-ce8c-40ff-a218-175c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:46:50.000Z",
"modified": "2015-05-21T11:46:50.000Z",
"pattern": "[domain-name:value = 'three.earewq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc5aa-fbcc-4b72-afba-175c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:46:50.000Z",
"modified": "2015-05-21T11:46:50.000Z",
"pattern": "[domain-name:value = 'question.eboregi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc5aa-3690-4dcb-970d-175c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:46:50.000Z",
"modified": "2015-05-21T11:46:50.000Z",
"pattern": "[domain-name:value = 'here.pechooin.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc5aa-27ec-4b57-bb0e-175c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:46:50.000Z",
"modified": "2015-05-21T11:46:50.000Z",
"pattern": "[domain-name:value = 'sarey.phdreport.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc5aa-4144-4158-a885-175c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:46:50.000Z",
"modified": "2015-05-21T11:46:50.000Z",
"pattern": "[domain-name:value = 'bakler.featurvoice.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:46:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc652-b4b4-48ba-8167-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:38.000Z",
"modified": "2015-05-21T11:49:38.000Z",
"pattern": "[domain-name:value = 'help.ubxpi0s.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc652-4498-4298-aab7-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:38.000Z",
"modified": "2015-05-21T11:49:38.000Z",
"pattern": "[domain-name:value = 'forever.cowforhelp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc652-c2b0-4fec-877b-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:38.000Z",
"modified": "2015-05-21T11:49:38.000Z",
"pattern": "[domain-name:value = 'question.shiesiido.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc652-bb88-41f9-a014-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:38.000Z",
"modified": "2015-05-21T11:49:38.000Z",
"pattern": "[domain-name:value = 'endline.biortherm.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc652-c760-4328-9c5e-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:38.000Z",
"modified": "2015-05-21T11:49:38.000Z",
"pattern": "[domain-name:value = 'right.marubir.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-7694-4757-a90c-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'baby.brabbq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-8450-43e4-ba34-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'lind.kruptcy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-0c34-410e-8b3e-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'under.suttgte.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-d348-49e7-bb7a-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'finally.basiccompare.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-f220-4ab8-9440-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'crystal.diskfunc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-41bc-4974-9741-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'queenfansclub.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-69ec-4e80-a444-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'novnitie.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc653-04e4-4d97-91a1-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:39.000Z",
"modified": "2015-05-21T11:49:39.000Z",
"pattern": "[domain-name:value = 'flash-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc654-e080-43c9-be8c-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:40.000Z",
"modified": "2015-05-21T11:49:40.000Z",
"pattern": "[domain-name:value = 'replyfunt.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc654-0834-4af6-bd30-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:40.000Z",
"modified": "2015-05-21T11:49:40.000Z",
"pattern": "[domain-name:value = 'natcongress.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc654-8b9c-48cd-996b-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:40.000Z",
"modified": "2015-05-21T11:49:40.000Z",
"pattern": "[domain-name:value = 'keep.regebky.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc654-0c10-4370-8cc8-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:49:40.000Z",
"modified": "2015-05-21T11:49:40.000Z",
"pattern": "[domain-name:value = 'love.regebky.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:49:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6b9-3be8-4503-b4bb-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:51:21.000Z",
"modified": "2015-05-21T11:51:21.000Z",
