adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/56e95df6-ed08-469a-9a5d-4fc6950d210f.json

29283 lines
8 MiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--56e95df6-ed08-469a-9a5d-4fc6950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:27.000Z",
"modified": "2016-03-16T14:00:27.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e95df6-ed08-469a-9a5d-4fc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:27.000Z",
"modified": "2016-03-16T14:00:27.000Z",
"name": "OSINT - Operation Transparent Tribe",
"published": "2016-03-16T14:14:01Z",
"object_refs": [
"observed-data--56e95e1d-a4fc-47b4-9b6d-4432950d210f",
"file--56e95e1d-a4fc-47b4-9b6d-4432950d210f",
"artifact--56e95e1d-a4fc-47b4-9b6d-4432950d210f",
"observed-data--56e95e2c-f6c4-4a34-9449-4587950d210f",
"url--56e95e2c-f6c4-4a34-9449-4587950d210f",
"x-misp-attribute--56e95e40-27f0-4a96-a25a-4d7c950d210f",
"indicator--56e95e72-445c-4731-b5b4-4bb0950d210f",
"indicator--56e95e72-f468-4967-bdfe-418e950d210f",
"indicator--56e95e73-cb80-4191-8001-43e3950d210f",
"indicator--56e95e73-c1d0-43c8-9732-43e5950d210f",
"indicator--56e95e73-58ac-4a6d-a40b-4797950d210f",
"indicator--56e95e74-f588-4340-8bdd-4e9c950d210f",
"indicator--56e95e74-93f4-45c3-9061-4098950d210f",
"indicator--56e95e75-d288-4756-8750-4e60950d210f",
"indicator--56e95e75-8070-41c2-9bdf-4c91950d210f",
"indicator--56e95e75-f268-4ff8-ae53-472c950d210f",
"indicator--56e95e76-5448-4339-a2ff-4366950d210f",
"indicator--56e95e76-c968-49fa-9d65-4f98950d210f",
"indicator--56e95e76-0cac-4e06-869f-4420950d210f",
"indicator--56e95e77-5554-42ba-b0f2-491b950d210f",
"indicator--56e95e77-6ff8-4bd0-9a66-4270950d210f",
"indicator--56e95e77-63bc-4722-b021-4cea950d210f",
"indicator--56e95e78-0b08-46bb-874b-466e950d210f",
"indicator--56e95e78-2a5c-4dbc-bb2c-478b950d210f",
"indicator--56e95e78-8e0c-4b6f-aab9-4641950d210f",
"indicator--56e95e79-0d94-4b4f-a883-40cd950d210f",
"indicator--56e95e79-ecb4-4d60-837a-4ab0950d210f",
"indicator--56e95e79-2e04-4ac3-a807-4ac8950d210f",
"indicator--56e95e7a-90ac-41e6-ab04-4907950d210f",
"indicator--56e95e7a-1a40-456b-b8ee-4dc6950d210f",
"indicator--56e95e7a-4808-440d-b782-4506950d210f",
"indicator--56e95e7b-af3c-42a1-91a1-4119950d210f",
"indicator--56e95e7b-16d4-47e1-8929-47bd950d210f",
"indicator--56e95e7c-37dc-4700-99cc-40b8950d210f",
"indicator--56e95e7c-eb3c-4e8a-acb4-404a950d210f",
"indicator--56e95e7c-cc14-47d0-86ee-44a2950d210f",
"indicator--56e95e7d-3100-48c3-9494-4ded950d210f",
"indicator--56e95e7d-7ee4-49df-89ef-4bc6950d210f",
"indicator--56e95e7d-3b64-4db5-a734-4915950d210f",
"indicator--56e95e7e-0edc-4cc3-b1e0-4ac9950d210f",
"indicator--56e95e7e-1908-4c90-878e-4cf5950d210f",
"indicator--56e95e7e-4454-4cc6-8a95-458a950d210f",
"indicator--56e95e7f-e79c-439b-b314-4fa0950d210f",
"indicator--56e95e7f-9ba0-4bad-9374-4c2e950d210f",
"indicator--56e95e7f-373c-418e-9605-40d1950d210f",
"indicator--56e95e80-ca4c-4f85-9ddb-4bb5950d210f",
"indicator--56e95e80-0414-42de-8d60-4513950d210f",
"indicator--56e95e80-2e7c-4984-930e-4244950d210f",
"indicator--56e95e81-1f94-4c81-a56a-4941950d210f",
"indicator--56e95e81-3a00-4349-8b6f-4e62950d210f",
"indicator--56e95e81-68f4-4cb9-91ff-447f950d210f",
"indicator--56e95e82-682c-47df-a7a7-4aa2950d210f",
"indicator--56e95e82-134c-49fd-8962-41d2950d210f",
"indicator--56e95e82-6680-4d8e-8860-4623950d210f",
"indicator--56e95e96-ba40-40cc-8c27-430b950d210f",
"indicator--56e95e96-072c-424a-8c86-4485950d210f",
"indicator--56e95eaf-c168-4907-9c35-4cd0950d210f",
"indicator--56e95eaf-23a8-463d-ab54-4c50950d210f",
"indicator--56e95eaf-b24c-4449-b2f7-414a950d210f",
"indicator--56e95eb0-f794-4b7a-ac1e-46f4950d210f",
"indicator--56e95eb0-e648-4690-867c-4b48950d210f",
"indicator--56e95eb0-8c9c-482d-b7cb-484b950d210f",
"indicator--56e95eb1-b2dc-4f18-b0c2-4dad950d210f",
"indicator--56e95eb1-b670-48c8-b4da-4d3b950d210f",
"indicator--56e95eb1-ca7c-47cb-aede-41df950d210f",
"indicator--56e95eb2-4fd4-40ff-aa3d-4f06950d210f",
"indicator--56e95eb2-2db8-4d09-95e6-49a1950d210f",
"indicator--56e95eb2-5220-4bbe-b569-4fa7950d210f",
"indicator--56e95eb2-6c94-4964-9590-4665950d210f",
"indicator--56e95ed3-dfb8-4fef-8617-4746950d210f",
"indicator--56e95ed4-b6f4-4ab7-9d2e-4bcd950d210f",
"indicator--56e95ed4-3c60-419a-a26f-44ec950d210f",
"indicator--56e95ed4-d294-4c54-9bd0-4b22950d210f",
"indicator--56e95ed5-46e4-4ffc-beda-4d2f950d210f",
"indicator--56e95ed5-e790-4702-9ead-4994950d210f",
"indicator--56e95ed5-35d0-4e22-890e-4936950d210f",
"indicator--56e95ed5-03e8-4c6c-8635-45c2950d210f",
"indicator--56e95ed6-4ec8-42f0-861e-4266950d210f",
"indicator--56e95ed6-2204-4b73-9c27-4d86950d210f",
"indicator--56e95ed6-9130-4bcf-a34b-4628950d210f",
"indicator--56e95ed6-678c-45e2-80ef-43fb950d210f",
"indicator--56e95ed7-a674-4d12-b8d9-48f1950d210f",
"indicator--56e95ed7-c288-4ee9-80dc-4047950d210f",
"indicator--56e95ed7-c800-4f64-a510-4b26950d210f",
"indicator--56e95ed8-a78c-4891-9f22-406f950d210f",
"indicator--56e95ed8-9d70-4fbf-b25d-4e03950d210f",
"indicator--56e95ed8-4190-4864-af42-4f20950d210f",
"indicator--56e95ed8-3bc8-4538-a8f8-472e950d210f",
"indicator--56e95ed9-45cc-44e6-b675-4e68950d210f",
"indicator--56e95ed9-9764-453f-9c44-42fa950d210f",
"indicator--56e95ed9-8790-4c2f-b235-4ff3950d210f",
"indicator--56e95eda-daf0-4d59-b130-47f9950d210f",
"indicator--56e95eda-5000-41e3-960c-427e950d210f",
"indicator--56e95eda-5620-4a9b-ab17-46d3950d210f",
"indicator--56e95eda-3910-41eb-86de-4317950d210f",
"indicator--56e95edb-f5a0-44b9-b24c-46b9950d210f",
"indicator--56e95edb-593c-46a1-88b8-481f950d210f",
"indicator--56e95edb-2b78-4858-ada9-44e6950d210f",
"indicator--56e95edc-3cec-4fc8-bbf0-4a25950d210f",
"indicator--56e95edc-e8a4-410a-8a87-4648950d210f",
"indicator--56e95edc-5708-40ba-bb13-49c6950d210f",
"indicator--56e95edc-784c-4325-aa7a-4464950d210f",
"indicator--56e95fac-8380-4a33-8817-46e8950d210f",
"indicator--56e95fac-89e4-473b-96d4-4fa5950d210f",
"indicator--56e95fad-ae98-4cd2-b1e2-4ea0950d210f",
"indicator--56e95fad-1308-46ec-9130-4dbe950d210f",
"indicator--56e95fad-73b4-499e-9e50-4ebf950d210f",
"indicator--56e95fae-aff4-46ee-99d8-4d89950d210f",
"indicator--56e95fc8-f4ec-4b0b-82f5-484e950d210f",
"indicator--56e95fc8-0690-445d-bb64-4597950d210f",
"indicator--56e95fc9-c8b8-45b4-a776-4c8d950d210f",
"indicator--56e95fc9-9a14-44cf-abfe-49c8950d210f",
"indicator--56e95fc9-acbc-4bb4-9111-4130950d210f",
"indicator--56e95fca-337c-4550-b272-4088950d210f",
"indicator--56e95fca-313c-4288-ad91-4f21950d210f",
"indicator--56e95fca-61d0-4d60-bd74-4e50950d210f",
"indicator--56e95fcb-c79c-4e1a-9e95-40a0950d210f",
"indicator--56e95fcb-9e20-404c-a261-47fb950d210f",
"indicator--56e95fcb-b4ec-408a-8a2c-4351950d210f",
"indicator--56e95fcc-a0ac-48e8-9e2e-482b950d210f",
"indicator--56e95fcc-9a0c-44a4-a895-4d1b950d210f",
"indicator--56e95fcc-5088-4c4e-a52f-422d950d210f",
"indicator--56e95fcd-f928-44c5-949f-498c950d210f",
"indicator--56e95fcd-cc38-41a9-8f78-4b1b950d210f",
"indicator--56e95fcd-29bc-4686-8d83-4bce950d210f",
"indicator--56e95fce-59cc-4984-97ed-4711950d210f",
"indicator--56e95fce-a76c-423e-8d64-4da5950d210f",
"indicator--56e95fce-5980-46d4-91a7-478c950d210f",
"indicator--56e95fcf-ff64-4e3f-bf8e-41f4950d210f",
"indicator--56e95fcf-9348-4ffd-a7b5-4f9c950d210f",
"indicator--56e95fcf-bd50-4a80-975f-4615950d210f",
"indicator--56e95fd0-f840-491c-bbb3-4ee0950d210f",
"indicator--56e95fd0-c214-430c-9ac9-4d5e950d210f",
"indicator--56e95fd0-2c8c-4b09-ae1a-4bd2950d210f",
"indicator--56e95fd1-dbb8-4f3d-a554-47a9950d210f",
"indicator--56e95fd1-4120-419c-807e-44bf950d210f",
"indicator--56e95fd1-99c4-470f-b79b-4b71950d210f",
"indicator--56e95fd1-1474-474c-8987-4453950d210f",
"indicator--56e9603d-cac0-43ff-8b16-4a1b950d210f",
"indicator--56e9603e-df68-4f0c-b197-4c29950d210f",
"indicator--56e9603e-e3ec-4ccf-b501-4d17950d210f",
"indicator--56e9603e-f024-46c1-8894-494a950d210f",
"indicator--56e9603f-a21c-4351-947f-45bb950d210f",
"indicator--56e9603f-eeac-4d78-874b-41e0950d210f",
"indicator--56e9603f-1afc-400d-ac1c-4220950d210f",
"indicator--56e96040-0ee0-4354-a91d-4d3e950d210f",
"indicator--56e96040-6e70-462e-9e06-49ec950d210f",
"indicator--56e96040-de8c-4364-b7c4-469b950d210f",
"indicator--56e96041-1abc-4e00-b0a2-4644950d210f",
"indicator--56e96041-c788-4a96-ae5c-498a950d210f",
"indicator--56e96041-dfc0-40cf-8984-4e98950d210f",
"indicator--56e96042-7894-4d60-96fa-4419950d210f",
"indicator--56e96060-42f0-4f55-8c79-468e950d210f",
"indicator--56e96061-1e88-4e23-9d04-45e9950d210f",
"indicator--56e9607b-3ad8-423d-be10-45e5950d210f",
"indicator--56e9607b-0300-42f2-bc52-4910950d210f",
"indicator--56e9607b-ae50-4ace-8acc-4ca5950d210f",
"indicator--56e9607b-3ccc-460f-b9fe-4085950d210f",
"indicator--56e9607c-7f38-4f60-a5ad-45dd950d210f",
"indicator--56e9607c-91b4-4847-8412-4d8b950d210f",
"indicator--56e9607c-d448-497c-a5cc-4127950d210f",
"indicator--56e9607d-1374-4ed2-b48e-4849950d210f",
"indicator--56e9607d-7404-4415-910d-4f92950d210f",
"indicator--56e9607d-4c60-4be1-81c9-4a22950d210f",
"indicator--56e9607e-f7d4-4941-8039-46f4950d210f",
"indicator--56e9607e-b21c-4d17-ac94-4e5d950d210f",
"indicator--56e9607e-4708-4682-bdfa-4740950d210f",
"indicator--56e9607e-9cfc-4452-a353-4615950d210f",
"indicator--56e9607f-e420-4e78-a847-4689950d210f",
"indicator--56e9607f-fb38-4112-8487-48b3950d210f",
"indicator--56e9607f-5608-4fcf-bb7c-4058950d210f",
"indicator--56e9608e-ded4-45df-824b-4995950d210f",
"indicator--56e9608e-fca0-4e53-9e4a-4158950d210f",
"indicator--56e9608f-1c1c-47c5-a252-4bf7950d210f",
"indicator--56e96090-cb54-490d-8f32-4245950d210f",
"indicator--56e96090-45c4-4fc8-9b81-4eae950d210f",
"indicator--56e96091-caa0-46a5-a5f7-4094950d210f",
"indicator--56e96091-337c-42ad-986b-402d950d210f",
"indicator--56e96091-e46c-40ce-aba3-4b41950d210f",
"indicator--56e960b3-f588-49e0-ac97-491d950d210f",
"indicator--56e960b3-3228-4d44-9d9f-4c00950d210f",
"indicator--56e960b4-5b7c-4b2c-94f5-4653950d210f",
"indicator--56e960b4-fda0-4eff-9483-4f6c950d210f",
"indicator--56e960b4-125c-4d79-9145-4559950d210f",
"indicator--56e960b5-c1bc-4bed-94f3-4593950d210f",
"indicator--56e960b5-33b8-4388-927d-4973950d210f",
"indicator--56e960b5-98bc-44a1-b850-4a87950d210f",
"indicator--56e960b6-a788-41c0-8cb7-4451950d210f",
"indicator--56e960b6-7bf4-4d4c-93d8-47da950d210f",
"indicator--56e960b6-7db0-4056-b3ff-407a950d210f",
"indicator--56e960b7-5e90-4000-afac-4d5c950d210f",
"indicator--56e960da-b2e0-4276-b54e-4e95950d210f",
"indicator--56e960f5-ff6c-4a99-bf39-4c8e950d210f",
"indicator--56e960f6-b430-4cec-a4a7-4845950d210f",
"indicator--56e960f6-9458-4f83-9de5-4336950d210f",
"indicator--56e9610f-f838-4a4f-ba6b-4217950d210f",
"indicator--56e96120-6e3c-4e74-9ed7-4147950d210f",
"indicator--56e96130-41cc-41aa-a259-5390950d210f",
"indicator--56e96147-837c-4cb6-a847-4247950d210f",
"indicator--56e96147-db2c-49e8-a559-4515950d210f",
"indicator--56e96147-0d40-419a-9bda-4beb950d210f",
"indicator--56e96147-a954-49a0-a0f6-450d950d210f",
"indicator--56e96148-d9e4-4340-8346-46b6950d210f",
"indicator--56e96148-29ac-4275-ae21-49de950d210f",
"indicator--56e96148-f2e4-4614-85dd-46bf950d210f",
"indicator--56e96149-bfa4-4c5c-b899-48cd950d210f",
"indicator--56e96149-bbb4-42fe-927b-4b37950d210f",
"indicator--56e9615d-02fc-40b4-880e-41b7950d210f",
"indicator--56e9615e-6688-47bf-adc4-486c950d210f",
"indicator--56e96172-4dcc-4545-b8d8-4319950d210f",
"indicator--56e961c5-41a4-4c9a-b51f-4e62950d210f",
"indicator--56e9621e-65a8-4fc4-acf5-45cc950d210f",
"indicator--56e9621e-7bd0-4d9e-8128-4c9c950d210f",
"indicator--56e9621f-1a94-49cc-803e-40b5950d210f",
"indicator--56e9621f-f49c-4c8d-bda1-4b06950d210f",
"indicator--56e9621f-2470-47be-8d6c-4314950d210f",
"indicator--56e9625c-c090-4d6f-abd8-44f1950d210f",
"indicator--56e9625c-27b8-4320-8f1d-434c950d210f",
"indicator--56e96272-1798-4a12-94a5-40ab950d210f",
"indicator--56e96272-a6cc-45c9-8da7-4079950d210f",
"indicator--56e962c0-da04-466b-aa61-5f29950d210f",
"indicator--56e962c0-14d0-40a7-a7b4-5f29950d210f",
"indicator--56e962c0-44c0-4293-a39d-5f29950d210f",
"indicator--56e962f7-fcf8-4f1a-b77b-4e16950d210f",
"indicator--56e962f7-0884-4ca4-8a4a-4160950d210f",
"indicator--56e962f7-3320-46a9-a6c8-47b6950d210f",
"indicator--56e962f8-9c94-4be7-9fda-449e950d210f",
"indicator--56e962f8-fce8-40d6-99e8-4e60950d210f",
"indicator--56e962f8-a580-49c5-8790-4974950d210f",
"indicator--56e962f8-47a8-4e78-baae-41c6950d210f",
"indicator--56e962f9-0ac0-4bb8-b7c2-403f950d210f",
"indicator--56e962f9-83e0-4785-ada1-4f01950d210f",
"indicator--56e962f9-74ac-4d33-bea5-45dd950d210f",
"indicator--56e962f9-4478-4111-9c0c-4c1c950d210f",
"indicator--56e962fa-3a18-4ab7-9cee-47eb950d210f",
"indicator--56e96311-8db0-47ed-9b9a-4c82950d210f",
"indicator--56e96312-6798-4b91-921d-42e9950d210f",
"indicator--56e96312-8a78-4dce-b0b0-4d8a950d210f",
"indicator--56e96312-e31c-44ab-af95-4ab7950d210f",
"indicator--56e96313-6f08-4980-96df-41ab950d210f",
"indicator--56e96313-2628-49df-a12f-4119950d210f",
"indicator--56e96313-1d64-4d66-b9cb-4f41950d210f",
"indicator--56e96314-a55c-49d8-be67-4188950d210f",
"indicator--56e96314-bf64-4000-a5a3-40cf950d210f",
"indicator--56e96314-9844-430e-a30e-45cd950d210f",
"indicator--56e96315-a19c-4348-959e-448b950d210f",
"indicator--56e96315-f584-4183-927d-418a950d210f",
"indicator--56e96315-ea8c-46c8-add3-4cc2950d210f",
"indicator--56e96316-24f8-4317-b8b8-4b82950d210f",
"indicator--56e96331-af64-47db-a1cd-4163950d210f",
"indicator--56e96331-3058-4028-8aed-434a950d210f",
"indicator--56e96332-42ec-4745-a21d-4555950d210f",
"indicator--56e96332-c72c-4050-98be-44a4950d210f",
"indicator--56e96353-01c0-4207-9829-45bb950d210f",
"indicator--56e9636f-765c-44c4-bec1-5391950d210f",
"indicator--56e96382-8c50-4d92-a24d-45e1950d210f",
"indicator--56e96395-00ec-41ad-b9eb-4b44950d210f",
"indicator--56e963aa-ef14-4fd8-9b9c-44e1950d210f",
"indicator--56e963aa-9a90-4f9c-badb-4e33950d210f",
"indicator--56e963ab-69e0-4a7c-91d3-4fc1950d210f",
"indicator--56e963ab-8590-41ac-8f90-44d7950d210f",
"indicator--56e963ab-b6a8-402e-91eb-43f8950d210f",
"indicator--56e963ac-5bb4-466c-9e01-4e71950d210f",
"indicator--56e963ac-6488-4f4e-a311-487d950d210f",
"indicator--56e963ac-67dc-4f9e-9d22-4b33950d210f",
"indicator--56e963ad-c778-4b0f-bf7f-426b950d210f",
"indicator--56e963bf-88a0-469d-95a2-5390950d210f",
"indicator--56e963de-ded0-4a14-a250-61d8950d210f",
"indicator--56e963ee-72a8-40a1-8cc2-5390950d210f",
"indicator--56e963ee-0e98-432d-853a-5390950d210f",
"indicator--56e963ee-5c44-41df-8c9a-5390950d210f",
"indicator--56e963ef-8564-4252-b62c-5390950d210f",
"indicator--56e963ef-743c-4de5-8ad6-5390950d210f",
"indicator--56e963ef-7800-48d3-8690-5390950d210f",
"indicator--56e9640d-5dc8-483e-8c66-409c950d210f",
"indicator--56e9640d-934c-4350-8e58-4c95950d210f",
"indicator--56e9640d-9eb0-48f5-b19e-4d3a950d210f",
"indicator--56e9640e-60bc-4fe8-b0cc-4d2a950d210f",
"indicator--56e9640e-88bc-4986-9346-4ac6950d210f",
"indicator--56e9640e-37b8-4159-a379-4e09950d210f",
"indicator--56e9640f-db70-44e0-b6cd-4bbc950d210f",
"indicator--56e9640f-0ebc-43ba-ba90-433c950d210f",
"indicator--56e9640f-d6c0-454c-914a-46c5950d210f",
"indicator--56e96431-49c0-4d7b-8850-61d8950d210f",
"indicator--56e96432-16e8-438c-8d9e-61d8950d210f",
"indicator--56e96432-bc30-4c37-b683-61d8950d210f",
"indicator--56e96432-f290-470f-966f-61d8950d210f",
"indicator--56e96433-7368-478d-a6eb-61d8950d210f",
"indicator--56e96433-a9d0-4644-b8e0-61d8950d210f",
"indicator--56e96433-d0d4-4fa1-9744-61d8950d210f",
"indicator--56e96434-3fe4-4129-a67a-61d8950d210f",
"indicator--56e96434-4a8c-4ddd-8bfd-61d8950d210f",
"indicator--56e96435-fbb0-4548-9c65-61d8950d210f",
"indicator--56e96435-3818-4dd4-ace1-61d8950d210f",
"indicator--56e96435-5e2c-495b-94dc-61d8950d210f",
"indicator--56e96436-5908-49a5-8825-61d8950d210f",
"indicator--56e96436-07f8-4459-a13a-61d8950d210f",
"indicator--56e96436-34d4-41a0-a7cb-61d8950d210f",
"indicator--56e96437-9af8-4343-ba56-61d8950d210f",
"indicator--56e96437-bcac-4c1c-9bb8-61d8950d210f",
"indicator--56e96437-5a64-4f7e-a264-61d8950d210f",
"indicator--56e96438-d390-4707-8221-61d8950d210f",
"indicator--56e96458-5ab8-468b-b959-449c950d210f",
"indicator--56e96458-43a4-4c8a-90b1-4b10950d210f",
"indicator--56e96459-0ad0-4289-81b8-44cc950d210f",
"indicator--56e96459-1b48-44b8-9768-4e49950d210f",
"indicator--56e96459-b860-4221-8d2b-42fb950d210f",
"indicator--56e9645a-c7f4-4b5c-b8c8-4529950d210f",
"indicator--56e9645a-be40-45da-b97f-41bd950d210f",
"indicator--56e9645a-ec30-4c76-b394-47fe950d210f",
"indicator--56e9645b-3ed0-4155-a3ec-4758950d210f",
"indicator--56e9645b-e8c4-4dd7-a12c-4cbd950d210f",
"indicator--56e9645b-21b8-41ab-9f4b-4f13950d210f",
"indicator--56e9645c-f638-40ac-b238-4adf950d210f",
"indicator--56e9645c-62b4-45c7-925d-47de950d210f",
"indicator--56e9645c-09b4-46ea-8357-4900950d210f",
"indicator--56e9645d-f660-4402-9fa2-45be950d210f",
"indicator--56e9645d-73b8-47bb-8b54-4799950d210f",
"indicator--56e9645d-5ba8-4930-a8a7-4551950d210f",
"indicator--56e96472-8dcc-401b-a71a-4152950d210f",
"indicator--56e96473-20b8-4efe-9033-4d38950d210f",
"indicator--56e96473-cb5c-402c-9ada-4330950d210f",
"indicator--56e96473-76ec-47d4-9c59-4f03950d210f",
"indicator--56e96474-4118-40ce-9ef3-43c6950d210f",
"indicator--56e96474-4da0-47a6-83e7-4ef6950d210f",
"indicator--56e96474-f300-426f-a008-4736950d210f",
"indicator--56e96475-dd3c-447a-b103-4ba7950d210f",
"indicator--56e96475-61a8-4548-b71d-4813950d210f",
"indicator--56e96475-1bd0-4f20-aba2-47bb950d210f",
"indicator--56e96476-12a8-4401-8cc6-418a950d210f",
"indicator--56e96476-fd38-49ec-b17d-495e950d210f",