"pattern": "[domain-name:value = 'happy.launchtrue.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:51:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6b9-bed0-4a52-9c11-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:51:21.000Z",
"modified": "2015-05-21T11:51:21.000Z",
"pattern": "[domain-name:value = 'turber.xoxcobbs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:51:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6cc-a63c-45f0-9d2f-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:51:40.000Z",
"modified": "2015-05-21T11:51:40.000Z",
"pattern": "[file:name = 'coyote_load.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:51:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6cc-6c04-4024-a65e-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:51:40.000Z",
"modified": "2015-05-21T11:51:40.000Z",
"pattern": "[file:name = 'xpsfiltsvcs.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:51:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6cc-5090-437a-8943-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:51:40.000Z",
"modified": "2015-05-21T11:51:40.000Z",
"pattern": "[file:name = 'xpsfiltsvcs.tmp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:51:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6cc-c53c-4bbd-bab4-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:51:40.000Z",
"modified": "2015-05-21T11:51:40.000Z",
"pattern": "[file:name = 'xpsfiltsvcs.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:51:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ec-43c0-4539-9bb4-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:12.000Z",
"modified": "2015-05-21T11:52:12.000Z",
"pattern": "[file:hashes.SHA256 = '239a25ac2b38f0be9392ceeaeab0d64cb239f033af07ed56565ba9d6a7ddcf1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ec-43f4-4114-9dfd-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:12.000Z",
"modified": "2015-05-21T11:52:12.000Z",
"pattern": "[file:hashes.SHA256 = '2e00a98212c5a2015d12612f0d26039a0c2dfee3e1b384675f613e683f276e02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ec-328c-4439-b8e4-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:12.000Z",
"modified": "2015-05-21T11:52:12.000Z",
"pattern": "[file:hashes.SHA256 = '42ed2edc37b957266ff7b02955a007dd82d955c09ef7be23e685d938e40ad61d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ec-ef98-47f8-bd36-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:12.000Z",
"modified": "2015-05-21T11:52:12.000Z",
"pattern": "[file:hashes.SHA256 = '6b557c22ab12e8ea43d29e4f9f8a9483e3e75cd41338a674c9069b6dacdf7ba7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ec-85c4-4feb-abf3-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:12.000Z",
"modified": "2015-05-21T11:52:12.000Z",
"pattern": "[file:hashes.SHA256 = '7ade616a8f1750cecba944a02e2bce1340b18a55697b29f721ccc4701aadba6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ec-9e14-44d8-93ea-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:12.000Z",
"modified": "2015-05-21T11:52:12.000Z",
"pattern": "[file:hashes.SHA256 = '88184983733f4d4fa767ad4e7993b01c5754f868470dd78ac1bad2b02c9e5001']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-9f30-487b-b87c-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = '9b9cc7e2a2481b0472721e6b87f1eba4faf2d419d1e2c115a91ab7e7e6fc7f7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-9514-4db1-9903-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = 'a330c52b7643de9d8be51a4ae0150b7b8390dbabaea9704069694835fbd3298e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-a56c-4afb-8fc1-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = 'a8fa487d9f2152738bf49c8c69e8a147aae55c06f37c7e25026a28f21601ad7f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-6438-4289-8043-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = 'adb05c1eecd789582886b3354b53831df9c9a06e891bb687633ee7ce21417edc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-f584-414b-b98a-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = 'b9d597aea53023727d8564e47e903b652f5e98a2c32bdc23bc4936448fb2d593']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-e5f4-4fe8-b413-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = 'c99c0b37f2fd64fa523d39c35ead6416a684ae203ae728feb5feff8490eb902c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-e504-47aa-bcb1-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = 'd541280b37dd5e2101cc5cd47b0991b8320714f5627b37646330136cddef0c23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ed-4c58-4108-a113-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:13.000Z",
"modified": "2015-05-21T11:52:13.000Z",