"indicator--56e96476-fe9c-40e3-9cd2-4294950d210f",
"indicator--56e96477-1b58-498d-8280-4771950d210f",
"indicator--56e96477-5990-420c-bc75-47e6950d210f",
"indicator--56e96478-3f14-4abc-9793-4690950d210f",
"indicator--56e96478-0e44-46ed-8cf8-48c9950d210f",
"indicator--56e96478-b548-4294-b2b4-4369950d210f",
"indicator--56e96479-2898-45e2-aa88-45bd950d210f",
"indicator--56e96479-dc38-43d8-a5d9-4b8a950d210f",
"indicator--56e96479-2144-4569-bd06-4921950d210f",
"indicator--56e9647a-c0d4-4930-bc7c-4191950d210f",
"indicator--56e96495-f208-45e7-96dc-498d950d210f",
"indicator--56e96495-3d98-400f-810f-4e5b950d210f",
"indicator--56e96496-d270-4029-a739-4fd9950d210f",
"indicator--56e96496-e814-4923-93f4-48e4950d210f",
"indicator--56e96496-f89c-4ef5-887c-4144950d210f",
"indicator--56e96497-697c-4781-818d-4cec950d210f",
"indicator--56e96497-ad9c-4a1b-9b1e-4794950d210f",
"indicator--56e96498-ab50-4c2f-967a-41a9950d210f",
"indicator--56e96498-545c-40a2-84d7-47fd950d210f",
"indicator--56e96498-1e8c-4752-9e76-483f950d210f",
"indicator--56e964a8-8760-40e7-b1f4-61d8950d210f",
"indicator--56e964a9-51c4-4400-b025-61d8950d210f",
"indicator--56e964a9-d67c-48e9-9eae-61d8950d210f",
"indicator--56e964a9-2664-495d-8a20-61d8950d210f",
"indicator--56e964aa-9670-4d8d-bd31-61d8950d210f",
"indicator--56e964aa-34a4-4bfd-9731-61d8950d210f",
"indicator--56e964aa-0da0-4323-bb8e-61d8950d210f",
"indicator--56e964ab-1614-4a80-9cf3-61d8950d210f",
"indicator--56e964ab-30d4-4a36-97ad-61d8950d210f",
"indicator--56e964ac-a400-4efe-a302-61d8950d210f",
"indicator--56e964ac-4700-42df-8e98-61d8950d210f",
"indicator--56e964bc-7540-41a1-aa86-45eb950d210f",
"indicator--56e964bc-5cf0-4463-9682-4b76950d210f",
"indicator--56e964bd-5d60-44bd-b008-4fe9950d210f",
"indicator--56e964bd-a3e0-4b7c-8ae0-4515950d210f",
"indicator--56e964d3-7d84-4058-92ee-4e01950d210f",
"indicator--56e964d3-56bc-4ea3-a03c-42d8950d210f",
"indicator--56e964d3-e79c-4f34-afe0-4a9b950d210f",
"indicator--56e964d4-d054-4842-9032-4a7e950d210f",
"indicator--56e964d4-09b4-42b2-9352-4503950d210f",
"indicator--56e964d4-a280-4245-93d0-414f950d210f",
"indicator--56e964d5-b60c-4a9d-ad75-4cae950d210f",
"indicator--56e964d5-df84-414b-94c6-4c91950d210f",
"indicator--56e964d6-b42c-44ef-899c-47e3950d210f",
"indicator--56e965f0-c6c0-46c4-ab2d-4121950d210f",
"indicator--56e966fc-f118-4f80-a07e-473d02de0b81",
"indicator--56e966fc-461c-4800-8898-409802de0b81",
"observed-data--56e966fc-59b0-46ba-9f9c-473302de0b81",
"url--56e966fc-59b0-46ba-9f9c-473302de0b81",
"indicator--56e966fd-b360-4fa7-ac3f-479b02de0b81",
"indicator--56e966fd-fd50-43c9-a82c-425002de0b81",
"observed-data--56e966fd-5964-4bbb-95e3-471702de0b81",
"url--56e966fd-5964-4bbb-95e3-471702de0b81",
"indicator--56e966fe-d8c4-4b59-bd78-482702de0b81",
"indicator--56e966fe-5de4-47f6-81e5-42a802de0b81",
"observed-data--56e966fe-3b38-4322-a522-453402de0b81",
"url--56e966fe-3b38-4322-a522-453402de0b81",
"indicator--56e966ff-99e8-4a8f-8e4a-45af02de0b81",
"indicator--56e966ff-0130-4fdc-86dc-421a02de0b81",
"observed-data--56e966ff-5f38-4180-a99f-4dfb02de0b81",
"url--56e966ff-5f38-4180-a99f-4dfb02de0b81",
"indicator--56e96700-a420-4212-8b42-46d802de0b81",
"indicator--56e96700-eecc-4786-b421-426102de0b81",
"observed-data--56e96700-0554-43ab-97cc-406002de0b81",
"url--56e96700-0554-43ab-97cc-406002de0b81",
"indicator--56e96701-10f4-4cef-b3e0-4d3a02de0b81",
"indicator--56e96701-bd28-48f0-9bc3-4f1102de0b81",
"observed-data--56e96701-20c0-4a47-b193-417802de0b81",
"url--56e96701-20c0-4a47-b193-417802de0b81",
"indicator--56e96701-d9d4-4981-bf21-418e02de0b81",
"indicator--56e96702-9264-47a9-8351-4a7302de0b81",
"observed-data--56e96702-b748-418d-a331-4bfc02de0b81",
"url--56e96702-b748-418d-a331-4bfc02de0b81",
"indicator--56e96702-b1c0-44ac-b8fb-409c02de0b81",
"indicator--56e96703-e884-4e03-baa3-4e5c02de0b81",
"observed-data--56e96703-2414-4930-990f-488902de0b81",
"url--56e96703-2414-4930-990f-488902de0b81",
"indicator--56e96703-40c8-4484-bc3d-4f4002de0b81",
"indicator--56e96703-9964-47e4-ad19-4dca02de0b81",
"observed-data--56e96704-9ce4-4132-8f62-4eaa02de0b81",
"url--56e96704-9ce4-4132-8f62-4eaa02de0b81",
"indicator--56e96704-b194-4299-9f22-4c8502de0b81",
"indicator--56e96704-64e0-4978-92ae-4fa602de0b81",
"observed-data--56e96705-7a98-4f21-a1c4-4eee02de0b81",
"url--56e96705-7a98-4f21-a1c4-4eee02de0b81",
"indicator--56e96705-3578-4064-8049-439602de0b81",
"indicator--56e96705-2d38-44f3-98fc-4d7202de0b81",
"observed-data--56e96706-97d8-4be8-9c63-4df102de0b81",
"url--56e96706-97d8-4be8-9c63-4df102de0b81",
"indicator--56e96706-0390-45a3-a1d1-40e702de0b81",
"indicator--56e96706-5b14-4a7f-8f30-40a502de0b81",
"observed-data--56e96706-35d8-48b2-80d1-433802de0b81",
"url--56e96706-35d8-48b2-80d1-433802de0b81",
"indicator--56e96707-a6a0-4685-aa02-491f02de0b81",
"indicator--56e96707-47d4-4254-acbc-482402de0b81",
"observed-data--56e96707-73d8-464c-94a5-4d3e02de0b81",
"url--56e96707-73d8-464c-94a5-4d3e02de0b81",
"indicator--56e96707-4858-4170-a33f-44d202de0b81",
"indicator--56e96708-73b8-4658-8a77-4bf502de0b81",
"observed-data--56e96708-df54-4fed-a71f-46dd02de0b81",
"url--56e96708-df54-4fed-a71f-46dd02de0b81",
"indicator--56e96708-ac70-4967-90e2-45b302de0b81",
"indicator--56e96709-d530-43a9-ae7c-4bca02de0b81",
"observed-data--56e96709-04a8-4650-a81e-4e6402de0b81",
"url--56e96709-04a8-4650-a81e-4e6402de0b81",
"indicator--56e96709-0b38-4951-9f87-449802de0b81",
"indicator--56e96709-6074-494f-b6cf-48cc02de0b81",
"observed-data--56e9670a-9bdc-435c-971b-45ba02de0b81",
"url--56e9670a-9bdc-435c-971b-45ba02de0b81",
"indicator--56e9670a-22ec-44c0-a92a-431702de0b81",
"indicator--56e9670a-fd88-40e3-a6a7-4f5602de0b81",
"observed-data--56e9670a-c078-4277-bd2d-482f02de0b81",
"url--56e9670a-c078-4277-bd2d-482f02de0b81",
"indicator--56e9670b-5834-41bb-81fb-4cf602de0b81",
"indicator--56e9670b-e0ac-47ce-926a-42f702de0b81",
"observed-data--56e9670b-6c04-4c1a-86a8-42d702de0b81",
"url--56e9670b-6c04-4c1a-86a8-42d702de0b81",
"indicator--56e9670c-69b8-42ce-80b3-475302de0b81",
"indicator--56e9670c-8a48-4fc9-b659-49a702de0b81",
"observed-data--56e9670c-f78c-42ae-9e14-43f602de0b81",
"url--56e9670c-f78c-42ae-9e14-43f602de0b81",
"indicator--56e9670c-4d44-40d6-be64-45ad02de0b81",
"indicator--56e9670d-a338-4fa7-9455-4d3602de0b81",
"observed-data--56e9670d-2930-4402-9995-4b4002de0b81",
"url--56e9670d-2930-4402-9995-4b4002de0b81",
"indicator--56e9670d-43ec-4eb3-bcda-4a2302de0b81",
"indicator--56e9670e-27ec-4ee9-b948-42c602de0b81",
"observed-data--56e9670e-aa68-428d-90c1-465102de0b81",
"url--56e9670e-aa68-428d-90c1-465102de0b81",
"indicator--56e9670e-6a10-4abf-b8a6-43b902de0b81",
"indicator--56e9670e-ca88-4837-93d8-4d4902de0b81",
"observed-data--56e9670f-d6e8-4b95-8564-4fd202de0b81",
"url--56e9670f-d6e8-4b95-8564-4fd202de0b81",
"indicator--56e9670f-d81c-4b6d-8486-452702de0b81",
"indicator--56e9670f-0c1c-40b3-8a97-411002de0b81",
"observed-data--56e9670f-a764-4a5a-bd5d-448002de0b81",
"url--56e9670f-a764-4a5a-bd5d-448002de0b81",
"indicator--56e96710-8688-4135-b776-463e02de0b81",
"indicator--56e96710-80a8-46bf-b101-4a1d02de0b81",
"observed-data--56e96710-e394-4d16-a0c4-48e302de0b81",
"url--56e96710-e394-4d16-a0c4-48e302de0b81",
"indicator--56e96711-8a3c-423e-925e-4f1402de0b81",
"indicator--56e96711-8090-4012-a505-461c02de0b81",
"observed-data--56e96711-5c80-4903-bead-408d02de0b81",
"url--56e96711-5c80-4903-bead-408d02de0b81",
"indicator--56e96711-b91c-4d91-8310-416602de0b81",
"indicator--56e96712-e778-4f59-bc0d-4bfb02de0b81",
"observed-data--56e96712-8b8c-4f26-ad24-4a1302de0b81",
"url--56e96712-8b8c-4f26-ad24-4a1302de0b81",
"indicator--56e96712-fb4c-4dec-a604-4a2a02de0b81",
"indicator--56e96712-b414-4c0c-a225-47e602de0b81",
"observed-data--56e96713-32c8-4620-a9a5-4bdf02de0b81",
"url--56e96713-32c8-4620-a9a5-4bdf02de0b81",
"indicator--56e96713-f320-4192-ae31-406c02de0b81",
"indicator--56e96713-ca20-472c-9eb0-4d2a02de0b81",
"observed-data--56e96714-c0a4-466b-975c-48db02de0b81",
"url--56e96714-c0a4-466b-975c-48db02de0b81",
"indicator--56e96714-15e0-44c4-b145-4cbb02de0b81",
"indicator--56e96714-f290-4d9d-bb4b-4ea302de0b81",
"observed-data--56e96714-63c8-48bd-8a1f-411c02de0b81",
"url--56e96714-63c8-48bd-8a1f-411c02de0b81",
"indicator--56e96715-53c8-4dd4-aa74-497902de0b81",
"indicator--56e96715-cd94-4b52-8b34-4ee602de0b81",
"observed-data--56e96715-0424-49f4-858b-44d502de0b81",
"url--56e96715-0424-49f4-858b-44d502de0b81",
"indicator--56e96716-5244-4102-a6af-47f102de0b81",
"indicator--56e96716-883c-475f-9100-42a702de0b81",
"observed-data--56e96716-3d48-4536-9f35-459c02de0b81",
"url--56e96716-3d48-4536-9f35-459c02de0b81",
"indicator--56e96716-59a0-44a1-8fbb-48a202de0b81",
"indicator--56e96717-97f0-4080-98ba-4eeb02de0b81",
"observed-data--56e96717-ed14-4df3-b073-44ad02de0b81",
"url--56e96717-ed14-4df3-b073-44ad02de0b81",
"indicator--56e96717-52bc-446d-b1c8-45e802de0b81",
"indicator--56e96717-04e8-41fd-815a-4ab902de0b81",
"observed-data--56e96718-9ba4-4847-9739-47b302de0b81",
"url--56e96718-9ba4-4847-9739-47b302de0b81",
"indicator--56e96718-607c-4739-97ed-4ed202de0b81",
"indicator--56e96718-fa3c-4eb7-9e7c-477402de0b81",
"observed-data--56e96719-789c-451f-94f0-471102de0b81",
"url--56e96719-789c-451f-94f0-471102de0b81",
"indicator--56e96719-3d34-4bf7-8d2a-491e02de0b81",
"indicator--56e96719-5054-49dd-a04e-440102de0b81",
"observed-data--56e96719-6130-4f89-a933-4f6a02de0b81",
"url--56e96719-6130-4f89-a933-4f6a02de0b81",
"indicator--56e9671a-db08-44d2-9766-498602de0b81",
"indicator--56e9671a-2c3c-498e-8be1-4f9102de0b81",
"observed-data--56e9671a-1328-4378-adea-452b02de0b81",
"url--56e9671a-1328-4378-adea-452b02de0b81",
"indicator--56e9671a-3a4c-46d8-8cfc-467b02de0b81",
"indicator--56e9671b-2f2c-4853-9af5-422902de0b81",
"observed-data--56e9671b-2198-4093-a6e4-4d0f02de0b81",
"url--56e9671b-2198-4093-a6e4-4d0f02de0b81",
"indicator--56e9671b-c668-4758-ba7c-417b02de0b81",
"indicator--56e9671c-ed48-40a0-bfa8-41bd02de0b81",
"observed-data--56e9671c-5674-4fac-9649-490e02de0b81",
"url--56e9671c-5674-4fac-9649-490e02de0b81",
"indicator--56e9671c-3ecc-4d62-8a7d-455802de0b81",
"indicator--56e9671c-eec8-4f79-9afc-41b402de0b81",
"observed-data--56e9671d-1b20-468d-b381-489302de0b81",
"url--56e9671d-1b20-468d-b381-489302de0b81",
"indicator--56e9671d-0ef8-47ba-98df-423102de0b81",
"indicator--56e9671d-5a6c-47e0-b2c8-465102de0b81",
"observed-data--56e9671d-9ebc-4dea-ba27-455b02de0b81",
"url--56e9671d-9ebc-4dea-ba27-455b02de0b81",
"indicator--56e9671e-7c1c-47b9-be92-419802de0b81",
"indicator--56e9671e-1570-44bf-962f-46f702de0b81",
"observed-data--56e9671e-9310-4468-b96c-4f9202de0b81",
"url--56e9671e-9310-4468-b96c-4f9202de0b81",
"indicator--56e9671f-6788-4df0-9c5c-49bb02de0b81",
"indicator--56e9671f-9a78-4170-813e-4a7402de0b81",
"observed-data--56e9671f-6b20-4ae1-a425-432d02de0b81",
"url--56e9671f-6b20-4ae1-a425-432d02de0b81",
"indicator--56e9671f-c724-4589-aa03-45bf02de0b81",
"indicator--56e96720-3930-47bc-9d2d-492502de0b81",
"observed-data--56e96720-da50-4b10-90ed-4e0f02de0b81",
"url--56e96720-da50-4b10-90ed-4e0f02de0b81",
"indicator--56e96720-6b7c-4612-96d5-497302de0b81",
"indicator--56e96721-b778-4542-8a4a-48f202de0b81",
"observed-data--56e96721-b83c-4e95-b91c-4e1402de0b81",
"url--56e96721-b83c-4e95-b91c-4e1402de0b81",
"indicator--56e96721-2040-45d3-8932-456d02de0b81",
"indicator--56e96721-30ac-4157-b5c7-464a02de0b81",
"observed-data--56e96722-258c-46bd-88aa-4a1c02de0b81",
"url--56e96722-258c-46bd-88aa-4a1c02de0b81",
"indicator--56e96722-39ec-4274-a4af-4ba802de0b81",
"indicator--56e96722-807c-450b-9198-4d4002de0b81",
"observed-data--56e96722-aa34-4a8b-9a6e-4ba602de0b81",
"url--56e96722-aa34-4a8b-9a6e-4ba602de0b81",
"indicator--56e96723-84ec-4e09-b881-4e2502de0b81",
"indicator--56e96723-1334-437c-a4f2-469e02de0b81",
"observed-data--56e96723-fda4-414e-ba86-4d4602de0b81",
"url--56e96723-fda4-414e-ba86-4d4602de0b81",
"indicator--56e96724-7cf4-4d48-be94-424202de0b81",
"indicator--56e96724-b0d0-427c-a60e-42ed02de0b81",
"observed-data--56e96724-302c-4eb9-8e32-412102de0b81",
"url--56e96724-302c-4eb9-8e32-412102de0b81",
"indicator--56e96724-af0c-44b4-b9f0-482002de0b81",
"indicator--56e96725-36c0-4884-9198-485702de0b81",
"observed-data--56e96725-22e4-4cc2-9cdb-4d8f02de0b81",
"url--56e96725-22e4-4cc2-9cdb-4d8f02de0b81",
"indicator--56e96725-7330-47b6-b068-4fa602de0b81",
"indicator--56e96725-f368-4cf6-a37a-40ea02de0b81",
"observed-data--56e96726-d4ec-4a5f-9bc9-439202de0b81",
"url--56e96726-d4ec-4a5f-9bc9-439202de0b81",
"indicator--56e96726-ef54-4ffb-8a86-432b02de0b81",
"indicator--56e96726-3d4c-4ff4-8364-47c402de0b81",
"observed-data--56e96727-4cf0-4067-8f2b-4b0f02de0b81",
"url--56e96727-4cf0-4067-8f2b-4b0f02de0b81",
"indicator--56e96727-2284-459e-bb99-4b2e02de0b81",
"indicator--56e96727-ef70-400c-9c4a-423702de0b81",
"observed-data--56e96727-53a4-43ca-a224-4f3102de0b81",
"url--56e96727-53a4-43ca-a224-4f3102de0b81",
"indicator--56e96728-6a84-4cf8-9c1d-459002de0b81",
"indicator--56e96728-28d0-4923-a546-4d6802de0b81",
"observed-data--56e96728-d0a0-4f23-8d2e-4a0f02de0b81",
"url--56e96728-d0a0-4f23-8d2e-4a0f02de0b81",
"indicator--56e96729-d820-44c8-8602-4e1102de0b81",
"indicator--56e96729-c2cc-45e7-a0a5-4e4902de0b81",
"observed-data--56e96729-3fdc-44c7-a058-4e1702de0b81",
"url--56e96729-3fdc-44c7-a058-4e1702de0b81",
"indicator--56e96729-6694-4dfa-a382-485002de0b81",
"indicator--56e9672a-fdc8-470f-9ff8-4ff202de0b81",
"observed-data--56e9672a-cd40-43f5-97a4-414c02de0b81",
"url--56e9672a-cd40-43f5-97a4-414c02de0b81",
"indicator--56e9672a-7a28-4eff-86d5-461302de0b81",
"indicator--56e9672a-bcc0-42bf-8307-405602de0b81",
"observed-data--56e9672b-30cc-48d3-bf39-465802de0b81",
"url--56e9672b-30cc-48d3-bf39-465802de0b81",
"indicator--56e9672b-f7c0-4fce-8b2a-493d02de0b81",
"indicator--56e9672b-73e8-4e1c-84da-418c02de0b81",
"observed-data--56e9672c-f2ec-4c7b-a5c2-4dab02de0b81",
"url--56e9672c-f2ec-4c7b-a5c2-4dab02de0b81",
"indicator--56e9672c-2410-4cac-8ce8-483102de0b81",
"indicator--56e9672c-3d00-42e8-bcb1-470102de0b81",
"observed-data--56e9672c-7da0-480b-88ee-4d3a02de0b81",
"url--56e9672c-7da0-480b-88ee-4d3a02de0b81",
"indicator--56e9672d-88c8-4ebf-be01-459f02de0b81",
"indicator--56e9672d-8bec-496d-b99e-493502de0b81",
"observed-data--56e9672d-bb78-4a05-8fc3-45f302de0b81",
"url--56e9672d-bb78-4a05-8fc3-45f302de0b81",
"indicator--56e9672e-9bd8-4692-9eb3-496702de0b81",
"indicator--56e9672e-5eac-4e9b-83b6-408602de0b81",
"observed-data--56e9672e-5148-4443-9e27-4e9d02de0b81",
"url--56e9672e-5148-4443-9e27-4e9d02de0b81",
"indicator--56e9672e-8e5c-4f9d-889e-4e3d02de0b81",
"indicator--56e9672f-7374-490f-916b-4e2e02de0b81",
"observed-data--56e9672f-c5e4-42b3-9ed1-4f2902de0b81",
"url--56e9672f-c5e4-42b3-9ed1-4f2902de0b81",
"indicator--56e9672f-c42c-45d1-b825-436e02de0b81",
"indicator--56e96730-2558-4cce-8ee7-4c6802de0b81",
"observed-data--56e96730-03c4-4b76-8d42-49b902de0b81",
"url--56e96730-03c4-4b76-8d42-49b902de0b81",
"indicator--56e96730-1c40-4a03-8596-424102de0b81",
"indicator--56e96730-e9cc-4b41-b803-4a0202de0b81",
"observed-data--56e96731-f214-4d06-8d23-417902de0b81",
"url--56e96731-f214-4d06-8d23-417902de0b81",
"indicator--56e96731-1d5c-47a7-b867-45d402de0b81",
"indicator--56e96731-11dc-4e22-a517-4e5202de0b81",
"observed-data--56e96732-92ec-42c9-9e42-467c02de0b81",
"url--56e96732-92ec-42c9-9e42-467c02de0b81",
"indicator--56e96732-bc9c-41fa-b367-4ade02de0b81",
"indicator--56e96732-a920-409c-b9ee-4ead02de0b81",
"observed-data--56e96732-1634-43d1-8739-4e4b02de0b81",
"url--56e96732-1634-43d1-8739-4e4b02de0b81",
"indicator--56e96733-9a2c-40da-8329-4fb002de0b81",
"indicator--56e96733-6af8-48c1-b212-4fd002de0b81",
"observed-data--56e96733-b954-448e-b477-40c502de0b81",
"url--56e96733-b954-448e-b477-40c502de0b81",
"indicator--56e96733-8334-4499-881f-4bee02de0b81",
"indicator--56e96734-ef80-4f63-9706-4e3f02de0b81",
"observed-data--56e96734-0f04-4a53-819f-44bf02de0b81",
"url--56e96734-0f04-4a53-819f-44bf02de0b81",
"indicator--56e96734-7ed8-41cb-83ef-449e02de0b81",
"indicator--56e96735-bad8-4011-839d-4b2202de0b81",
"observed-data--56e96735-2784-4f59-ad45-489502de0b81",
"url--56e96735-2784-4f59-ad45-489502de0b81",
"indicator--56e96735-d350-42c0-9531-474202de0b81",
"indicator--56e96735-8668-43cc-b2f6-499402de0b81",
"observed-data--56e96736-1db4-44d2-8937-4c3402de0b81",
"url--56e96736-1db4-44d2-8937-4c3402de0b81",
"indicator--56e96736-a8b0-4eb2-b336-4a5802de0b81",
"indicator--56e96736-3678-4275-8026-483302de0b81",
"observed-data--56e96737-3480-4ff5-9d8d-4b6302de0b81",
"url--56e96737-3480-4ff5-9d8d-4b6302de0b81",
"indicator--56e96737-c498-42c3-8795-4d6d02de0b81",
"indicator--56e96737-7120-4865-86d7-480302de0b81",
"observed-data--56e96737-23b4-4d1a-bfc6-476f02de0b81",
"url--56e96737-23b4-4d1a-bfc6-476f02de0b81",
"indicator--56e96738-8b5c-4358-869d-4ed502de0b81",
"indicator--56e96738-36b8-45db-9c66-4b2202de0b81",
"observed-data--56e96738-8c50-4002-beb3-426802de0b81",
"url--56e96738-8c50-4002-beb3-426802de0b81",
"indicator--56e96738-e800-4bcb-9dcb-475202de0b81",
"indicator--56e96739-6b04-455a-8c01-461402de0b81",
"observed-data--56e96739-f8e0-472b-9f67-4f1802de0b81",
"url--56e96739-f8e0-472b-9f67-4f1802de0b81",
"indicator--56e96739-0840-4bb6-ae56-4d2502de0b81",
"indicator--56e9673a-0134-4d46-8429-438402de0b81",
"observed-data--56e9673a-6150-4e84-8ff4-4de402de0b81",
"url--56e9673a-6150-4e84-8ff4-4de402de0b81",
"indicator--56e9673a-e2bc-4bec-a178-40d302de0b81",
"indicator--56e9673a-3b34-49e6-9016-45d902de0b81",
"observed-data--56e9673b-7870-425e-8755-4b1402de0b81",
"url--56e9673b-7870-425e-8755-4b1402de0b81",