"pattern": "[file:hashes.SHA256 = 'e0b3cc07d3a9b509480b240368dee2a29713ea1e240674c0ccf610c84810a7c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc6ee-06cc-4338-8501-1754950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:52:14.000Z",
"modified": "2015-05-21T11:52:14.000Z",
"pattern": "[file:hashes.SHA256 = 'f4b8f71c0e10a345a855763e01033e2144e949c8f98c271755cc025e3f55b7da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:52:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-bf20-4425-8ae6-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '3d41e3c902502c8b0ea30f5947307d56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-4ac8-4991-bc59-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '46bf922d9ae07a9bc3667a374605bdbb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-2e48-4923-8027-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '510b3272342765743a202373261c08da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-25ac-4916-a97f-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '5aeb8a5aa8f6e2408016cbd13b3dfaf0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-3c2c-47d6-bdcf-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '6fdeadacfe1dafd2293ce5c4e178b668']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-0d50-4d3f-bd14-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '76ffb9c2d8d0ae46e8ea792ffacc8018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-48e0-43a2-998d-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '783a423f5e285269126d0d98f53c795b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc752-8194-48eb-898e-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:54.000Z",
"modified": "2015-05-21T11:53:54.000Z",
"pattern": "[file:hashes.MD5 = '94499ff857451ab7ef8823bf067189e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc753-f3d0-48d7-af3d-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:55.000Z",
"modified": "2015-05-21T11:53:55.000Z",
"pattern": "[file:hashes.MD5 = '9da10a36daf845367e0fc2f3e7e54336']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc753-e044-4ddd-ac35-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:55.000Z",
"modified": "2015-05-21T11:53:55.000Z",
"pattern": "[file:hashes.MD5 = 'c5ae7bd6aec1e01aa53edcf41962ac04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc753-3f50-45d9-ab55-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:53:55.000Z",
"modified": "2015-05-21T11:53:55.000Z",
"pattern": "[file:hashes.MD5 = 'f7d47e1de4f5f4ad530bca0fc080ea53']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:53:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-6e10-48ea-b776-4b5c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = '0a10d7bb317dceccd05d18408fd6b8b12c784910e5f7e035ee22c2c5d7e4cbf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-94a8-4af4-a78b-4093950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = '45027d11ab783993c413f97e8e29759d04b04564f8916f005f5c632f291697bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-25d0-461a-9102-4c1c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = '4883286b8229a2c43db17eb1e1c5bd79d1933e840cdfedff80d5b99a84c9e39f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-f414-4d85-b127-46d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = '5b338decffe665a2141d1079c32b2d612057d1fdbfddf198cc28003dae7f0516']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-cd40-47bd-a0e4-4cb6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = '671dfc4d47a43cf0bd9205a0f654dcd5050175aef54b69388b0c5f4610896c6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-73b0-4a45-bb17-4fd0950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = '7dc78caf515d1d3d2b84be7c023ccbd0b4fd670a42babcbcbd5a5ba65bbdd166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-25a8-4580-8157-4997950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = '87bcc6d18c6a81d92d826b232703dee84b522bd1d0cae56f74bcf58fdca0930e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc760-98a0-43f2-a20b-44ee950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:08.000Z",
"modified": "2015-05-21T11:54:08.000Z",
"pattern": "[file:hashes.SHA256 = 'a0aeb172a72442d2c2c02e1d32b48accb9975c4da7742df24d9350a8ccd401f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc761-8aa0-4eec-baf7-4406950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:09.000Z",
"modified": "2015-05-21T11:54:09.000Z",
"pattern": "[file:hashes.SHA256 = 'b65dd4da9f83c11fcb5beaec43fabd0df0f7cb61de94d874f969ca926e085515']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc761-bed0-4697-866f-42d3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:09.000Z",