"indicator--56e9673b-db64-4fb3-8271-491c02de0b81",
"indicator--56e9673b-ec90-43b6-ae5e-4e4b02de0b81",
"observed-data--56e9673b-aa48-4da9-923f-462602de0b81",
"url--56e9673b-aa48-4da9-923f-462602de0b81",
"indicator--56e9673c-63fc-4117-9dc3-470802de0b81",
"indicator--56e9673c-94c8-45c6-b7a5-425802de0b81",
"observed-data--56e9673c-0788-48ae-9760-41df02de0b81",
"url--56e9673c-0788-48ae-9760-41df02de0b81",
"indicator--56e9673d-f254-41f8-921a-494e02de0b81",
"indicator--56e9673d-2c84-4369-8dff-457702de0b81",
"observed-data--56e9673d-71d8-4e2b-9124-46f502de0b81",
"url--56e9673d-71d8-4e2b-9124-46f502de0b81",
"indicator--56e9673d-8490-4605-9c75-435f02de0b81",
"indicator--56e9673e-0308-4858-a617-4e5c02de0b81",
"observed-data--56e9673e-3730-4d64-81cf-484002de0b81",
"url--56e9673e-3730-4d64-81cf-484002de0b81",
"indicator--56e9673e-04b8-44ba-8abc-4a9502de0b81",
"indicator--56e9673e-3cfc-46f3-9cdf-4d8b02de0b81",
"observed-data--56e9673f-2368-4d93-b10a-4bcf02de0b81",
"url--56e9673f-2368-4d93-b10a-4bcf02de0b81",
"indicator--56e9673f-fdf4-4712-8b75-465202de0b81",
"indicator--56e9673f-de34-4e5e-92b4-426d02de0b81",
"observed-data--56e96740-534c-4484-8db2-475902de0b81",
"url--56e96740-534c-4484-8db2-475902de0b81",
"indicator--56e96740-7f64-4180-a2f5-4bc002de0b81",
"indicator--56e96740-65bc-48bc-b475-408c02de0b81",
"observed-data--56e96740-90a8-4c3d-ac72-4c2202de0b81",
"url--56e96740-90a8-4c3d-ac72-4c2202de0b81",
"indicator--56e96741-0518-4316-8bf1-4a0702de0b81",
"indicator--56e96741-8440-409f-abfb-423a02de0b81",
"observed-data--56e96741-cad0-4152-9799-42cf02de0b81",
"url--56e96741-cad0-4152-9799-42cf02de0b81",
"indicator--56e96741-3cc0-44b9-893a-441d02de0b81",
"indicator--56e96742-a9b0-43c6-b452-4d3302de0b81",
"observed-data--56e96742-b910-400d-8f27-40a602de0b81",
"url--56e96742-b910-400d-8f27-40a602de0b81",
"indicator--56e96742-a308-459a-9717-4bc102de0b81",
"indicator--56e96743-59d4-48d9-b4b0-4c8e02de0b81",
"observed-data--56e96743-d540-4a4e-9b71-41ae02de0b81",
"url--56e96743-d540-4a4e-9b71-41ae02de0b81",
"indicator--56e96743-ce10-42da-8f50-466502de0b81",
"indicator--56e96743-1c74-42f3-b8d0-4c7c02de0b81",
"observed-data--56e96744-53cc-4352-97b9-43b302de0b81",
"url--56e96744-53cc-4352-97b9-43b302de0b81",
"indicator--56e96744-87ec-41c1-b775-499302de0b81",
"indicator--56e96744-15e0-41f5-a557-4fe302de0b81",
"observed-data--56e96745-1904-4307-92cc-4bd902de0b81",
"url--56e96745-1904-4307-92cc-4bd902de0b81",
"indicator--56e96745-87d8-4aae-9ce8-46c002de0b81",
"indicator--56e96745-4448-4b22-a543-425502de0b81",
"observed-data--56e96745-2f88-4498-afdd-4b3602de0b81",
"url--56e96745-2f88-4498-afdd-4b3602de0b81",
"indicator--56e96746-cca8-4afa-8d2a-49d502de0b81",
"indicator--56e96746-bc84-40fc-8780-4f4002de0b81",
"observed-data--56e96746-25f0-47e2-a9df-4d9202de0b81",
"url--56e96746-25f0-47e2-a9df-4d9202de0b81",
"indicator--56e96746-c5ac-4a6c-83d6-4b5402de0b81",
"indicator--56e96747-afac-4d78-8b01-42c402de0b81",
"observed-data--56e96747-98b0-4a21-801d-4d0e02de0b81",
"url--56e96747-98b0-4a21-801d-4d0e02de0b81",
"indicator--56e96747-6edc-497a-ba40-402802de0b81",
"indicator--56e96748-febc-45fd-b019-490d02de0b81",
"observed-data--56e96748-9380-45a4-b915-4cef02de0b81",
"url--56e96748-9380-45a4-b915-4cef02de0b81",
"indicator--56e96748-9974-4f67-a963-416302de0b81",
"indicator--56e96748-7c2c-4938-804e-4bfa02de0b81",
"observed-data--56e96749-2b64-4bd9-a578-44f102de0b81",
"url--56e96749-2b64-4bd9-a578-44f102de0b81",
"indicator--56e96749-adf4-4193-9ed7-40a802de0b81",
"indicator--56e96749-9788-453d-b82a-4fa502de0b81",
"observed-data--56e96749-0f28-468c-bae9-44ad02de0b81",
"url--56e96749-0f28-468c-bae9-44ad02de0b81",
"indicator--56e9674a-ea70-479b-b490-42d202de0b81",
"indicator--56e9674a-1574-4664-9a8c-4acf02de0b81",
"observed-data--56e9674a-4a60-4bb1-aeb2-4cec02de0b81",
"url--56e9674a-4a60-4bb1-aeb2-4cec02de0b81",
"indicator--56e9674a-652c-4947-8d41-47af02de0b81",
"indicator--56e9674b-e5c4-4fb6-a317-496c02de0b81",
"observed-data--56e9674b-1794-489c-9298-47a202de0b81",
"url--56e9674b-1794-489c-9298-47a202de0b81",
"indicator--56e9674b-ca98-4296-9de0-468a02de0b81",
"indicator--56e9674c-5a68-4bf8-874f-412802de0b81",
"observed-data--56e9674c-1044-49b9-bc72-4a5802de0b81",
"url--56e9674c-1044-49b9-bc72-4a5802de0b81",
"indicator--56e9674c-8b74-443d-bf7b-475d02de0b81",
"indicator--56e9674c-f208-4ef9-a516-47f202de0b81",
"observed-data--56e9674d-b23c-4c40-8ea1-4f1f02de0b81",
"url--56e9674d-b23c-4c40-8ea1-4f1f02de0b81",
"indicator--56e9674d-2fbc-4335-83ec-4d5002de0b81",
"indicator--56e9674d-1800-479c-a01c-43df02de0b81",
"observed-data--56e9674e-3050-4cc3-b695-4d8402de0b81",
"url--56e9674e-3050-4cc3-b695-4d8402de0b81",
"indicator--56e9674e-d544-40d9-8cdd-4cbf02de0b81",
"indicator--56e9674e-845c-4177-b077-423302de0b81",
"observed-data--56e9674e-77c8-42a8-84d3-42d702de0b81",
"url--56e9674e-77c8-42a8-84d3-42d702de0b81",
"indicator--56e9674f-bdfc-40a6-861e-452302de0b81",
"indicator--56e9674f-10c0-4c91-bb80-4f3602de0b81",
"observed-data--56e9674f-1104-4e63-97fb-499902de0b81",
"url--56e9674f-1104-4e63-97fb-499902de0b81",
"indicator--56e9674f-d538-4c91-a6a1-409902de0b81",
"indicator--56e96750-82e4-4291-b399-4fde02de0b81",
"observed-data--56e96750-1e8c-40c9-aa62-45a102de0b81",
"url--56e96750-1e8c-40c9-aa62-45a102de0b81",
"indicator--56e96750-99ac-41e6-a7bc-48ef02de0b81",
"indicator--56e96751-ee7c-4d4e-8ad4-466002de0b81",
"observed-data--56e96751-6ca4-4d42-a1ef-499402de0b81",
"url--56e96751-6ca4-4d42-a1ef-499402de0b81",
"indicator--56e96751-2468-4be0-af6e-48c602de0b81",
"indicator--56e96751-5618-4478-a0fc-41d502de0b81",
"observed-data--56e96752-4844-4ebc-bfdc-449b02de0b81",
"url--56e96752-4844-4ebc-bfdc-449b02de0b81",
"indicator--56e96752-837c-4784-8cd5-405502de0b81",
"indicator--56e96752-ee24-45f3-85c6-44f502de0b81",
"observed-data--56e96752-721c-4f06-84bb-464902de0b81",
"url--56e96752-721c-4f06-84bb-464902de0b81",
"indicator--56e96753-7d10-4a1b-92e1-432202de0b81",
"indicator--56e96753-9288-4f46-8b0d-4a0c02de0b81",
"observed-data--56e96753-5204-48f9-8090-475b02de0b81",
"url--56e96753-5204-48f9-8090-475b02de0b81",
"indicator--56e96754-8774-4467-92ab-445902de0b81",
"indicator--56e96754-eca4-493b-ac57-431d02de0b81",
"observed-data--56e96754-fce4-4d0b-b310-47d302de0b81",
"url--56e96754-fce4-4d0b-b310-47d302de0b81",
"indicator--56e96754-8c2c-4600-a029-458f02de0b81",
"indicator--56e96755-1890-4120-8677-445202de0b81",
"observed-data--56e96755-7b4c-4bb0-acf9-41e402de0b81",
"url--56e96755-7b4c-4bb0-acf9-41e402de0b81",
"indicator--56e96755-8240-4a23-8509-4d8302de0b81",
"indicator--56e96755-18e4-48cb-b1c0-4f2402de0b81",
"observed-data--56e96756-e95c-4628-a35a-41fc02de0b81",
"url--56e96756-e95c-4628-a35a-41fc02de0b81",
"indicator--56e96756-7200-4b4c-85b5-41e102de0b81",
"indicator--56e96756-eeb0-4afb-9cea-487b02de0b81",
"observed-data--56e96756-ccd4-4da2-9320-49ad02de0b81",
"url--56e96756-ccd4-4da2-9320-49ad02de0b81",
"indicator--56e96757-d5e0-4a7d-93d0-485202de0b81",
"indicator--56e96757-e390-42f9-866c-4d2f02de0b81",
"observed-data--56e96757-a24c-4c2f-8229-43b002de0b81",
"url--56e96757-a24c-4c2f-8229-43b002de0b81",
"indicator--56e96758-2bd4-4758-9960-4da902de0b81",
"indicator--56e96758-d584-448c-bbe0-434702de0b81",
"observed-data--56e96758-76ec-4319-9f43-44c402de0b81",
"url--56e96758-76ec-4319-9f43-44c402de0b81",
"indicator--56e96758-1710-46be-bcb3-43cd02de0b81",
"indicator--56e96759-b9a8-4247-9a1e-486302de0b81",
"observed-data--56e96759-63d0-491f-bbb5-4b6202de0b81",
"url--56e96759-63d0-491f-bbb5-4b6202de0b81",
"indicator--56e96759-fc4c-4e00-9b18-4e9502de0b81",
"indicator--56e96759-bab0-4207-8c3e-480d02de0b81",
"observed-data--56e9675a-a1ac-4f42-bd24-415602de0b81",
"url--56e9675a-a1ac-4f42-bd24-415602de0b81",
"indicator--56e9675a-e8cc-4eac-acfc-422b02de0b81",
"indicator--56e9675a-7890-4706-9e54-4b7802de0b81",
"observed-data--56e9675b-c1fc-4542-a55e-469402de0b81",
"url--56e9675b-c1fc-4542-a55e-469402de0b81",
"indicator--56e9675b-5a84-4085-87b4-4fc102de0b81",
"indicator--56e9675b-fbb0-4cf9-82f0-4a3302de0b81",
"observed-data--56e9675b-a704-4b6b-91f2-4be002de0b81",
"url--56e9675b-a704-4b6b-91f2-4be002de0b81",
"indicator--56e9675c-1a2c-4661-851c-435f02de0b81",
"indicator--56e9675c-89d4-4db8-bccb-48e602de0b81",
"observed-data--56e9675c-3018-4461-ace6-445502de0b81",
"url--56e9675c-3018-4461-ace6-445502de0b81",
"indicator--56e9675d-d344-4853-8276-4e3a02de0b81",
"indicator--56e9675d-cfe8-4878-8efe-448002de0b81",
"observed-data--56e9675d-15f4-40db-8bb7-42c102de0b81",
"url--56e9675d-15f4-40db-8bb7-42c102de0b81",
"indicator--56e9675d-6f8c-466c-bbd1-4ada02de0b81",
"indicator--56e9675e-5adc-47bc-8d1f-4f3602de0b81",
"observed-data--56e9675e-4024-4890-9722-477d02de0b81",
"url--56e9675e-4024-4890-9722-477d02de0b81",
"indicator--56e9675e-aa48-4d30-a3f1-4bae02de0b81",
"indicator--56e9675e-de2c-4c06-a3b8-4dd302de0b81",
"observed-data--56e9675f-53f8-463c-9ec1-431c02de0b81",
"url--56e9675f-53f8-463c-9ec1-431c02de0b81",
"indicator--56e9675f-b5e8-47a8-838d-4ddc02de0b81",
"indicator--56e9675f-9380-4f1d-8093-4d6402de0b81",
"observed-data--56e9675f-8fa8-422a-b015-4b7902de0b81",
"url--56e9675f-8fa8-422a-b015-4b7902de0b81",
"indicator--56e96760-c530-4225-b938-40a202de0b81",
"indicator--56e96760-7d70-4f49-b42f-449202de0b81",
"observed-data--56e96760-8e04-4e8d-8839-4a8b02de0b81",
"url--56e96760-8e04-4e8d-8839-4a8b02de0b81",
"indicator--56e96761-8e44-47f3-ba7c-414e02de0b81",
"indicator--56e96761-3f7c-4468-b9dc-4b0802de0b81",
"observed-data--56e96761-d334-4224-b6a9-480b02de0b81",
"url--56e96761-d334-4224-b6a9-480b02de0b81",
"indicator--56e96761-6e2c-415a-a826-406402de0b81",
"indicator--56e96762-f330-4571-82b6-4bcd02de0b81",
"observed-data--56e96762-544c-41bf-ad72-465c02de0b81",
"url--56e96762-544c-41bf-ad72-465c02de0b81",
"indicator--56e96762-b300-4d7e-92df-470902de0b81",
"indicator--56e96763-81f0-4333-9075-485602de0b81",
"observed-data--56e96763-6504-44cb-8719-4b5e02de0b81",
"url--56e96763-6504-44cb-8719-4b5e02de0b81",
"indicator--56e96763-7d8c-437d-9545-42ea02de0b81",
"indicator--56e96763-b120-4716-8274-4bf402de0b81",
"observed-data--56e96764-7abc-4a14-ae0c-4b6502de0b81",
"url--56e96764-7abc-4a14-ae0c-4b6502de0b81",
"indicator--56e96764-6058-42a0-8283-42fa02de0b81",
"indicator--56e96764-8da4-458c-b8c3-452b02de0b81",
"observed-data--56e96764-de98-4744-9342-422702de0b81",
"url--56e96764-de98-4744-9342-422702de0b81",
"indicator--56e96765-c300-4ad0-a1b4-410202de0b81",
"indicator--56e96765-06f4-483a-b9f6-40b102de0b81",
"observed-data--56e96765-6c60-4b1c-9349-4b6102de0b81",
"url--56e96765-6c60-4b1c-9349-4b6102de0b81",
"indicator--56e96766-16bc-439b-a874-457202de0b81",
"indicator--56e96766-15f8-4890-b4b7-432102de0b81",
"observed-data--56e96766-6a50-41f0-844c-4a4102de0b81",
"url--56e96766-6a50-41f0-844c-4a4102de0b81",
"indicator--56e96766-c05c-42e8-a703-49fa02de0b81",
"indicator--56e96767-af8c-4a8f-a260-47c402de0b81",
"observed-data--56e96767-bfec-405c-9f4d-4e5a02de0b81",
"url--56e96767-bfec-405c-9f4d-4e5a02de0b81",
"indicator--56e96767-8c64-45c7-be42-401202de0b81",
"indicator--56e96768-99e4-4c79-98a0-4e6c02de0b81",
"observed-data--56e96768-b514-4dd9-b2a0-4b8802de0b81",
"url--56e96768-b514-4dd9-b2a0-4b8802de0b81",
"indicator--56e96768-d54c-4540-a212-418802de0b81",
"indicator--56e96769-60f0-4478-a824-49c602de0b81",
"observed-data--56e96769-dae8-41c8-a591-47c402de0b81",
"url--56e96769-dae8-41c8-a591-47c402de0b81",
"indicator--56e96769-60c8-4cd7-8676-4cc202de0b81",
"indicator--56e9676a-6e04-483d-b6af-404a02de0b81",
"observed-data--56e9676a-7788-4f5a-9cc8-487902de0b81",
"url--56e9676a-7788-4f5a-9cc8-487902de0b81",
"indicator--56e9676a-efd0-463d-82ce-475a02de0b81",
"indicator--56e9676b-0348-4baa-8e16-4b5e02de0b81",
"observed-data--56e9676b-551c-4932-b847-443802de0b81",
"url--56e9676b-551c-4932-b847-443802de0b81",
"indicator--56e9676b-8ef0-4820-acd8-4f6e02de0b81",
"indicator--56e9676c-da28-42c3-9adb-423e02de0b81",
"observed-data--56e9676c-b054-4b22-9c81-48a202de0b81",
"url--56e9676c-b054-4b22-9c81-48a202de0b81",
"indicator--56e9676c-4654-47c9-bb60-4efc02de0b81",
"indicator--56e9676d-c8d0-4c6b-a431-451602de0b81",
"observed-data--56e9676d-6498-49e0-9f80-474402de0b81",
"url--56e9676d-6498-49e0-9f80-474402de0b81",
"indicator--56e9676d-abf8-41d1-8a19-4f9302de0b81",
"indicator--56e9676e-ba40-4f15-8067-4e6f02de0b81",
"observed-data--56e9676e-9ebc-4511-88a1-4f3702de0b81",
"url--56e9676e-9ebc-4511-88a1-4f3702de0b81",
"indicator--56e9676e-6510-4912-b3b7-4b5902de0b81",
"indicator--56e9676f-f3e0-4432-b5d4-40bb02de0b81",
"observed-data--56e9676f-c2e4-4b2a-ac70-4ebd02de0b81",
"url--56e9676f-c2e4-4b2a-ac70-4ebd02de0b81",
"indicator--56e9676f-9f00-41fe-9c6c-40ad02de0b81",
"indicator--56e96770-7284-4813-b06f-479102de0b81",
"observed-data--56e96770-4f90-41c0-8cef-4a6902de0b81",
"url--56e96770-4f90-41c0-8cef-4a6902de0b81",
"indicator--56e96770-45f8-4973-b587-491102de0b81",
"indicator--56e96771-b400-420a-9c2f-46e202de0b81",
"observed-data--56e96771-96a4-45a0-b938-466202de0b81",
"url--56e96771-96a4-45a0-b938-466202de0b81",
"indicator--56e96771-ea04-45c0-9121-4d5a02de0b81",
"indicator--56e96771-c228-422d-8f4e-40ab02de0b81",
"observed-data--56e96772-34bc-459b-94fe-479602de0b81",
"url--56e96772-34bc-459b-94fe-479602de0b81",
"indicator--56e96772-a6b0-411d-aaaa-4b8402de0b81",
"indicator--56e96772-c55c-4d4f-a6a3-41c502de0b81",
"observed-data--56e96772-afdc-42b7-8adc-47b802de0b81",
"url--56e96772-afdc-42b7-8adc-47b802de0b81",
"indicator--56e96773-5eb4-42e4-8c00-4f4702de0b81",
"indicator--56e96773-b988-4fbf-8051-44b802de0b81",
"observed-data--56e96773-d5b4-42fa-a8d8-452602de0b81",
"url--56e96773-d5b4-42fa-a8d8-452602de0b81",
"indicator--56e96774-1130-4736-b777-4f8d02de0b81",
"indicator--56e96774-dff4-4bd2-ae58-46f102de0b81",
"observed-data--56e96774-99d8-4631-b7b4-499f02de0b81",
"url--56e96774-99d8-4631-b7b4-499f02de0b81",
"indicator--56e96774-f22c-4520-8db7-4ca502de0b81",
"indicator--56e96775-8cc4-44df-bed4-469402de0b81",
"observed-data--56e96775-33c4-48e8-8473-4b4f02de0b81",
"url--56e96775-33c4-48e8-8473-4b4f02de0b81",
"indicator--56e96776-f4e0-4d3c-ae11-430b02de0b81",
"indicator--56e96776-70dc-40b8-8895-460a02de0b81",
"observed-data--56e96776-a064-4711-8613-41f602de0b81",
"url--56e96776-a064-4711-8613-41f602de0b81",
"indicator--56e96777-7fb8-484e-a196-438e02de0b81",
"indicator--56e96777-eef8-4c17-9d5f-4b3302de0b81",
"observed-data--56e96777-2948-494c-96d6-433a02de0b81",
"url--56e96777-2948-494c-96d6-433a02de0b81",
"indicator--56e96778-254c-4256-80ba-473302de0b81",
"indicator--56e96778-f52c-489b-ab0a-443802de0b81",
"observed-data--56e96778-f700-42d4-8437-40e302de0b81",
"url--56e96778-f700-42d4-8437-40e302de0b81",
"indicator--56e96779-78d0-45d3-8ee9-4e7b02de0b81",
"indicator--56e96779-5b70-4413-83fa-44b802de0b81",
"observed-data--56e96779-05a0-45c5-913f-427302de0b81",
"url--56e96779-05a0-45c5-913f-427302de0b81",
"indicator--56e96779-78d0-4cbb-afed-47c502de0b81",
"indicator--56e9677a-afe0-4bd4-8f90-4a3902de0b81",
"observed-data--56e9677a-8da0-4a2c-b9fe-42a102de0b81",
"url--56e9677a-8da0-4a2c-b9fe-42a102de0b81",
"indicator--56e9677a-798c-4632-8f0f-4c2602de0b81",
"indicator--56e9677b-b50c-4207-84c7-4d0302de0b81",
"observed-data--56e9677b-0d88-461c-abf3-4c2802de0b81",
"url--56e9677b-0d88-461c-abf3-4c2802de0b81",
"indicator--56e9677b-d834-4d58-a46a-48fe02de0b81",
"indicator--56e9677b-3fd8-46fe-a55b-4d6502de0b81",
"observed-data--56e9677c-f530-46a0-b3cb-43e802de0b81",
"url--56e9677c-f530-46a0-b3cb-43e802de0b81",
"indicator--56e9677c-44e8-454f-9cd1-44d602de0b81",
"indicator--56e9677c-22ec-4ad2-acfc-467f02de0b81",
"observed-data--56e9677c-a484-4283-a1a7-41a102de0b81",
"url--56e9677c-a484-4283-a1a7-41a102de0b81",
"indicator--56e9677d-e790-471a-b3aa-44de02de0b81",
"indicator--56e9677d-b2c8-4087-a0c0-46a502de0b81",
"observed-data--56e9677d-e4fc-4263-aadf-4f4502de0b81",
"url--56e9677d-e4fc-4263-aadf-4f4502de0b81",
"indicator--56e9677e-9e80-4065-ac7a-4f7b02de0b81",
"indicator--56e9677e-fb58-4338-95ec-4b7f02de0b81",
"observed-data--56e9677e-d584-413e-8731-492a02de0b81",
"url--56e9677e-d584-413e-8731-492a02de0b81",
"indicator--56e9677e-daac-4407-ae4e-4f0f02de0b81",
"indicator--56e9677f-e510-44bf-9a7a-4c2c02de0b81",
"observed-data--56e9677f-a0cc-4383-a4b2-4fde02de0b81",
"url--56e9677f-a0cc-4383-a4b2-4fde02de0b81",
"indicator--56e9677f-71e4-4c4b-ac31-45e902de0b81",
"indicator--56e96780-355c-4373-8180-4cf902de0b81",
"observed-data--56e96780-f660-4de0-bd50-4d3202de0b81",
"url--56e96780-f660-4de0-bd50-4d3202de0b81",
"indicator--56e96780-e520-4f0b-8dc4-4fdc02de0b81",
"indicator--56e96780-bd44-4ccd-a3b3-4afd02de0b81",
"observed-data--56e96781-b200-4724-bfcd-4cc502de0b81",
"url--56e96781-b200-4724-bfcd-4cc502de0b81",
"indicator--56e96781-5c4c-4313-a839-461102de0b81",
"indicator--56e96781-f680-4243-80a9-44b702de0b81",
"observed-data--56e96781-3dc8-4ee9-9d03-42d702de0b81",
"url--56e96781-3dc8-4ee9-9d03-42d702de0b81",
"indicator--56e96782-e794-4a36-adb1-499602de0b81",
"indicator--56e96782-f3c0-4b58-884d-49a802de0b81",
"observed-data--56e96782-2b98-47e0-bcec-4e2702de0b81",
"url--56e96782-2b98-47e0-bcec-4e2702de0b81",
"indicator--56e96783-2e8c-4cbb-8fe6-454402de0b81",
"indicator--56e96783-67c8-4f67-9f73-4ab902de0b81",
"observed-data--56e96783-4f44-4ae4-833e-40d102de0b81",
"url--56e96783-4f44-4ae4-833e-40d102de0b81",
"indicator--56e96783-38b8-4e06-adf2-429f02de0b81",
"indicator--56e96784-6938-4aea-ae80-4d8702de0b81",
"observed-data--56e96784-eafc-440f-96ce-4c2702de0b81",
"url--56e96784-eafc-440f-96ce-4c2702de0b81",
"indicator--56e96784-3130-4a00-b9b4-44d202de0b81",