"modified": "2015-05-21T11:54:09.000Z",
"pattern": "[file:hashes.SHA256 = 'c26c67eac20614038aaadfda19b604862926433333893d65332928b5e36796aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc761-64e8-49c8-b2a6-47c6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:09.000Z",
"modified": "2015-05-21T11:54:09.000Z",
"pattern": "[file:hashes.SHA256 = 'df34aa9c8021f1f0bdf33249908efc4a9628941453ad79b281b3a46bf9a7f37f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc761-6da0-4a83-b09a-4e75950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:09.000Z",
"modified": "2015-05-21T11:54:09.000Z",
"pattern": "[file:hashes.SHA256 = 'e39b0e777ef0135c1f737b67988df70c2e6303c3d2b01d3cdea3efc1d03d9ad9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:54:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--555dc77a-a7cc-474b-878b-4453950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:54:34.000Z",
"modified": "2015-05-21T11:54:34.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_comment": "Registrant",
"x_misp_type": "text",
"x_misp_value": "WANGMINGHUA6@GMAIL.COM"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7c9-7054-4521-a4ca-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:55:53.000Z",
"modified": "2015-05-21T11:55:53.000Z",
"pattern": "[domain-name:value = 'dns.thinkttun.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7c9-0b4c-4ca3-aab0-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:55:53.000Z",
"modified": "2015-05-21T11:55:53.000Z",
"pattern": "[domain-name:value = 'error.yandex-pro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7c9-3494-4f92-b2ed-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:55:53.000Z",
"modified": "2015-05-21T11:55:53.000Z",
"pattern": "[domain-name:value = 'help.redhag.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7c9-6a14-46f2-94e6-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:55:53.000Z",
"modified": "2015-05-21T11:55:53.000Z",
"pattern": "[domain-name:value = 'mssage.hotoicq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7c9-2fcc-4d08-81e8-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:55:53.000Z",
"modified": "2015-05-21T11:55:53.000Z",
"pattern": "[domain-name:value = 'new.hoticq.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7c9-97c4-48bf-b5ae-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:55:53.000Z",
"modified": "2015-05-21T11:55:53.000Z",
"pattern": "[domain-name:value = 'stone.timmf.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7c9-c020-477b-901a-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:55:53.000Z",
"modified": "2015-05-21T11:55:53.000Z",
"pattern": "[domain-name:value = 'xphome.mailru-vip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7dc-4fd8-400c-a514-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:12.000Z",
"modified": "2015-05-21T11:56:12.000Z",
"pattern": "[file:hashes.MD5 = '30a6c3c7723fe14c4b6960fa3e4e57ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7dc-ee50-4360-8e92-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:12.000Z",
"modified": "2015-05-21T11:56:12.000Z",
"pattern": "[file:hashes.MD5 = '3fff0bf6847d0d056636caef9c3056c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7dc-ccc8-4d1c-b3ce-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:12.000Z",
"modified": "2015-05-21T11:56:12.000Z",
"pattern": "[file:hashes.MD5 = 'd05f012c9c1a7fb669a07070be821072']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7dc-4c8c-4cbb-9a28-175b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:12.000Z",
"modified": "2015-05-21T11:56:12.000Z",
"pattern": "[file:hashes.MD5 = 'e0417547ba54b58bb2c8f795bca0345c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7e9-9160-4fe2-827f-42dd950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:25.000Z",
"modified": "2015-05-21T11:56:25.000Z",
"pattern": "[file:hashes.SHA256 = '13c1d7eb2fd64591e224dec9534d8252f4b91e425e8f047b36605138d15cbf2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7e9-9c20-429f-9339-464e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:25.000Z",
"modified": "2015-05-21T11:56:25.000Z",
"pattern": "[file:hashes.SHA256 = '1cf44815f9eb735e095f68c929d5549e0ebc44af9988cccaf1852baeb96bb386']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7e9-0710-42ed-8cb9-4b45950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:25.000Z",
"modified": "2015-05-21T11:56:25.000Z",
"pattern": "[file:hashes.SHA256 = 'a37f337d0bc3cebede2039b0a3bd5afd0624e181d2dcc9614d2f7d816b5a7a6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc7e9-9c7c-400f-91cb-4b23950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:25.000Z",
"modified": "2015-05-21T11:56:25.000Z",
"pattern": "[file:hashes.SHA256 = 'ab934c6177be0fdc3b6dfbf21f60ce7837a30e6599dcfb111b43008c75ceb91f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-05-21T11:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--555dc809-2c04-442c-a28c-177c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:56:57.000Z",
"modified": "2015-05-21T11:56:57.000Z",
"pattern": "[rule ce_enfal_cmstar_debug_msg\r\n \r\n{\r\n \r\nmeta:\r\n \r\nauthor = \"rfalcone\"\r\n \r\ndescription = \"Detects the static debug strings within CMSTAR\"\r\n \r\nreference = \"9b9cc7e2a2481b0472721e6b87f1eba4faf2d419d1e2c115a91ab7e7e6fc7f7c\"\r\n \r\ndate = \"5/10/2015\"\r\n \r\nstrings:\r\n \r\n$d1 = \"EEE\\x0d\\x0a\" fullword\r\n \r\n$d2 = \"TKE\\x0d\\x0a\" fullword\r\n \r\n$d3 = \"VPE\\x0d\\x0a\" fullword\r\n \r\n$d4 = \"VPS\\x0d\\x0a\" fullword\r\n \r\n$d5 = \"WFSE\\x0d\\x0a\" fullword\r\n \r\n$d6 = \"WFSS\\x0d\\x0a\" fullword\r\n \r\n$d7 = \"CM**\\x0d\\x0a\" fullword\r\n \r\ncondition:\r\n \r\nuint16(0) == 0x5a4d and all of ($d*)\r\n \r\n}]",
"pattern_type": "yara",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2015-05-21T11:56:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555dc874-6224-441d-8c57-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:58:44.000Z",
"modified": "2015-05-21T11:58:44.000Z",
"first_observed": "2015-05-21T11:58:44Z",
"last_observed": "2015-05-21T11:58:44Z",
"number_observed": 1,
"object_refs": [
"url--555dc874-6224-441d-8c57-175d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555dc874-6224-441d-8c57-175d950d210b",
"value": "http://la.trendmicro.com/media/misc/lurid-downloader-enfal-report-en.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555dc875-5c98-497e-85e7-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:58:45.000Z",
"modified": "2015-05-21T11:58:45.000Z",
"first_observed": "2015-05-21T11:58:45Z",
"last_observed": "2015-05-21T11:58:45Z",
"number_observed": 1,
"object_refs": [
"url--555dc875-5c98-497e-85e7-175d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555dc875-5c98-497e-85e7-175d950d210b",
"value": "http://researchcenter.paloaltonetworks.com/2014/08/attacks-east-asia-using-google-code-command-control/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--555dc875-d69c-4ba3-9689-175d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-05-21T11:58:45.000Z",
"modified": "2015-05-21T11:58:45.000Z",
"first_observed": "2015-05-21T11:58:45Z",
"last_observed": "2015-05-21T11:58:45Z",
"number_observed": 1,
"object_refs": [
"url--555dc875-d69c-4ba3-9689-175d950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--555dc875-d69c-4ba3-9689-175d950d210b",
"value": "https://www.bluecoat.com/security-blog/2014-10-08/linking-apts-2011-and-2014-active-scam-network"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c46-8458-40ca-896a-40ef950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:26.000Z",
"modified": "2016-02-19T00:05:26.000Z",
"description": "Automatically added (via 239a25ac2b38f0be9392ceeaeab0d64cb239f033af07ed56565ba9d6a7ddcf1f)",
"pattern": "[file:hashes.MD5 = 'fa101bee034e93a1fa8e8f08d1bf76e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c48-6024-414a-a083-41eb950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:28.000Z",
"modified": "2016-02-19T00:05:28.000Z",
"description": "Automatically added (via 2e00a98212c5a2015d12612f0d26039a0c2dfee3e1b384675f613e683f276e02)",
"pattern": "[file:hashes.MD5 = '26adc7c88e36a5d5a4ed25044a28133d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4a-8858-42df-9b42-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:30.000Z",
"modified": "2016-02-19T00:05:30.000Z",
"description": "Automatically added (via 42ed2edc37b957266ff7b02955a007dd82d955c09ef7be23e685d938e40ad61d)",
"pattern": "[file:hashes.MD5 = '233dc425e5fd546113754b0a21a81bcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4b-c0f0-41eb-8546-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:31.000Z",
"modified": "2016-02-19T00:05:31.000Z",
"description": "Automatically added (via 6b557c22ab12e8ea43d29e4f9f8a9483e3e75cd41338a674c9069b6dacdf7ba7)",
"pattern": "[file:hashes.MD5 = 'f1b341d3383b808ecfacfa22dcbe9196']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4d-3ed8-4edd-98e7-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:33.000Z",
"modified": "2016-02-19T00:05:33.000Z",
"description": "Automatically added (via 7ade616a8f1750cecba944a02e2bce1340b18a55697b29f721ccc4701aadba6e)",
"pattern": "[file:hashes.MD5 = 'bec23274b5f687076d201cd48b7e2e17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4f-1408-4cca-a419-4889950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:35.000Z",