"indicator--56e96784-c014-4b98-9d48-4e6402de0b81",
"observed-data--56e96785-1008-4f18-a38a-4df102de0b81",
"url--56e96785-1008-4f18-a38a-4df102de0b81",
"indicator--56e96785-dbc4-4b94-8ff2-423802de0b81",
"indicator--56e96785-0780-4ee3-b226-433c02de0b81",
"observed-data--56e96786-a5a8-4f22-b797-4aa602de0b81",
"url--56e96786-a5a8-4f22-b797-4aa602de0b81",
"indicator--56e96786-1bf8-49ac-b978-4ef102de0b81",
"indicator--56e96786-f034-4b88-89b2-45e802de0b81",
"observed-data--56e96786-d598-43be-b141-439802de0b81",
"url--56e96786-d598-43be-b141-439802de0b81",
"indicator--56e96787-5d38-49b8-a7e2-409e02de0b81",
"indicator--56e96787-ee10-4973-930f-426102de0b81",
"observed-data--56e96787-bd80-43b3-a31f-49f302de0b81",
"url--56e96787-bd80-43b3-a31f-49f302de0b81",
"indicator--56e96787-de70-4ff1-b284-4b6102de0b81",
"indicator--56e96788-0b08-4624-a282-42a402de0b81",
"observed-data--56e96788-7eb4-4b63-9460-427c02de0b81",
"url--56e96788-7eb4-4b63-9460-427c02de0b81",
"indicator--56e96788-c064-4b5a-baf8-4f4802de0b81",
"indicator--56e96789-b8dc-4851-bb53-4af402de0b81",
"observed-data--56e96789-1018-4a50-ac45-447e02de0b81",
"url--56e96789-1018-4a50-ac45-447e02de0b81",
"indicator--56e96789-d124-4187-be6e-44c002de0b81",
"indicator--56e96789-d1e8-4f6d-9ffc-46b402de0b81",
"observed-data--56e9678a-8e64-4370-b138-4f5302de0b81",
"url--56e9678a-8e64-4370-b138-4f5302de0b81",
"indicator--56e9678a-be68-45d5-bc19-471902de0b81",
"indicator--56e9678a-a02c-4f5b-9b58-491e02de0b81",
"observed-data--56e9678b-c760-4857-bb3c-48d002de0b81",
"url--56e9678b-c760-4857-bb3c-48d002de0b81",
"indicator--56e9678b-bb1c-4dfb-a3c3-4b7202de0b81",
"indicator--56e9678c-19fc-40fa-a448-4bbe02de0b81",
"observed-data--56e9678c-cde4-453a-91e1-4d5602de0b81",
"url--56e9678c-cde4-453a-91e1-4d5602de0b81",
"indicator--56e9678d-5b54-4c75-98c4-45f302de0b81",
"indicator--56e9678d-30c4-4ab8-8dca-411b02de0b81",
"observed-data--56e9678e-87b0-4a21-9d69-495302de0b81",
"url--56e9678e-87b0-4a21-9d69-495302de0b81",
"indicator--56e9678e-5a48-4905-8af9-4b7b02de0b81",
"indicator--56e9678f-00c8-4bf5-8404-4e1c02de0b81",
"observed-data--56e9678f-7560-402f-88ca-45e002de0b81",
"url--56e9678f-7560-402f-88ca-45e002de0b81",
"indicator--56e96790-182c-4db5-82bf-48bf02de0b81",
"indicator--56e96791-f628-4086-900b-424f02de0b81",
"observed-data--56e96791-ac2c-437c-85bb-4c7f02de0b81",
"url--56e96791-ac2c-437c-85bb-4c7f02de0b81",
"indicator--56e96792-527c-4c10-94ff-4d8802de0b81",
"indicator--56e96792-368c-47ec-af50-4f4302de0b81",
"observed-data--56e96792-9b9c-4de5-98a8-456502de0b81",
"url--56e96792-9b9c-4de5-98a8-456502de0b81",
"indicator--56e96793-246c-4ff2-9236-46e502de0b81",
"indicator--56e96793-d9dc-4fc8-aca5-4fb602de0b81",
"observed-data--56e96794-ab00-4a10-a418-482b02de0b81",
"url--56e96794-ab00-4a10-a418-482b02de0b81",
"indicator--56e96794-c600-460b-a9ca-4d2702de0b81",
"indicator--56e96795-cb0c-49b9-89b0-4a9902de0b81",
"observed-data--56e96795-f988-4302-85ad-44c802de0b81",
"url--56e96795-f988-4302-85ad-44c802de0b81",
"indicator--56e96796-55a4-4781-979e-4cd902de0b81",
"indicator--56e96796-6884-4d23-b091-4f6202de0b81",
"observed-data--56e96797-2e20-41af-be60-480302de0b81",
"url--56e96797-2e20-41af-be60-480302de0b81",
"indicator--56e96797-0214-4664-91e2-43bb02de0b81",
"indicator--56e96797-a588-4916-81b1-459c02de0b81",
"observed-data--56e96798-b534-4bd2-8275-456f02de0b81",
"url--56e96798-b534-4bd2-8275-456f02de0b81",
"indicator--56e96798-df58-4a27-befe-48c202de0b81",
"indicator--56e96798-7b68-417b-b66f-47bf02de0b81",
"observed-data--56e96798-b6c4-4199-8c51-41c202de0b81",
"url--56e96798-b6c4-4199-8c51-41c202de0b81",
"indicator--56e96799-cadc-403f-96fa-4ebf02de0b81",
"indicator--56e96799-cf6c-44a2-ae71-45a902de0b81",
"observed-data--56e96799-4a2c-4824-9e47-4f5802de0b81",
"url--56e96799-4a2c-4824-9e47-4f5802de0b81",
"indicator--56e96799-f4bc-4cce-9472-435102de0b81",
"indicator--56e9679a-52dc-4f6a-97c0-470302de0b81",
"observed-data--56e9679a-8188-49f6-a2e7-449902de0b81",
"url--56e9679a-8188-49f6-a2e7-449902de0b81",
"indicator--56e9679a-88f4-4c2c-8d5c-4dcf02de0b81",
"indicator--56e9679b-40a0-4d6c-85a3-434302de0b81",
"observed-data--56e9679b-2654-41d9-8f16-44c502de0b81",
"url--56e9679b-2654-41d9-8f16-44c502de0b81",
"indicator--56e9679b-78dc-4365-ac70-4b0602de0b81",
"indicator--56e9679b-cc5c-44fa-811d-41b902de0b81",
"observed-data--56e9679c-4c5c-4aec-afb6-404802de0b81",
"url--56e9679c-4c5c-4aec-afb6-404802de0b81",
"indicator--56e9679c-f638-4994-bdfe-491602de0b81",
"indicator--56e9679c-0cec-45ca-ae68-4ba202de0b81",
"observed-data--56e9679d-5fcc-4b83-8be7-451e02de0b81",
"url--56e9679d-5fcc-4b83-8be7-451e02de0b81",
"indicator--56e9679d-be78-4048-944d-40a302de0b81",
"indicator--56e9679d-71d0-4de2-98ce-45cc02de0b81",
"observed-data--56e9679e-78e8-4225-b332-4b0d02de0b81",
"url--56e9679e-78e8-4225-b332-4b0d02de0b81",
"indicator--56e9679e-fa74-4749-b5e3-468a02de0b81",
"indicator--56e9679e-9390-43c4-9d6c-4d9302de0b81",
"observed-data--56e9679e-25bc-43de-89f6-46dc02de0b81",
"url--56e9679e-25bc-43de-89f6-46dc02de0b81",
"indicator--56e9679f-d8c0-4e83-b17f-4dc202de0b81",
"indicator--56e9679f-0614-422f-b146-46ec02de0b81",
"observed-data--56e9679f-a164-4ac9-a59b-4dfe02de0b81",
"url--56e9679f-a164-4ac9-a59b-4dfe02de0b81",
"indicator--56e9679f-1680-43e7-8882-4b0802de0b81",
"indicator--56e967a0-1ec8-4e26-b42d-4a4b02de0b81",
"observed-data--56e967a0-178c-4c89-812c-4eeb02de0b81",
"url--56e967a0-178c-4c89-812c-4eeb02de0b81",
"indicator--56e967a0-4f8c-4356-adb7-444202de0b81",
"indicator--56e967a1-4c68-4777-95dd-467602de0b81",
"observed-data--56e967a1-5134-4eb5-a0b7-46e002de0b81",
"url--56e967a1-5134-4eb5-a0b7-46e002de0b81",
"indicator--56e967a1-db64-441f-94bc-49f902de0b81",
"indicator--56e967a1-6c0c-499a-93e7-404202de0b81",
"observed-data--56e967a2-b9bc-40dc-a18a-401002de0b81",
"url--56e967a2-b9bc-40dc-a18a-401002de0b81",
"indicator--56e967a2-2d8c-450f-a2b3-439602de0b81",
"indicator--56e967a2-b698-4b29-ae89-49e002de0b81",
"observed-data--56e967a2-e010-4820-9d7d-4b0e02de0b81",
"url--56e967a2-e010-4820-9d7d-4b0e02de0b81",
"indicator--56e967a3-6d78-414e-b438-411002de0b81",
"indicator--56e967a3-0d5c-4ea3-bb2a-48bf02de0b81",
"observed-data--56e967a3-1e5c-460c-b616-4a3c02de0b81",
"url--56e967a3-1e5c-460c-b616-4a3c02de0b81",
"indicator--56e967a4-c3a0-48ef-940a-4cf002de0b81",
"indicator--56e967a4-c390-43d1-aa88-404d02de0b81",
"observed-data--56e967a4-c3cc-4b5c-be09-459602de0b81",
"url--56e967a4-c3cc-4b5c-be09-459602de0b81",
"indicator--56e967a4-1ef4-4ccc-a237-43b202de0b81",
"indicator--56e967a5-2e18-4ab3-bec7-4fd202de0b81",
"observed-data--56e967a5-9dc4-4c89-8f6a-4ffe02de0b81",
"url--56e967a5-9dc4-4c89-8f6a-4ffe02de0b81",
"indicator--56e967a5-b5d8-42eb-86ae-441102de0b81",
"indicator--56e967a5-1828-4801-89c1-44d202de0b81",
"observed-data--56e967a6-f7b8-4879-989d-445102de0b81",
"url--56e967a6-f7b8-4879-989d-445102de0b81",
"indicator--56e967a6-8de4-4ab3-8060-4d5c02de0b81",
"indicator--56e967a6-79f8-4bcd-98a1-442c02de0b81",
"observed-data--56e967a7-c598-4d14-a1bf-41a802de0b81",
"url--56e967a7-c598-4d14-a1bf-41a802de0b81",
"indicator--56e967a7-67d0-45df-b84a-486f02de0b81",
"indicator--56e967a7-92c4-41e9-baf9-4ac202de0b81",
"observed-data--56e967a7-95bc-4f46-b3f2-462c02de0b81",
"url--56e967a7-95bc-4f46-b3f2-462c02de0b81",
"indicator--56e967a8-6a60-4b33-b7d2-4c5e02de0b81",
"indicator--56e967a8-b600-4450-af66-454d02de0b81",
"observed-data--56e967a8-5d98-488b-b960-4b8002de0b81",
"url--56e967a8-5d98-488b-b960-4b8002de0b81",
"indicator--56e967a9-9ed0-4b60-bdaf-4c5102de0b81",
"indicator--56e967a9-94ec-49f1-a691-4c8f02de0b81",
"observed-data--56e967a9-b624-4ae5-bedb-436902de0b81",
"url--56e967a9-b624-4ae5-bedb-436902de0b81",
"indicator--56e967a9-7bb8-4c65-8221-4e2202de0b81",
"indicator--56e967aa-cd7c-45fd-8b7d-441e02de0b81",
"observed-data--56e967aa-7808-407f-b1c3-4acd02de0b81",
"url--56e967aa-7808-407f-b1c3-4acd02de0b81",
"indicator--56e967aa-f760-41dc-80f7-480002de0b81",
"indicator--56e967aa-9b38-4f9c-88f8-44fa02de0b81",
"observed-data--56e967ab-90e8-474b-bbaf-440202de0b81",
"url--56e967ab-90e8-474b-bbaf-440202de0b81",
"indicator--56e967ab-7138-4217-8ef6-4ea402de0b81",
"indicator--56e967ab-aa20-4adf-9bbd-45b302de0b81",
"observed-data--56e967ac-1628-442e-bc75-490502de0b81",
"url--56e967ac-1628-442e-bc75-490502de0b81",
"indicator--56e967ac-6a24-4260-8050-40ad02de0b81",
"indicator--56e967ac-7b80-417a-b3aa-40fb02de0b81",
"observed-data--56e967ac-fa28-4926-9360-4a8202de0b81",
"url--56e967ac-fa28-4926-9360-4a8202de0b81",
"indicator--56e967ad-7878-4a0d-861d-40a002de0b81",
"indicator--56e967ad-c59c-4483-8c38-461c02de0b81",
"observed-data--56e967ad-1378-480f-ac91-486402de0b81",
"url--56e967ad-1378-480f-ac91-486402de0b81",
"indicator--56e967ad-0c28-4c7e-a54c-46b102de0b81",
"indicator--56e967ae-aafc-4066-9a91-42e902de0b81",
"observed-data--56e967ae-f6a4-435a-8521-458002de0b81",
"url--56e967ae-f6a4-435a-8521-458002de0b81",
"indicator--56e967ae-4da8-4bd0-b01d-4bf802de0b81",
"indicator--56e967af-aab8-4d51-a1ff-468602de0b81",
"observed-data--56e967af-051c-4d5b-b329-453a02de0b81",
"url--56e967af-051c-4d5b-b329-453a02de0b81",
"indicator--56e967af-1560-4859-8410-4e4d02de0b81",
"indicator--56e967af-4f98-4b92-a605-40cf02de0b81",
"observed-data--56e967b0-04dc-4ecd-a612-4e7902de0b81",
"url--56e967b0-04dc-4ecd-a612-4e7902de0b81",
"indicator--56e967b0-03f0-49e2-9f6a-491402de0b81",
"indicator--56e967b0-6920-4c18-a6c8-438e02de0b81",
"observed-data--56e967b0-da5c-4768-9983-450502de0b81",
"url--56e967b0-da5c-4768-9983-450502de0b81",
"indicator--56e967b1-50b8-49ee-9445-428002de0b81",
"indicator--56e967b1-bc58-4917-9a73-451f02de0b81",
"observed-data--56e967b1-f3b0-4a34-a868-476802de0b81",
"url--56e967b1-f3b0-4a34-a868-476802de0b81",
"indicator--56e967b2-31f8-4a45-afce-4db602de0b81",
"indicator--56e967b2-b8b8-42b6-aeda-4a8d02de0b81",
"observed-data--56e967b2-760c-40f2-88e7-478102de0b81",
"url--56e967b2-760c-40f2-88e7-478102de0b81",
"indicator--56e967b2-dad4-4c9c-b4aa-40a502de0b81",
"indicator--56e967b3-734c-4402-bcaf-495a02de0b81",
"observed-data--56e967b3-7c84-4b4a-b6b7-4d6202de0b81",
"url--56e967b3-7c84-4b4a-b6b7-4d6202de0b81",
"indicator--56e967b3-b504-4891-bc47-43ba02de0b81",
"indicator--56e967b3-ae80-4cb3-801a-4e7802de0b81",
"observed-data--56e967b4-9300-473b-b297-407902de0b81",
"url--56e967b4-9300-473b-b297-407902de0b81",
"indicator--56e967b4-1914-4b21-b825-465602de0b81",
"indicator--56e967b4-4c90-4694-8751-412002de0b81",
"observed-data--56e967b5-2924-4279-8263-45d602de0b81",
"url--56e967b5-2924-4279-8263-45d602de0b81",
"indicator--56e967b5-7e28-46f4-9619-406f02de0b81",
"indicator--56e967b5-60fc-43cb-961c-431e02de0b81",
"observed-data--56e967b5-0ba4-46cc-9624-4f8702de0b81",
"url--56e967b5-0ba4-46cc-9624-4f8702de0b81",
"indicator--56e967b6-2db8-45a2-b237-42e202de0b81",
"indicator--56e967b6-067c-4655-a973-409b02de0b81",
"observed-data--56e967b6-5f88-48b1-99c6-419402de0b81",
"url--56e967b6-5f88-48b1-99c6-419402de0b81",
"indicator--56e967b6-86d8-41e3-9313-44bd02de0b81",
"indicator--56e967b7-e1f0-4bac-9202-46e502de0b81",
"observed-data--56e967b7-7750-443b-93c8-405402de0b81",
"url--56e967b7-7750-443b-93c8-405402de0b81",
"indicator--56e967b7-ae24-4e98-8196-477d02de0b81",
"indicator--56e967b8-55fc-4483-a2f7-403702de0b81",
"observed-data--56e967b8-d3bc-4e9c-9c97-4f9702de0b81",
"url--56e967b8-d3bc-4e9c-9c97-4f9702de0b81",
"indicator--56e967b8-f764-4020-92e8-487b02de0b81",
"indicator--56e967b8-08ec-48f0-a11f-4cd702de0b81",
"observed-data--56e967b9-5494-4685-a41c-4a1902de0b81",
"url--56e967b9-5494-4685-a41c-4a1902de0b81",
"indicator--56e967b9-0cf4-4aef-99dc-4b6f02de0b81",
"indicator--56e967b9-35b4-48ff-9ba3-45ad02de0b81",
"observed-data--56e967b9-8334-4021-a66b-461402de0b81",
"url--56e967b9-8334-4021-a66b-461402de0b81",
"indicator--56e967ba-07cc-4125-b0d7-44b202de0b81",
"indicator--56e967ba-b5fc-4020-bbd3-42d202de0b81",
"observed-data--56e967ba-0f60-4abf-a6d9-4dea02de0b81",
"url--56e967ba-0f60-4abf-a6d9-4dea02de0b81",
"indicator--56e967bb-8254-414a-95b1-4ce802de0b81",
"indicator--56e967bb-00fc-4d46-a4b2-4d0802de0b81",
"observed-data--56e967bb-15ac-4023-ba80-4af002de0b81",
"url--56e967bb-15ac-4023-ba80-4af002de0b81",
"indicator--56e967bb-6d94-4946-a7ba-493202de0b81",
"indicator--56e967bc-5d0c-4e38-88df-494002de0b81",
"observed-data--56e967bc-35c0-46df-b209-46c102de0b81",
"url--56e967bc-35c0-46df-b209-46c102de0b81",
"indicator--56e967bc-1cf8-44df-9063-489a02de0b81",
"indicator--56e967bd-b3c4-4cfd-b962-4a4902de0b81",
"observed-data--56e967bd-df24-48c3-80fe-4fda02de0b81",
"url--56e967bd-df24-48c3-80fe-4fda02de0b81",
"indicator--56e967bd-727c-48b2-80ad-491302de0b81",
"indicator--56e967bd-e74c-4d85-94cb-45b402de0b81",
"observed-data--56e967be-8660-417d-9840-4bca02de0b81",
"url--56e967be-8660-417d-9840-4bca02de0b81",
"indicator--56e967be-0884-48bf-a6af-467b02de0b81",
"indicator--56e967be-6fb4-40f2-ad26-4bdc02de0b81",
"observed-data--56e967be-655c-4375-9bfe-48b002de0b81",
"url--56e967be-655c-4375-9bfe-48b002de0b81",
"indicator--56e967bf-95dc-463f-992e-48bf02de0b81",
"indicator--56e967bf-8f58-4df1-8d9f-49a802de0b81",
"observed-data--56e967bf-4f20-4345-bdcd-44db02de0b81",
"url--56e967bf-4f20-4345-bdcd-44db02de0b81",
"indicator--56e967c0-1d84-449f-9cff-428702de0b81",
"indicator--56e967c0-cb54-4f47-8cda-46da02de0b81",
"observed-data--56e967c0-8d90-4e79-91f0-42fa02de0b81",
"url--56e967c0-8d90-4e79-91f0-42fa02de0b81",
"indicator--56e967c0-55c4-4ce7-b251-444902de0b81",
"indicator--56e967c1-2780-4793-bf0d-486102de0b81",
"observed-data--56e967c1-6070-411a-95dd-45e802de0b81",
"url--56e967c1-6070-411a-95dd-45e802de0b81",
"indicator--56e967c1-1874-4a3a-a134-447102de0b81",
"indicator--56e967c1-cb74-48d8-b248-405a02de0b81",
"observed-data--56e967c2-a0b8-480e-a554-436902de0b81",
"url--56e967c2-a0b8-480e-a554-436902de0b81",
"indicator--56e967c2-7f80-4541-bf61-460c02de0b81",
"indicator--56e967c2-dfec-41a9-8c3f-470a02de0b81",
"observed-data--56e967c3-6664-4ff1-ac69-479002de0b81",
"url--56e967c3-6664-4ff1-ac69-479002de0b81",
"indicator--56e967c3-5f2c-4217-8e5b-485d02de0b81",
"indicator--56e967c3-cf28-4958-9f45-4ad702de0b81",
"observed-data--56e967c3-bdbc-4b68-afc7-4dd802de0b81",
"url--56e967c3-bdbc-4b68-afc7-4dd802de0b81",
"indicator--56e967c4-8254-4d89-bb52-41d702de0b81",
"indicator--56e967c4-de5c-4f8c-8d5e-4d5202de0b81",
"observed-data--56e967c4-84a8-4255-ba4a-4ffe02de0b81",
"url--56e967c4-84a8-4255-ba4a-4ffe02de0b81",
"indicator--56e967c4-e5e0-483c-b5c2-43a902de0b81",
"indicator--56e967c5-38ec-4d8e-be4c-49a502de0b81",
"observed-data--56e967c5-b0b0-4f16-a77c-4ec902de0b81",
"url--56e967c5-b0b0-4f16-a77c-4ec902de0b81",
"indicator--56e967c5-662c-4a11-a163-40f702de0b81",
"indicator--56e967c6-89ac-4c1c-a07a-416302de0b81",
"observed-data--56e967c6-96b0-4b1f-a616-4f3102de0b81",
"url--56e967c6-96b0-4b1f-a616-4f3102de0b81",
"indicator--56e967c6-89e8-4a4a-a20a-42f902de0b81",
"indicator--56e967c6-6b08-420d-8168-4df302de0b81",
"observed-data--56e967c7-e944-428e-be38-40b602de0b81",
"url--56e967c7-e944-428e-be38-40b602de0b81",
"indicator--56e967c7-f300-48c8-93a3-498a02de0b81",
"indicator--56e967c7-7f00-49ca-9984-412a02de0b81",
"observed-data--56e967c7-4b88-4332-8f5f-434202de0b81",
"url--56e967c7-4b88-4332-8f5f-434202de0b81",
"indicator--56e967c8-663c-46c3-a712-477002de0b81",
"indicator--56e967c8-9170-4680-8443-452902de0b81",
"observed-data--56e967c8-c0e0-4157-bd2d-4ed002de0b81",
"url--56e967c8-c0e0-4157-bd2d-4ed002de0b81",
"indicator--56e967c9-5220-4f10-b232-4db602de0b81",
"indicator--56e967c9-bb84-4820-b921-4eb702de0b81",
"observed-data--56e967c9-60ac-4ace-be37-403c02de0b81",
"url--56e967c9-60ac-4ace-be37-403c02de0b81",
"indicator--56e967c9-2c54-4693-b398-461402de0b81",
"indicator--56e967ca-cc94-45c2-bd90-42a502de0b81",
"observed-data--56e967ca-8bb0-4efd-a157-464302de0b81",
"url--56e967ca-8bb0-4efd-a157-464302de0b81",
"indicator--56e967ca-4fa4-42b9-aaa2-477702de0b81",
"indicator--56e967ca-c938-4ecd-b4ce-487f02de0b81",
"observed-data--56e967cb-cae8-440a-9a70-4b6802de0b81",
"url--56e967cb-cae8-440a-9a70-4b6802de0b81",
"indicator--56e967cb-50dc-4687-be3f-456802de0b81",
"indicator--56e967cb-d00c-4e3d-b49d-4c1502de0b81",
"observed-data--56e967cc-cbfc-4d57-9482-4d1a02de0b81",
"url--56e967cc-cbfc-4d57-9482-4d1a02de0b81",
"indicator--56e967cc-88f4-4a71-9412-411d02de0b81",
"indicator--56e967cc-c388-425f-b9a9-484e02de0b81",
"observed-data--56e967cc-f248-49d8-a6c0-497902de0b81",
"url--56e967cc-f248-49d8-a6c0-497902de0b81",
"indicator--56e967cd-4278-4c14-9764-477c02de0b81",
"indicator--56e967cd-9ec8-4b2b-8895-420102de0b81",
"observed-data--56e967cd-cdc0-4af8-9342-4a3e02de0b81",
"url--56e967cd-cdc0-4af8-9342-4a3e02de0b81",
"indicator--56e967ce-c9bc-4b28-846d-4ba902de0b81",
"indicator--56e967ce-c2a8-4e5e-a96a-44fd02de0b81",
"observed-data--56e967ce-ed0c-49ab-9a4e-4e9002de0b81",
"url--56e967ce-ed0c-49ab-9a4e-4e9002de0b81",
"indicator--56e967ce-c254-4af1-92bc-4b3502de0b81",
"indicator--56e967cf-c9e8-4fa4-90cf-4ea802de0b81",
"observed-data--56e967cf-682c-4192-8676-497d02de0b81",
"url--56e967cf-682c-4192-8676-497d02de0b81",
"indicator--56e967cf-7390-4c59-b438-4a6802de0b81",
"indicator--56e967cf-1754-4331-9215-4da402de0b81",
"observed-data--56e967d0-5998-4dd1-96bc-4a1e02de0b81",
"url--56e967d0-5998-4dd1-96bc-4a1e02de0b81",
"indicator--56e967d0-0e10-4413-a51e-470e02de0b81",
"indicator--56e967d0-6714-40ce-a3c1-424f02de0b81",
"observed-data--56e967d1-064c-49bf-94e5-476902de0b81",
"url--56e967d1-064c-49bf-94e5-476902de0b81",
"indicator--56e967d1-f638-4031-abf3-433202de0b81",
"indicator--56e967d1-e4c4-4825-b725-492902de0b81",