"modified": "2016-02-19T00:05:35.000Z",
"description": "Automatically added (via 88184983733f4d4fa767ad4e7993b01c5754f868470dd78ac1bad2b02c9e5001)",
"pattern": "[file:hashes.MD5 = '16f75d28634a7d098400648dabc4d013']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c51-3c40-4830-8daa-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:37.000Z",
"modified": "2016-02-19T00:05:37.000Z",
"description": "Automatically added (via a330c52b7643de9d8be51a4ae0150b7b8390dbabaea9704069694835fbd3298e)",
"pattern": "[file:hashes.MD5 = '1f53a261d499dfedeb692017f9ca8dc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c52-84d8-465a-bb6b-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:38.000Z",
"modified": "2016-02-19T00:05:38.000Z",
"description": "Automatically added (via a8fa487d9f2152738bf49c8c69e8a147aae55c06f37c7e25026a28f21601ad7f)",
"pattern": "[file:hashes.MD5 = '7e9989ba7e3d242d53ad3e2d9f034f93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c54-f3a8-4b60-a7db-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:40.000Z",
"modified": "2016-02-19T00:05:40.000Z",
"description": "Automatically added (via adb05c1eecd789582886b3354b53831df9c9a06e891bb687633ee7ce21417edc)",
"pattern": "[file:hashes.MD5 = '9fe76b7d67afdc8c1746e5b412edb4dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c56-f490-49b5-9555-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:42.000Z",
"modified": "2016-02-19T00:05:42.000Z",
"description": "Automatically added (via b9d597aea53023727d8564e47e903b652f5e98a2c32bdc23bc4936448fb2d593)",
"pattern": "[file:hashes.MD5 = '37ec95e655c6035b09dffb363f03449a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c58-9680-4018-a0a9-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:43.000Z",
"modified": "2016-02-19T00:05:43.000Z",
"description": "Automatically added (via c99c0b37f2fd64fa523d39c35ead6416a684ae203ae728feb5feff8490eb902c)",
"pattern": "[file:hashes.MD5 = 'e13912b7e353013dfcbfba2233f7188d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c59-5164-4826-b929-42f6950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:45.000Z",
"modified": "2016-02-19T00:05:45.000Z",
"description": "Automatically added (via d541280b37dd5e2101cc5cd47b0991b8320714f5627b37646330136cddef0c23)",
"pattern": "[file:hashes.MD5 = '989abcb07abf8fe504e5f0909bb34913']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c5c-d68c-4042-b4b4-59a1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:48.000Z",
"modified": "2016-02-19T00:05:48.000Z",
"description": "Automatically added (via e0b3cc07d3a9b509480b240368dee2a29713ea1e240674c0ccf610c84810a7c5)",
"pattern": "[file:hashes.MD5 = '38d421ae46061a3f311f12be51bc2101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c5d-1a64-4ffa-9460-c650950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:49.000Z",
"modified": "2016-02-19T00:05:49.000Z",
"description": "Automatically added (via f4b8f71c0e10a345a855763e01033e2144e949c8f98c271755cc025e3f55b7da)",
"pattern": "[file:hashes.MD5 = 'a122f65e0c2253de83ad914d176a5664']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c43-7c2c-42e7-a79c-59a3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:23.000Z",
"modified": "2016-02-19T00:05:23.000Z",
"description": "Automatically added (via 30a6c3c7723fe14c4b6960fa3e4e57ba)",
"pattern": "[file:hashes.SHA1 = '48d034f6a7a615adcba22c1a1a6db7f1a6d575e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c44-e774-4a38-bd44-5ca1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:24.000Z",
"modified": "2016-02-19T00:05:24.000Z",
"description": "Automatically added (via d05f012c9c1a7fb669a07070be821072)",
"pattern": "[file:hashes.SHA1 = '999a181f598442c25a36edc952f6606c080671b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c45-e174-4cf7-8f6f-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:25.000Z",
"modified": "2016-02-19T00:05:25.000Z",
"description": "Automatically added (via e0417547ba54b58bb2c8f795bca0345c)",
"pattern": "[file:hashes.SHA1 = '6697eba412b8eaf7c88e1fd0f3aff04fdeaa4d64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c47-b4bc-41ae-ad18-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:27.000Z",
"modified": "2016-02-19T00:05:27.000Z",
"description": "Automatically added (via 239a25ac2b38f0be9392ceeaeab0d64cb239f033af07ed56565ba9d6a7ddcf1f)",
"pattern": "[file:hashes.SHA1 = '6d484daba3927fc0744b1bbd7981a56ebef95790']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c49-debc-4a80-952d-5ca1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:29.000Z",
"modified": "2016-02-19T00:05:29.000Z",