"observed-data--56e967d1-95c4-4f6c-b7e8-4c8d02de0b81",
"url--56e967d1-95c4-4f6c-b7e8-4c8d02de0b81",
"indicator--56e967d2-7a90-4e0f-8d76-482c02de0b81",
"indicator--56e967d2-72e0-4c6b-be8d-497a02de0b81",
"observed-data--56e967d2-60ac-4043-b61f-430302de0b81",
"url--56e967d2-60ac-4043-b61f-430302de0b81",
"indicator--56e967d2-1424-4c15-928f-438702de0b81",
"indicator--56e967d3-9790-42fc-838a-44ef02de0b81",
"observed-data--56e967d3-19b4-4bf9-bdc6-4fd702de0b81",
"url--56e967d3-19b4-4bf9-bdc6-4fd702de0b81",
"indicator--56e967d3-6eec-4b1f-9fd3-44bc02de0b81",
"indicator--56e967d4-6968-434a-8174-4a3c02de0b81",
"observed-data--56e967d4-1bc4-4521-a677-48a402de0b81",
"url--56e967d4-1bc4-4521-a677-48a402de0b81",
"indicator--56e967d4-d588-4662-8384-45a602de0b81",
"indicator--56e967d4-453c-458c-a46e-473402de0b81",
"observed-data--56e967d5-2ee8-4234-bd68-464402de0b81",
"url--56e967d5-2ee8-4234-bd68-464402de0b81",
"indicator--56e967d5-1674-4810-9216-485402de0b81",
"indicator--56e967d5-1e6c-43ca-ad05-473a02de0b81",
"observed-data--56e967d6-4418-4212-b6ef-46f102de0b81",
"url--56e967d6-4418-4212-b6ef-46f102de0b81",
"indicator--56e967d6-6244-4449-bd6f-40b502de0b81",
"indicator--56e967d6-8fac-41d6-babe-427802de0b81",
"observed-data--56e967d6-f19c-4fbc-bb61-489602de0b81",
"url--56e967d6-f19c-4fbc-bb61-489602de0b81",
"indicator--56e967d7-a17c-45f8-ae68-4e6e02de0b81",
"indicator--56e967d7-2478-449a-bad5-493b02de0b81",
"observed-data--56e967d7-5558-41cf-b825-445302de0b81",
"url--56e967d7-5558-41cf-b825-445302de0b81",
"indicator--56e967d8-b99c-45a9-abcc-412e02de0b81",
"indicator--56e967d8-ed20-4c09-9b1a-481602de0b81",
"observed-data--56e967d8-c3f4-46a9-9c36-43e102de0b81",
"url--56e967d8-c3f4-46a9-9c36-43e102de0b81",
"indicator--56e967d8-7760-44dc-b85e-420402de0b81",
"indicator--56e967d9-2e08-4870-bab6-489402de0b81",
"observed-data--56e967d9-e378-4c11-b00b-4ccd02de0b81",
"url--56e967d9-e378-4c11-b00b-4ccd02de0b81",
"indicator--56e967d9-5ac8-44a4-99b3-4b2a02de0b81",
"indicator--56e967da-7bd8-46b4-a7f4-454202de0b81",
"observed-data--56e967da-a148-49e3-8dd6-42e402de0b81",
"url--56e967da-a148-49e3-8dd6-42e402de0b81",
"indicator--56e967da-b854-4a53-a645-4b0302de0b81",
"indicator--56e967da-a41c-4372-9676-448702de0b81",
"observed-data--56e967db-4524-49ee-bafa-41da02de0b81",
"url--56e967db-4524-49ee-bafa-41da02de0b81",
"indicator--56e967db-3024-401b-9926-455302de0b81",
"indicator--56e967db-27bc-43af-a2d7-454702de0b81",
"observed-data--56e967db-2644-4597-a6e4-428d02de0b81",
"url--56e967db-2644-4597-a6e4-428d02de0b81",
"indicator--56e967dc-0f1c-46a6-b11c-452402de0b81",
"indicator--56e967dc-3bc4-4175-8f1f-47e902de0b81",
"observed-data--56e967dc-f360-4f16-8f69-474e02de0b81",
"url--56e967dc-f360-4f16-8f69-474e02de0b81",
"indicator--56e967dd-94a0-4215-8f8f-4bde02de0b81",
"indicator--56e967dd-f08c-4025-bf8f-400602de0b81",
"observed-data--56e967dd-6088-4961-b835-4dab02de0b81",
"url--56e967dd-6088-4961-b835-4dab02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e95e1d-a4fc-47b4-9b6d-4432950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:22:37.000Z",
"modified": "2016-03-16T13:22:37.000Z",
"first_observed": "2016-03-16T13:22:37Z",
"last_observed": "2016-03-16T13:22:37Z",
"number_observed": 1,
"object_refs": [
"file--56e95e1d-a4fc-47b4-9b6d-4432950d210f",
"artifact--56e95e1d-a4fc-47b4-9b6d-4432950d210f"
],
"labels": [
"misp:type=\"attachment\"",
"misp:category=\"External analysis\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--56e95e1d-a4fc-47b4-9b6d-4432950d210f",
"name": "proofpoint-operation-transparent-tribe-threat-insight-en.pdf",
"content_ref": "artifact--56e95e1d-a4fc-47b4-9b6d-4432950d210f"
},
{
"type": "artifact",
"spec_version": "2.1",
"id": "artifact--56e95e1d-a4fc-47b4-9b6d-4432950d210f",
"payload_bin": "JVBERi0xLjcNJeLjz9MNCjM0NCAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMTk0L0xlbmd0aCAxNjk2L04gMjMvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KWlt7kql2hz5KsUEwP1wZQ+cwbByyAAVNHJtO0f3TfKfCINatUZvdb2qTLPrvb7nRli9Z42w3pLRYtp6kjN337+yFWdysQilyx09D87bfNnP4tU4grjDAgjz4gTl4o2eKq7EVc6PBvBQmXUeXhOHEWFUKo/B6QsnKQDtEVBRs6BfgbNScWuCh4+cIGzMLab4AzymjjU1YbOfiyuY2Ytrserk6mfBPBDSMSfzoviLupTePU75BpVa+5RVZAhKIXRR8lz+2hFw+sNYSxDx6JbDPrzZffa2V2GXPrd1zg1eNfjuSO8bdieKd6+aSmPViJ3SlrVs8dhMCVHORBTMXPxpZWv+4JSTT8yhhb0rW8skDAHRyRP6YkABuHlrHkFZgNWfIdO7T029uEgiYCr1/aneQgFVc+hmFCMhKjc3kFtFQgYH6JanfQz1MKsPV3dVqwXPQhwMvMicyJE2el/pYVuq8plgz2ZgsU///+8KF3q832qJibLe1bCZ/Bko4w6czn6mTq5CeZP1TwrwITvKY1p89lodyaK91rZ4E/KwFIL52Am/slbxntKg4nCPnrJuBHSoHjEq3XdfctATqLpGkzL6m/0wmqN0PAZSUQI9aFTHBPZJYqh2KiDHhJMR/SzO3WOFHRMOS4O+rSArw73o+etX0AdsxupwmML8HqAqejQQc2Ks886Zy3MJK8yGyRI/Cbn8OCI93W37aIsPFPDCxlyMN3w3w/3ayxmk5wT32BfQEVx4Fqu12e94HkG1VWas9QcjAGlppRvovegAJA7qbhh8NErk8RGDE5lQdalJAtpwboMMgwJGbCIHf5nCeLRXkphtUe/2Ds12yjOak+xtt68u77U+LpA0stRXAbvPeTvg/y0m1xNjRRDT71cM6mKrYixKVwUSR6jGc8I+h/osmG0TJmkOgbLGqOXCa5wnLCdHckX4KkH1jo8YFVQ058fnzJbuzcE99tGY2tx/84oDmCGZQpiY8W+WbfFXnoYUQKyVAM8URkb+bKCwSilUhuUvWXYOAfDPjePgznhwmN86UO5r0znzOWboGkTOuItdtGXVV8DkgxptZCpGSxR53xlspV6dSuce2gkvFYV6cgInQAOWQX802oqu085OZktAk1uyGmlEoEBmO2iJuleQWhdiCqFg5SPSXBxj+XKPv6KMbUS4GJGgQlNcKA7C1ST7c1rX2dtgTYzYZIiJbFLd/pm9KNcLPuL5nGIcHtHgng1ns2Xjsfre1lu6u8t9LTTR0tGi/qS4P4QLjavpEhGovQB1fuCQiA1OzFIQJjvb1VYk8yruAY5BmPfZcOVpA3IH5Kuk5SciQTAskJN6k+09UZWxuUX5c+l/rJ/Os32wRVRcekmPIyOkCoKVqkIlJfjzQdGgO+XrAUAZtUffZyV3edAohnFIROTLlmBZJ2ybaYiFqzNi5SpX41BBA5I7dpMyB56sl+fe2pcENUNvpF2pru8PJqQ+z6wv4HNFEGB48bhD6GjyAW4tTEf0Xj5eg8Jp6IoHDNhD0eIg0vZ9wkwd7QRp+SUhSQ9jjPJeNvtpv13z+kjPwV6Wp9RRCm1QRE9tmR71ihsoYE5wmuFvqmzmPGlIddgTSuoOv+yPK1HiKZ+M6ahNiEdxC8vYjNK9/HhtdMkZGP3VhwNl2FqvZ9omKp//PTg7Uh0jhDGrqgx5QuFLd3SjGi95q+2ZdkHbqGXEUt8jcsDWzXZM9100Ff/EhV6H6CvxSnReEKngX6HP6IqZ6P6mRi7XcrNaVV/p8aiWHIQ05Icy4MF46AGReIxUfc1txjkHeumY2TAK9g3HdItEEzKjbTEuMLjOXwv5YNsyF1298wHHpOcvrUKs8QSm90p75BjtPUENvnumTWVWAAlDj4BPuossfLRDN7bojXic2r7iVdU0PHrmZWpzofwdTe2tKl3A1Pn0Jo9tkVV1fenoHFJAZPFn42IOYYofCz+nEmhtxyU/VqtfeTns1MDGqDHpV3OJG+Zh5YrDRBrNATjK28x7wd/A+BNCGzPK3ciaC9g2+RMKjy+/vc8XHnTRWaFwD9c/1EzmkzWdwCMj8dyIIeYG4YUsny9pTQQ52lTa3Ckj6l0o/FeoMLX83gUP8of3fRw3V9HvRIH2SmoJER8kxFoxBJeI9xX/Rxl6Mq8B9BrOcGs/p+y4wpICRRe3gwYDl7dp5AIva2vgxAvK8sN0c44bA3lh0KxcQ8oMqqzb1P16tFAMY2OPZDE3cmIka7ImstIwGkAc79Ffk85/dnom5DucdTw1lbmRzdHJlYW0NZW5kb2JqDTM0NSAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMTIvTGVuZ3RoIDY0L04gMi9UeXBlL09ialN0bT4+c3RyZWFtDQqt17V6GSUj3i1zLQCHfhdzXpWZHqzBbhVAl3UHfrTk6Dq+l5mV47Xs7n8i2VbRImeHkCKJL5CyZffl3tCVwKHBDWVuZHN0cmVhbQ1lbmRvYmoNMzQ2IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9GaXJzdCAzNy9MZW5ndGggMzA0L04gNS9UeXBlL09ialN0bT4+c3RyZWFtDQo0mc6OesccVmCV9A9imRXSW3GHVs/VC5tlhfWm2WyFj6dkjqmdTgpG42b3KDYBCJp3ywwEpIh6hZR4TkCcSC4aaLaWjHRujVd0mieNKIT8VkbS/HF+Ypz/ui3+O4bpKYTNdyMKHUgv65XSjhGaWbkb2bCmetrljROUxFB8igy4ddWUshpt0XiPb/klR2y91K5pueSK93lp6xebs6Wp0wTPZ3rdQafennST0+ptwXzOLKCNmnJ3I7xulKuYvxwPLn7Hb/rXs4ry5CG8Zrrepz+cglAc/IxPUvXivcNapfXKBIt9Rq5EbAJcHbLCBCurJd5NL4j4LUgx42y09FCjlqu/lHVkbFiT4mt3DabCG8fC4atRbPMtUhs3NGAGnDRwVmM70GRPK+KvLa2Md81+5BOQDWVuZHN0cmVhbQ1lbmRvYmoNMzQ3IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9GaXJzdCA2L0xlbmd0aCA0OC9OIDEvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KoYhrcVhPef1hP3ne38GKqgiJ6aaVKx4I/gIyQWExAtWrXrReJmz1Tt6JxoZtc0rcDWVuZHN0cmVhbQ1lbmRvYmoNMzQ4IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9GaXJzdCA2L0xlbmd0aCA0OC9OIDEvVHlwZS9PYmpTdG0+PnN0cmVhbQ0K4qoDjbF3xl/Nc1e7RNXJ0/ndHZL6qEVJu9hd1OifkNama1uhYt0Bnygb2jOXWLFsDWVuZHN0cmVhbQ1lbmRvYmoNMzQ5IDAgb2JqDTw8L0ZpbHRlci9GbGF0ZURlY29kZS9GaXJzdCAxMi9MZW5ndGggNjQvTiAyL1R5cGUvT2JqU3RtPj5zdHJlYW0NCrciOWU8Mb6MOhJfMC569JaaW5OmjOjcQvR41e14i22JqRsr8sm3tOKXxSxrGAEvVnzNgyhkse49+9FTEpKFwe4NZW5kc3RyZWFtDWVuZG9iag0zNTAgMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0ZpcnN0IDc3L0xlbmd0aCAzODQvTiAxMC9UeXBlL09ialN0bT4+c3RyZWFtDQock7/A6d5fPrjd/9QWgC7UKiqabXvkSxL95QcrCd543DLPkEaZQGYjWgJSYaOufQzNM8kOB5OXQhiyI4zd6MRQxhESSgmMPmyOVd/xowa9YBB3L3CyqETodpKGEsZ2VPaSB5kO2hVFayfD3gCtFR1ygSxNPxaFvKYBeRragnFctbdwHMmiLkAy6y+Q1V9Z1KrgtoxtO/YYS/vpvElOC+8eovjPrqq
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e95e2c-f6c4-4a34-9449-4587950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:22:52.000Z",
"modified": "2016-03-16T13:22:52.000Z",
"first_observed": "2016-03-16T13:22:52Z",
"last_observed": "2016-03-16T13:22:52Z",
"number_observed": 1,
"object_refs": [
"url--56e95e2c-f6c4-4a34-9449-4587950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e95e2c-f6c4-4a34-9449-4587950d210f",
"value": "https://www.proofpoint.com/sites/default/files/proofpoint-operation-transparent-tribe-threat-insight-en.pdf"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--56e95e40-27f0-4a96-a25a-4d7c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:23:12.000Z",
"modified": "2016-03-16T13:23:12.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Proofpoint researchers recently uncovered evidence of an advanced persistent threat (APT) against Indian diplomatic\r\nand military resources. Our investigation began with malicious emails sent to Indian embassies in Saudi Arabia and\r\nKazakstan but turned up connections to watering hole sites focused on Indian military personnel and designed to drop a\r\nremote access Trojan (RAT) with a variety of data exfiltration functions. Our analysis shows that many of the campaigns\r\nand attacks appear related by common IOCs, vectors, payloads, and language, but the exact nature and attribution\r\nassociated with this APT remain under investigation.\r\nAt this time, the background and analysis in this paper provide useful forensics and detail our current thinking on the\r\nmalware that we have dubbed \u00e2\u20ac\u0153MSIL/Crimson\u00e2\u20ac\u009d."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e72-445c-4731-b5b4-4bb0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:02.000Z",
"modified": "2016-03-16T13:24:02.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '032bacaea0d335daec271f228db6bc88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e72-f468-4967-bdfe-418e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:02.000Z",
"modified": "2016-03-16T13:24:02.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '052eb62056794a08a04f4cd61455602c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e73-cb80-4191-8001-43e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:03.000Z",
"modified": "2016-03-16T13:24:03.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '06c18c72f9f136bacc5c9b0d8fa93195']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e73-c1d0-43c8-9732-43e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:03.000Z",
"modified": "2016-03-16T13:24:03.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '0a8d414eb910eb4caeb96a648b70eef3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e73-58ac-4a6d-a40b-4797950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:03.000Z",
"modified": "2016-03-16T13:24:03.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '0b651ef0eb7b919e91a2c5c5dbccd27e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e74-f588-4340-8bdd-4e9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:04.000Z",
"modified": "2016-03-16T13:24:04.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '0ed7f485166796e10bcb9123de24d211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e74-93f4-45c3-9061-4098950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:04.000Z",
"modified": "2016-03-16T13:24:04.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '17dbd878985b78848d4a3a758a3ef89c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e75-d288-4756-8750-4e60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:05.000Z",
"modified": "2016-03-16T13:24:05.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '1af4df1382c04677050379ccdafcafd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e75-8070-41c2-9bdf-4c91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:05.000Z",
"modified": "2016-03-16T13:24:05.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '21fc043b31d22b5c3f5529db83e90422']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e75-f268-4ff8-ae53-472c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:05.000Z",
"modified": "2016-03-16T13:24:05.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '2c9cc5a8569ab7d06bb8f8d7cf7dc03a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e76-5448-4339-a2ff-4366950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:06.000Z",
"modified": "2016-03-16T13:24:06.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '340f31a36e159e58595a375b8b0b37b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e76-c968-49fa-9d65-4f98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:06.000Z",
"modified": "2016-03-16T13:24:06.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '34ad98510d4d6e24b7e38f27a24ad9f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e76-0cac-4e06-869f-4420950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:06.000Z",
"modified": "2016-03-16T13:24:06.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '3a67ebcab5dc3563dc161fdc3c7fb161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e77-5554-42ba-b0f2-491b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:07.000Z",
"modified": "2016-03-16T13:24:07.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '3b08095786731c522f5649081f8dbb7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e77-6ff8-4bd0-9a66-4270950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:07.000Z",
"modified": "2016-03-16T13:24:07.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '3cc848432e0ebe25e4f19effdd92d9c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e77-63bc-4722-b021-4cea950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:07.000Z",
"modified": "2016-03-16T13:24:07.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '41a0e4f9745e4bd5ad7b9d500deb76fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e78-0b08-46bb-874b-466e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:08.000Z",
"modified": "2016-03-16T13:24:08.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '428371be27fc057baac3ea81a8643435']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e78-2a5c-4dbc-bb2c-478b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:08.000Z",
"modified": "2016-03-16T13:24:08.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '535888163707b60c1a8dfefffad70635']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e78-8e0c-4b6f-aab9-4641950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:08.000Z",
"modified": "2016-03-16T13:24:08.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '53c10ac66763739b95ac7192a9f489ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e79-0d94-4b4f-a883-40cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:09.000Z",
"modified": "2016-03-16T13:24:09.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '5b6beb9ee6e604f4e474b8129e6135f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e79-ecb4-4d60-837a-4ab0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:09.000Z",
"modified": "2016-03-16T13:24:09.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '5c6b401979469040b39babb0469fc0c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e79-2e04-4ac3-a807-4ac8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:09.000Z",
"modified": "2016-03-16T13:24:09.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '5d038817ffeab7715415d68d438af345']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7a-90ac-41e6-ab04-4907950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:10.000Z",
"modified": "2016-03-16T13:24:10.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '5ff65fdefe144800e43a2f6cc6244c75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7a-1a40-456b-b8ee-4dc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:10.000Z",
"modified": "2016-03-16T13:24:10.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '6c3b38bf90a203b2f7542d0359b8e60e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7a-4808-440d-b782-4506950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:10.000Z",
"modified": "2016-03-16T13:24:10.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '6d2442494c3019f1597256cbeb45e5f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7b-af3c-42a1-91a1-4119950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:11.000Z",
"modified": "2016-03-16T13:24:11.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '6eb40b2e6a67a785d5cc6e4ad9102b5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7b-16d4-47e1-8929-47bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:11.000Z",
"modified": "2016-03-16T13:24:11.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '7289c160582f010a3c7dbd512c5d8a09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7c-37dc-4700-99cc-40b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:11.000Z",
"modified": "2016-03-16T13:24:11.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '75b390dc72751a062e8106328450ef87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7c-eb3c-4e8a-acb4-404a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:12.000Z",
"modified": "2016-03-16T13:24:12.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '796ae0b75c0e0b08ea84668495df4070']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7c-cc14-47d0-86ee-44a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:12.000Z",
"modified": "2016-03-16T13:24:12.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '7a6b88e43cccc8133c066b87f72c53f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7d-3100-48c3-9494-4ded950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:13.000Z",
"modified": "2016-03-16T13:24:13.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '803d2758c3b89882e2d41867768d7b15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7d-7ee4-49df-89ef-4bc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:13.000Z",
"modified": "2016-03-16T13:24:13.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '83a8ce707e625e977d54408ca747fa29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7d-3b64-4db5-a734-4915950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:13.000Z",
"modified": "2016-03-16T13:24:13.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '85e2c950ddb18fe1dd18709cfbb9b203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7e-0edc-4cc3-b1e0-4ac9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:14.000Z",
"modified": "2016-03-16T13:24:14.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '94770186027a0ccdf733b72894a0c7d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7e-1908-4c90-878e-4cf5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:14.000Z",
"modified": "2016-03-16T13:24:14.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '9d4504cdb7b02b9c9fffefcf9b79101d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7e-4454-4cc6-8a95-458a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:14.000Z",
"modified": "2016-03-16T13:24:14.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'ac637313520ca159a02d674474d341ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7f-e79c-439b-b314-4fa0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:15.000Z",
"modified": "2016-03-16T13:24:15.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'b67411da3ddfcae9f2a20935619e5c4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7f-9ba0-4bad-9374-4c2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:15.000Z",
"modified": "2016-03-16T13:24:15.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'b8098acf09d121ab298351f0c804ef8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e7f-373c-418e-9605-40d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:15.000Z",
"modified": "2016-03-16T13:24:15.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'bf1400105c97a28fefd33d8c0df5d4c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e80-ca4c-4f85-9ddb-4bb5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:16.000Z",
"modified": "2016-03-16T13:24:16.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'c61061a40dba411b839fe631299c267a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e80-0414-42de-8d60-4513950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:16.000Z",
"modified": "2016-03-16T13:24:16.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'ca27cefe404821ccd8dc695da55102e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e80-2e7c-4984-930e-4244950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:16.000Z",
"modified": "2016-03-16T13:24:16.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'cdc6bb98a2629338d49587d186562fd3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e81-1f94-4c81-a56a-4941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:17.000Z",
"modified": "2016-03-16T13:24:17.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'dac4f8ba3190cfa1f813e79864a73fe1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e81-3a00-4349-8b6f-4e62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:17.000Z",
"modified": "2016-03-16T13:24:17.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'df6b3946d1064f37d1b99f7bfae51203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e81-68f4-4cb9-91ff-447f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:17.000Z",
"modified": "2016-03-16T13:24:17.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'e3254ad0275370f92cffeacbf603a905']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e82-682c-47df-a7a7-4aa2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:18.000Z",
"modified": "2016-03-16T13:24:18.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'e456d6035e41962a4e49345b00393dcd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e82-134c-49fd-8962-41d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:18.000Z",
"modified": "2016-03-16T13:24:18.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'edccbc7f880233de987ba4e917877df2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e82-6680-4d8e-8860-4623950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:18.000Z",
"modified": "2016-03-16T13:24:18.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'eee91d8de7ea7c0ac3372f65c43e916a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e96-ba40-40cc-8c27-430b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:38.000Z",
"modified": "2016-03-16T13:24:38.000Z",
"description": "Crimson Downloader Droppers",
"pattern": "[file:hashes.MD5 = '9e0fef5552100a7e0a2d044b63736fb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95e96-072c-424a-8c86-4485950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:24:38.000Z",
"modified": "2016-03-16T13:24:38.000Z",
"description": "Crimson Downloader Droppers",
"pattern": "[file:hashes.MD5 = '7470757050f584101a851d7ba105db31']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:24:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eaf-c168-4907-9c35-4cd0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:03.000Z",
"modified": "2016-03-16T13:25:03.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '07defabf004c891ae836de91260e6c82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eaf-23a8-463d-ab54-4c50950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:03.000Z",
"modified": "2016-03-16T13:25:03.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '0ad849121b4656a239e85379948e5f5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eaf-b24c-4449-b2f7-414a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:03.000Z",
"modified": "2016-03-16T13:25:03.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '1911c1234cc2918273baeffd7d37392e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb0-f794-4b7a-ac1e-46f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:04.000Z",
"modified": "2016-03-16T13:25:04.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '2d6d0dbd8ac7c941d78ba14289a7ab9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb0-e648-4690-867c-4b48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:04.000Z",
"modified": "2016-03-16T13:25:04.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '43b39b40605afb9d2624f1cede6b48a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb0-8c9c-482d-b7cb-484b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:04.000Z",
"modified": "2016-03-16T13:25:04.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '65f6143d69cb1246a117a704e9f07fdc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb1-b2dc-4f18-b0c2-4dad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:05.000Z",
"modified": "2016-03-16T13:25:05.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '723d85f905588f092edf8691c1095fdb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb1-b670-48c8-b4da-4d3b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:05.000Z",
"modified": "2016-03-16T13:25:05.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '765f0556ed4db467291d48e7d3c24b3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb1-ca7c-47cb-aede-41df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:05.000Z",
"modified": "2016-03-16T13:25:05.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '9b3cb979b1397a4a13ea62dbf46510d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb2-4fd4-40ff-aa3d-4f06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:06.000Z",
"modified": "2016-03-16T13:25:06.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '9fcc3e18b9c0bd7380325f24a4623439']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb2-2db8-4d09-95e6-49a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:06.000Z",
"modified": "2016-03-16T13:25:06.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'b4080cda4fb1b27c727d546c8529909c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb2-5220-4bbe-b569-4fa7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:06.000Z",
"modified": "2016-03-16T13:25:06.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'ca77af41cbd8c2fd44085d0d61bac64b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eb2-6c94-4964-9590-4665950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:06.000Z",
"modified": "2016-03-16T13:25:06.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'df6be8accc487bf63260aacf5e582fe2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed3-dfb8-4fef-8617-4746950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:39.000Z",
"modified": "2016-03-16T13:25:39.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '073889fe855f401c3c4cc548bc08c502']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed4-b6f4-4ab7-9d2e-4bcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:40.000Z",
"modified": "2016-03-16T13:25:40.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '0964887f6f709f9c3f11701412acb9c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed4-3c60-419a-a26f-44ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:40.000Z",
"modified": "2016-03-16T13:25:40.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '14be26aa207cff81ff814c8a7a8e2f03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed4-d294-4c54-9bd0-4b22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:40.000Z",
"modified": "2016-03-16T13:25:40.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '19b9f62f29f3689b1db4c56deed7e162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed5-46e4-4ffc-beda-4d2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:41.000Z",
"modified": "2016-03-16T13:25:41.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '1a1426a94e37e5f3c14cd2b6740e27e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed5-e790-4702-9ead-4994950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:41.000Z",
"modified": "2016-03-16T13:25:41.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '3ff165ee68d1bc03ae7d4d3baf99b963']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed5-35d0-4e22-890e-4936950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:41.000Z",
"modified": "2016-03-16T13:25:41.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '4297041e3a701ed8c01e40d6c54264a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed5-03e8-4c6c-8635-45c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:41.000Z",
"modified": "2016-03-16T13:25:41.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '43f47d2045ca98265fd4bd4011a04932']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed6-4ec8-42f0-861e-4266950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:42.000Z",
"modified": "2016-03-16T13:25:42.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '463565ec38e4d790a89eb592435820e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed6-2204-4b73-9c27-4d86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:42.000Z",
"modified": "2016-03-16T13:25:42.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '5371d2984cbd1ae8283f9ae9eeee718d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed6-9130-4bcf-a34b-4628950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:42.000Z",
"modified": "2016-03-16T13:25:42.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '53a60acc6a09a7fa2eebf4eb88c81af5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed6-678c-45e2-80ef-43fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:42.000Z",
"modified": "2016-03-16T13:25:42.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '59e0fc469d1af7532507c19b47f19960']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed7-a674-4d12-b8d9-48f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:43.000Z",
"modified": "2016-03-16T13:25:43.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '6746c430f978d0bc9bbecff87c651fa2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed7-c288-4ee9-80dc-4047950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:43.000Z",
"modified": "2016-03-16T13:25:43.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '71b4bbddf46e1990210742a406c490bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed7-c800-4f64-a510-4b26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:43.000Z",
"modified": "2016-03-16T13:25:43.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '7e42de66eee8d280a3ba49d5b979c737']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed8-a78c-4891-9f22-406f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:44.000Z",
"modified": "2016-03-16T13:25:44.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '811eb99fb1aca98052db4b78c288889c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed8-9d70-4fbf-b25d-4e03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:44.000Z",
"modified": "2016-03-16T13:25:44.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '819715180810caaaa969c816eb2b7491']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed8-4190-4864-af42-4f20950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:44.000Z",
"modified": "2016-03-16T13:25:44.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '8317bb3d192c4495507a5945f27705af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed8-3bc8-4538-a8f8-472e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:44.000Z",
"modified": "2016-03-16T13:25:44.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '8c713cffdc599930a9236c2d0d0ee91a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed9-45cc-44e6-b675-4e68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:45.000Z",
"modified": "2016-03-16T13:25:45.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '92f78a182faf26550d6fab2d9ec0692d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed9-9764-453f-9c44-42fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:45.000Z",
"modified": "2016-03-16T13:25:45.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '943f35200dce22766d0c2906d25be187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95ed9-8790-4c2f-b235-4ff3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:45.000Z",
"modified": "2016-03-16T13:25:45.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '94d29dded4dfd920fc4153f18e82fc6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eda-daf0-4d59-b130-47f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:46.000Z",
"modified": "2016-03-16T13:25:46.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '9fd2838421b28674783b03eb46f4320f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eda-5000-41e3-960c-427e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:46.000Z",
"modified": "2016-03-16T13:25:46.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'a3aa3a12d81c9862b18f83a77d7215ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eda-5620-4a9b-ab17-46d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:46.000Z",
"modified": "2016-03-16T13:25:46.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'bcbac2241977c976aec01592fb514aa4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95eda-3910-41eb-86de-4317950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:46.000Z",
"modified": "2016-03-16T13:25:46.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'c2bc8bc9ff7a34f14403222e58963507']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95edb-f5a0-44b9-b24c-46b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:47.000Z",
"modified": "2016-03-16T13:25:47.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'cb0768c89e83f2328952ba51e4d4b7f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95edb-593c-46a1-88b8-481f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:47.000Z",
"modified": "2016-03-16T13:25:47.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'd53de7c980eb34f9369e342d5d235c9b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95edb-2b78-4858-ada9-44e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:47.000Z",
"modified": "2016-03-16T13:25:47.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'e7803020e9697d77f165babecf20ea82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95edc-3cec-4fc8-bbf0-4a25950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:48.000Z",
"modified": "2016-03-16T13:25:48.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'eaee83a376914616924eab9b4b96b050']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95edc-e8a4-410a-8a87-4648950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:48.000Z",
"modified": "2016-03-16T13:25:48.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'ed1daf18ef09fb2a5c58ab89824ecab0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95edc-5708-40ba-bb13-49c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:48.000Z",
"modified": "2016-03-16T13:25:48.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'f078b5aeaf73831361ecd96a069c9f50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95edc-784c-4325-aa7a-4464950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:25:48.000Z",
"modified": "2016-03-16T13:25:48.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'fe955b4bbe3b6aa2a1d8ebf6ee7c5c42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:25:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fac-8380-4a33-8817-46e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:16.000Z",
"modified": "2016-03-16T13:29:16.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.143.225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fac-89e4-473b-96d4-4fa5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:16.000Z",
"modified": "2016-03-16T13:29:16.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.167.65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fad-ae98-4cd2-b1e2-4ea0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:17.000Z",
"modified": "2016-03-16T13:29:17.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.241.221.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fad-1308-46ec-9130-4dbe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:17.000Z",
"modified": "2016-03-16T13:29:17.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.104.213.217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fad-73b4-499e-9e50-4ebf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:17.000Z",
"modified": "2016-03-16T13:29:17.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.37.152.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fae-aff4-46ee-99d8-4d89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:18.000Z",
"modified": "2016-03-16T13:29:18.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.136.87.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fc8-f4ec-4b0b-82f5-484e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:44.000Z",
"modified": "2016-03-16T13:29:44.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '010a50145563a6c554de12b8770f16f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fc8-0690-445d-bb64-4597950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:44.000Z",
"modified": "2016-03-16T13:29:44.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '010aa8d6e6f5346118546b1e4e414cb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fc9-c8b8-45b4-a776-4c8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:45.000Z",
"modified": "2016-03-16T13:29:45.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '131b4ed3df80e2f794a3e353e2c7f8fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fc9-9a14-44cf-abfe-49c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:45.000Z",
"modified": "2016-03-16T13:29:45.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '17d22686bfc825d9369a0751c4cc6a22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fc9-acbc-4bb4-9111-4130950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:45.000Z",
"modified": "2016-03-16T13:29:45.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '1d49dc6af6803d9ffc59a859315b2ac4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fca-337c-4550-b272-4088950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:46.000Z",
"modified": "2016-03-16T13:29:46.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '22192141d2010fe9fed871d05573dda4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fca-313c-4288-ad91-4f21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:46.000Z",
"modified": "2016-03-16T13:29:46.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '23ec916b3eae3f88853bde8081be870f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fca-61d0-4d60-bd74-4e50950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:46.000Z",
"modified": "2016-03-16T13:29:46.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '2463d1ff1166e845e52a0c580fd3cb7d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcb-c79c-4e1a-9e95-40a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:47.000Z",
"modified": "2016-03-16T13:29:47.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '2cff1578ac42cc0cd5f59e28d6e7240f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcb-9e20-404c-a261-47fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:47.000Z",
"modified": "2016-03-16T13:29:47.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '31a9e46ff607b842b8fff4a0644cc0f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcb-b4ec-408a-8a2c-4351950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:47.000Z",
"modified": "2016-03-16T13:29:47.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '3540f2771b2661ecbd03933c227fb7f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcc-a0ac-48e8-9e2e-482b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:48.000Z",
"modified": "2016-03-16T13:29:48.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '3b979fd0a8fa0ecbc334a3bbbfb68a36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcc-9a0c-44a4-a895-4d1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:48.000Z",
"modified": "2016-03-16T13:29:48.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '4a717b657ea475197d967008c7db8353']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcc-5088-4c4e-a52f-422d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:48.000Z",
"modified": "2016-03-16T13:29:48.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '511bcd411ec79c6ca555670e98709e46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcd-f928-44c5-949f-498c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:49.000Z",
"modified": "2016-03-16T13:29:49.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '5998641f454f82b738977aa8b3d1d283']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcd-cc38-41a9-8f78-4b1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:49.000Z",
"modified": "2016-03-16T13:29:49.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '725379749d3fa793edcce12291782134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcd-29bc-4686-8d83-4bce950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:49.000Z",
"modified": "2016-03-16T13:29:49.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '77c7c0117a0e457d7e3ceef4ab82c2ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fce-59cc-4984-97ed-4711950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:50.000Z",
"modified": "2016-03-16T13:29:50.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '7920862303764a55050d2da38b8bf4db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fce-a76c-423e-8d64-4da5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:50.000Z",
"modified": "2016-03-16T13:29:50.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '858a729819cc082f2762b6d488284c19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fce-5980-46d4-91a7-478c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:50.000Z",
"modified": "2016-03-16T13:29:50.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = '86e27e86e64031720a1ca52d2fbb7c98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcf-ff64-4e3f-bf8e-41f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:51.000Z",
"modified": "2016-03-16T13:29:51.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'af5e96e260b71356d62900551f68f338']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcf-9348-4ffd-a7b5-4f9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:51.000Z",
"modified": "2016-03-16T13:29:51.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'b04117ee18182c1c07ffaf6fb35b08bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fcf-bd50-4a80-975f-4615950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:51.000Z",
"modified": "2016-03-16T13:29:51.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'c33c79c437d94fad3476f78361df0f24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fd0-f840-491c-bbb3-4ee0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:52.000Z",
"modified": "2016-03-16T13:29:52.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'c9e4c816b4ef23c28992e0e894b9c822']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fd0-c214-430c-9ac9-4d5e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:52.000Z",
"modified": "2016-03-16T13:29:52.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'ee5a460ded205d2074a23e387c377840']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fd0-2c8c-4b09-ae1a-4bd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:52.000Z",
"modified": "2016-03-16T13:29:52.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'f13a1a0cbcd5e13dd00dbc77c35973ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fd1-dbb8-4f3d-a554-47a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:53.000Z",
"modified": "2016-03-16T13:29:53.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'f6d141f45e76cefcb712f69c193b3ac1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fd1-4120-419c-807e-44bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:53.000Z",
"modified": "2016-03-16T13:29:53.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'f8955450fbd62cb4461c725d8985ff60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fd1-99c4-470f-b79b-4b71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:53.000Z",
"modified": "2016-03-16T13:29:53.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'fa97cba6a52896e1f2146957a6eec04f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e95fd1-1474-474c-8987-4453950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:29:53.000Z",
"modified": "2016-03-16T13:29:53.000Z",
"description": "Peppy RAT Samples",
"pattern": "[file:hashes.MD5 = 'fab5eff5fc65a7a2c5920586df5e29c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:29:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9603d-cac0-43ff-8b16-4a1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:41.000Z",
"modified": "2016-03-16T13:31:41.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'applemedia1218.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9603e-df68-4f0c-b197-4c29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:42.000Z",
"modified": "2016-03-16T13:31:42.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'avssync3357.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9603e-e3ec-4ccf-b501-4d17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:42.000Z",
"modified": "2016-03-16T13:31:42.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'bbmdroid.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9603e-f024-46c1-8894-494a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:42.000Z",
"modified": "2016-03-16T13:31:42.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'bbmsync2727.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9603f-a21c-4351-947f-45bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:43.000Z",
"modified": "2016-03-16T13:31:43.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'bluesync2121.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9603f-eeac-4d78-874b-41e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:43.000Z",
"modified": "2016-03-16T13:31:43.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'eastmedia1221.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9603f-1afc-400d-ac1c-4220950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:43.000Z",
"modified": "2016-03-16T13:31:43.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'eastmedia3347.co.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96040-0ee0-4354-a91d-4d3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:44.000Z",
"modified": "2016-03-16T13:31:44.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'eastmedia3347.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96040-6e70-462e-9e06-49ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:44.000Z",
"modified": "2016-03-16T13:31:44.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'facemedia.co.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96040-de8c-4364-b7c4-469b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:44.000Z",
"modified": "2016-03-16T13:31:44.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'kssync3343.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96041-1abc-4e00-b0a2-4644950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:45.000Z",
"modified": "2016-03-16T13:31:45.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'kssync3347.co.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96041-c788-4a96-ae5c-498a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:45.000Z",
"modified": "2016-03-16T13:31:45.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'kssync3347.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96041-dfc0-40cf-8984-4e98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:45.000Z",
"modified": "2016-03-16T13:31:45.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'mahee.kssync3343.co.cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96042-7894-4d60-96fa-4419950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:31:46.000Z",
"modified": "2016-03-16T13:31:46.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'mvssync8767.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:31:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96060-42f0-4f55-8c79-468e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:16.000Z",
"modified": "2016-03-16T13:32:16.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'student3347.mooo.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96061-1e88-4e23-9d04-45e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:17.000Z",
"modified": "2016-03-16T13:32:17.000Z",
"description": "Peppy RAT Domains",
"pattern": "[domain-name:value = 'winupdater2112.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607b-3ad8-423d-be10-45e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:43.000Z",
"modified": "2016-03-16T13:32:43.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '0123411a6cfe8afb4a45e4afeed767e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607b-0300-42f2-bc52-4910950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:43.000Z",
"modified": "2016-03-16T13:32:43.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '114551a87fa332a243fc05b7246309b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607b-ae50-4ace-8acc-4ca5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:43.000Z",
"modified": "2016-03-16T13:32:43.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '128c0ccc1252098bc2314d88f4e70044']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607b-3ccc-460f-b9fe-4085950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:43.000Z",
"modified": "2016-03-16T13:32:43.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '133e0c441ea744951080d700604a63ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607c-7f38-4f60-a5ad-45dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:44.000Z",
"modified": "2016-03-16T13:32:44.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '1f97ddaea7ac0c4e20b2db75969b4545']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607c-91b4-4847-8412-4d8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:44.000Z",
"modified": "2016-03-16T13:32:44.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '4b0481a591c87e8542e2089396a10d3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607c-d448-497c-a5cc-4127950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:44.000Z",
"modified": "2016-03-16T13:32:44.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '7ec3ec88185f9c235e2d3da7434b928a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607d-1374-4ed2-b48e-4849950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:45.000Z",
"modified": "2016-03-16T13:32:45.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '878aa68245675ca5ea677aaf28707b7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607d-7404-4415-910d-4f92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:45.000Z",
"modified": "2016-03-16T13:32:45.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = '990c3b67061109d82627a5642bf1bb68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607d-4c60-4be1-81c9-4a22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:45.000Z",
"modified": "2016-03-16T13:32:45.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'a4ce604f8d3ac2e5facdae3c63ef4dc6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607e-f7d4-4941-8039-46f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:46.000Z",
"modified": "2016-03-16T13:32:46.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'a6d75b57bd597e723335f96f074f5700']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607e-b21c-4d17-ac94-4e5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:46.000Z",
"modified": "2016-03-16T13:32:46.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'a6ef041311497bcddb8818b5a4f6c90e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607e-4708-4682-bdfa-4740950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:46.000Z",
"modified": "2016-03-16T13:32:46.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'ae2ef98a91c70dc43979ce7df8e475ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607e-9cfc-4452-a353-4615950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:46.000Z",
"modified": "2016-03-16T13:32:46.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'aec91b4453a1b321e302127bc9f21a7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607f-e420-4e78-a847-4689950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:47.000Z",
"modified": "2016-03-16T13:32:47.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'f0e64d2b011223ece668c595406f1abc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607f-fb38-4112-8487-48b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:47.000Z",
"modified": "2016-03-16T13:32:47.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'f4123e7f09961479452f0f42b3706293']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9607f-5608-4fcf-bb7c-4058950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:32:47.000Z",
"modified": "2016-03-16T13:32:47.000Z",
"description": "Andromeda Samples",
"pattern": "[file:hashes.MD5 = 'fb2cb45bf53cef41674da2d9a4bdba32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:32:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9608e-ded4-45df-824b-4995950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:02.000Z",
"modified": "2016-03-16T13:33:02.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = 'dvdonlinestore.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9608e-fca0-4e53-9e4a-4158950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:02.000Z",
"modified": "2016-03-16T13:33:02.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = 'eastmedia2112.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9608f-1c1c-47c5-a252-4bf7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:03.000Z",
"modified": "2016-03-16T13:33:03.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = 'mustache-styles.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96090-cb54-490d-8f32-4245950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:04.000Z",
"modified": "2016-03-16T13:33:04.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = 'onlinestoreonsale.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96090-45c4-4fc8-9b81-4eae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:04.000Z",
"modified": "2016-03-16T13:33:04.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = 'pradahandbagsshoes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96091-caa0-46a5-a5f7-4094950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:05.000Z",
"modified": "2016-03-16T13:33:05.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = 'vhideip.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96091-337c-42ad-986b-402d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:05.000Z",
"modified": "2016-03-16T13:33:05.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = 'wisheshub.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96091-e46c-40ce-aba3-4b41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:05.000Z",
"modified": "2016-03-16T13:33:05.000Z",
"description": "Andromeda Domains",
"pattern": "[domain-name:value = '99mesotheliomalawyers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b3-f588-49e0-ac97-491d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:39.000Z",
"modified": "2016-03-16T13:33:39.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '2ba1e2a63129517055ab3a63cb089e33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b3-3228-4d44-9d9f-4c00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:39.000Z",
"modified": "2016-03-16T13:33:39.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '4131776ae573bdb25009a343cf1541f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b4-5b7c-4b2c-94f5-4653950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:40.000Z",
"modified": "2016-03-16T13:33:40.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '44fe2f4dd8b001bbcc4de737128095ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b4-fda0-4eff-9483-4f6c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:40.000Z",
"modified": "2016-03-16T13:33:40.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '63ee06dae035981c5aea04f5a52879c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b4-125c-4d79-9145-4559950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:40.000Z",
"modified": "2016-03-16T13:33:40.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '643e30e665124eea94a22641f79a9c91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b5-c1bc-4bed-94f3-4593950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:41.000Z",
"modified": "2016-03-16T13:33:41.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '67bad4ad3d9a06fc20bea8c3ebb7ad01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b5-33b8-4388-927d-4973950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:41.000Z",
"modified": "2016-03-16T13:33:41.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '7e97efc85be451432388b9f1ce623400']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b5-98bc-44a1-b850-4a87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:41.000Z",
"modified": "2016-03-16T13:33:41.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = '861f621fdf2d3e760df50009fe2824ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b6-a788-41c0-8cb7-4451950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:42.000Z",
"modified": "2016-03-16T13:33:42.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = 'a957e3a7aed4efd1b214d3c3b79f5874']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b6-7bf4-4d4c-93d8-47da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:42.000Z",
"modified": "2016-03-16T13:33:42.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = 'c16b43a5897861fbe023e4b7d340f2e8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b6-7db0-4056-b3ff-407a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:42.000Z",
"modified": "2016-03-16T13:33:42.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = 'dbd5c44e6c189f289e0eea1454897b26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960b7-5e90-4000-afac-4d5c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:33:43.000Z",
"modified": "2016-03-16T13:33:43.000Z",
"description": "Various Downloader Samples",
"pattern": "[file:hashes.MD5 = 'e26150f5186bb7230d85f4cf3aa45d17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:33:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960da-b2e0-4276-b54e-4e95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:34:18.000Z",
"modified": "2016-03-16T13:34:18.000Z",
"description": "Python Downloader Sample",
"pattern": "[file:hashes.MD5 = '82719f0f6237d3efb9dd67d95f842013']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:34:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960f5-ff6c-4a99-bf39-4c8e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:34:45.000Z",
"modified": "2016-03-16T13:34:45.000Z",
"description": "Meterpreter Samples",
"pattern": "[file:hashes.MD5 = '04e8404f1173037ba4e11241b141d91d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:34:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960f6-b430-4cec-a4a7-4845950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:34:46.000Z",
"modified": "2016-03-16T13:34:46.000Z",
"description": "Meterpreter Samples",
"pattern": "[file:hashes.MD5 = 'c411ee81c34e14a1ace7e72bea2e8d12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e960f6-9458-4f83-9de5-4336950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:34:46.000Z",
"modified": "2016-03-16T13:34:46.000Z",
"description": "Meterpreter Samples",
"pattern": "[file:hashes.MD5 = 'd30c6df94922323041f8036365abbfd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9610f-f838-4a4f-ba6b-4217950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:35:11.000Z",
"modified": "2016-03-16T13:35:11.000Z",
"description": "Meterpreter C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.199.170.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:35:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96120-6e3c-4e74-9ed7-4147950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:35:28.000Z",
"modified": "2016-03-16T13:35:28.000Z",
"description": "njRAT Sample",
"pattern": "[file:hashes.MD5 = '27ca136850214234bcdca765dfaed79f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:35:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96130-41cc-41aa-a259-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:35:44.000Z",
"modified": "2016-03-16T13:35:44.000Z",
"description": "njRAT C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.145.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:35:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96147-837c-4cb6-a847-4247950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:07.000Z",
"modified": "2016-03-16T13:36:07.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '0197ff119e1724a1ffbf33df14411001']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96147-db2c-49e8-a559-4515950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:07.000Z",
"modified": "2016-03-16T13:36:07.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '18711f1db99f6a6f73f8ab64f563accc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96147-0d40-419a-9bda-4beb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:07.000Z",
"modified": "2016-03-16T13:36:07.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '1f82e509371c1c29b40b865ba77d091a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96147-a954-49a0-a0f6-450d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:07.000Z",
"modified": "2016-03-16T13:36:07.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '278fd26be39a06d5e19c5e7fd7d3dcc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96148-d9e4-4340-8346-46b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:08.000Z",
"modified": "2016-03-16T13:36:08.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '3966f669a6af4278869b9cce0f2d9279']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96148-29ac-4275-ae21-49de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:08.000Z",
"modified": "2016-03-16T13:36:08.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '438031b9d79a17b776b7397e989dd073']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96148-f2e4-4614-85dd-46bf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:08.000Z",
"modified": "2016-03-16T13:36:08.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '68773f362d5ab4897d4ca217a9f53975']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96149-bfa4-4c5c-b899-48cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:09.000Z",
"modified": "2016-03-16T13:36:09.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '76f410c27d97e6c0403df274bebd5f6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96149-bbb4-42fe-927b-4b37950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:09.000Z",
"modified": "2016-03-16T13:36:09.000Z",
"description": "Malicious Documents",
"pattern": "[file:hashes.MD5 = '98bdcd97cd536ff6bcb2d39d9a097319']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9615d-02fc-40b4-880e-41b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:29.000Z",
"modified": "2016-03-16T13:36:29.000Z",
"description": "Unknown, likely related",
"pattern": "[file:hashes.MD5 = '0437655995f4d3104989fb963aa41339']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9615e-6688-47bf-adc4-486c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:30.000Z",
"modified": "2016-03-16T13:36:30.000Z",
"description": "Unknown, likely related",
"pattern": "[file:hashes.MD5 = 'c0ff05a6bf05465adfc9a1dfd5305bde']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96172-4dcc-4545-b8d8-4319950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:36:50.000Z",
"modified": "2016-03-16T13:36:50.000Z",
"description": "Unknown C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.137.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:36:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e961c5-41a4-4c9a-b51f-4e62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:38:13.000Z",
"modified": "2016-03-16T13:38:13.000Z",
"description": "Luminosity Link Sample",
"pattern": "[file:hashes.MD5 = '708a1af68d532df35c34f7088b8e798f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:38:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9621e-65a8-4fc4-acf5-45cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:39:42.000Z",
"modified": "2016-03-16T13:39:42.000Z",
"description": "Bezigate Samples",
"pattern": "[file:hashes.MD5 = '236e7451cbce959ca0f62fb3b499b54e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:39:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9621e-7bd0-4d9e-8128-4c9c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:39:42.000Z",
"modified": "2016-03-16T13:39:42.000Z",
"description": "Bezigate Samples",
"pattern": "[file:hashes.MD5 = '44db769fb1f29a32d5c1998e29b4b7c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:39:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9621f-1a94-49cc-803e-40b5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:39:43.000Z",
"modified": "2016-03-16T13:39:43.000Z",
"description": "Bezigate Samples",
"pattern": "[file:hashes.MD5 = '85d182f7a0e049169a7bd0aa796fba96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:39:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9621f-f49c-4c8d-bda1-4b06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:39:43.000Z",
"modified": "2016-03-16T13:39:43.000Z",
"description": "Bezigate Samples",
"pattern": "[file:hashes.MD5 = '96dbed32a59b50e6100f1ca35ef5a698']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:39:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9621f-2470-47be-8d6c-4314950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:39:43.000Z",
"modified": "2016-03-16T13:39:43.000Z",
"description": "Bezigate Samples",
"pattern": "[file:hashes.MD5 = 'e49edc719eaab11a40158c15c9dd9b7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:39:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9625c-c090-4d6f-abd8-44f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:40:44.000Z",
"modified": "2016-03-16T13:40:44.000Z",
"description": "Bezigate C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.167.93.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:40:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9625c-27b8-4320-8f1d-434c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:40:44.000Z",
"modified": "2016-03-16T13:40:44.000Z",
"description": "Bezigate C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.4.23.46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:40:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96272-1798-4a12-94a5-40ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:41:06.000Z",
"modified": "2016-03-16T13:41:06.000Z",
"description": "Bezigate C&C",
"pattern": "[domain-name:value = 'ad2.admart.tv']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:41:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96272-a6cc-45c9-8da7-4079950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:41:06.000Z",
"modified": "2016-03-16T13:41:06.000Z",
"description": "Bezigate C&C",
"pattern": "[domain-name:value = 'winupdatess.no-ip.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:41:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962c0-da04-466b-aa61-5f29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:42:24.000Z",
"modified": "2016-03-16T13:42:24.000Z",
"description": "DarkComet Samples",
"pattern": "[file:hashes.MD5 = '0aecd3b79d72cbfa8f5dce2a12e76053']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:42:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962c0-14d0-40a7-a7b4-5f29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:42:24.000Z",
"modified": "2016-03-16T13:42:24.000Z",
"description": "DarkComet Samples",
"pattern": "[file:hashes.MD5 = '278f889f494d62e214406c4fcfa6f9a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:42:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962c0-44c0-4293-a39d-5f29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:42:24.000Z",
"modified": "2016-03-16T13:42:24.000Z",
"description": "DarkComet Samples",
"pattern": "[file:hashes.MD5 = 'fd5a419924a0816c6357b47f4e375732']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:42:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f7-fcf8-4f1a-b77b-4e16950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:19.000Z",
"modified": "2016-03-16T13:43:19.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://intribune.blogspot.com/2015/11/4-sikh-army-officers-being-trialed-in.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f7-0884-4ca4-8a4a-4160950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:19.000Z",
"modified": "2016-03-16T13:43:19.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://intribune.blogspot.com/2015/11/seventh-pay-commission-recommends.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f7-3320-46a9-a6c8-47b6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:19.000Z",
"modified": "2016-03-16T13:43:19.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://bbmsync2727.com/cu/seventh\\\\%20pay\\\\%20commission\\\\%20salary\\\\%20calculator.xls']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f8-9c94-4be7-9fda-449e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:20.000Z",
"modified": "2016-03-16T13:43:20.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://intribune.blogspot.com/2015/11/army-air-defenceengineers-and-signal-to.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f8-fce8-40d6-99e8-4e60950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:20.000Z",
"modified": "2016-03-16T13:43:20.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://intribune.blogspot.com/2015/09/sc-seeks-army-response-on-batch-parity.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f8-a580-49c5-8790-4974950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:20.000Z",
"modified": "2016-03-16T13:43:20.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://intribune.blogspot.com/2015/05/seniors-juniors-and-coursemates-please.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f8-47a8-4e78-baae-41c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:20.000Z",
"modified": "2016-03-16T13:43:20.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://intribune.blogspot.com/2015/07/awho-defence-and-para-military-forces.html']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f9-0ac0-4bb