"description": "Automatically added (via 2e00a98212c5a2015d12612f0d26039a0c2dfee3e1b384675f613e683f276e02)",
"pattern": "[file:hashes.SHA1 = '44f835f3b32a4bd55a17e02d0be254817b8615c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4a-3740-4a85-b31d-c652950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:30.000Z",
"modified": "2016-02-19T00:05:30.000Z",
"description": "Automatically added (via 42ed2edc37b957266ff7b02955a007dd82d955c09ef7be23e685d938e40ad61d)",
"pattern": "[file:hashes.SHA1 = '513c6d99a225b47c67ae1304f225ad317a7e5d5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4c-0564-4276-84ed-c654950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:32.000Z",
"modified": "2016-02-19T00:05:32.000Z",
"description": "Automatically added (via 6b557c22ab12e8ea43d29e4f9f8a9483e3e75cd41338a674c9069b6dacdf7ba7)",
"pattern": "[file:hashes.SHA1 = '695f73cf0f85ebaca280e265b9acefc8967ce1cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4e-3f90-4e21-acd0-59a3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:34.000Z",
"modified": "2016-02-19T00:05:34.000Z",
"description": "Automatically added (via 7ade616a8f1750cecba944a02e2bce1340b18a55697b29f721ccc4701aadba6e)",
"pattern": "[file:hashes.SHA1 = '8e032507f987251fa2b8e70501dc3b8d6efcd0a4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c4f-ad98-4e1b-a1b7-599c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:35.000Z",
"modified": "2016-02-19T00:05:35.000Z",
"description": "Automatically added (via 88184983733f4d4fa767ad4e7993b01c5754f868470dd78ac1bad2b02c9e5001)",
"pattern": "[file:hashes.SHA1 = '6c7c8b804cc76e2c208c6e3b6453cb134d01fa41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c51-9788-4de7-9d0c-59a2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:37.000Z",
"modified": "2016-02-19T00:05:37.000Z",
"description": "Automatically added (via a330c52b7643de9d8be51a4ae0150b7b8390dbabaea9704069694835fbd3298e)",
"pattern": "[file:hashes.SHA1 = 'c6ad47c7a6741d928dee5530c7652e432eada0b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c53-8798-4ef0-b2e3-4be2950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:39.000Z",
"modified": "2016-02-19T00:05:39.000Z",
"description": "Automatically added (via a8fa487d9f2152738bf49c8c69e8a147aae55c06f37c7e25026a28f21601ad7f)",
"pattern": "[file:hashes.SHA1 = 'ab0e193091ee11b2ccda3bb069c72de91c75fe73']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c55-9908-4fbf-a6e8-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:41.000Z",
"modified": "2016-02-19T00:05:41.000Z",
"description": "Automatically added (via adb05c1eecd789582886b3354b53831df9c9a06e891bb687633ee7ce21417edc)",
"pattern": "[file:hashes.SHA1 = '1b31166a38b76ec4c7b509d176bf680e462b5404']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c56-97d8-467b-9e0d-423a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:42.000Z",
"modified": "2016-02-19T00:05:42.000Z",
"description": "Automatically added (via b9d597aea53023727d8564e47e903b652f5e98a2c32bdc23bc4936448fb2d593)",
"pattern": "[file:hashes.SHA1 = 'abbab91a36d18d2deb72c5b429d5d0b1233ac6f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c58-55c4-47e5-9b27-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:44.000Z",
"modified": "2016-02-19T00:05:44.000Z",
"description": "Automatically added (via c99c0b37f2fd64fa523d39c35ead6416a684ae203ae728feb5feff8490eb902c)",
"pattern": "[file:hashes.SHA1 = 'dace298f72328a5c8d8d1b0f444569d1e66edcc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c5a-4b70-4275-a51a-c651950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:46.000Z",
"modified": "2016-02-19T00:05:46.000Z",
"description": "Automatically added (via d541280b37dd5e2101cc5cd47b0991b8320714f5627b37646330136cddef0c23)",
"pattern": "[file:hashes.SHA1 = 'a3b29f51c47cfe5a92384b1eecc3b278d2903ad6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c5c-7608-4141-b377-59a0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:48.000Z",
"modified": "2016-02-19T00:05:48.000Z",
"description": "Automatically added (via e0b3cc07d3a9b509480b240368dee2a29713ea1e240674c0ccf610c84810a7c5)",
"pattern": "[file:hashes.SHA1 = 'b19735b68ee06d1422ff11b4142ec9637a38b970']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56c65c5f-7ac0-4eb7-97d4-5f51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-02-19T00:05:51.000Z",
"modified": "2016-02-19T00:05:51.000Z",
"description": "Automatically added (via f4b8f71c0e10a345a855763e01033e2144e949c8f98c271755cc025e3f55b7da)",
"pattern": "[file:hashes.SHA1 = '511040e5128908b3d8ebb96e6dad0635307912ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-02-19T00:05:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink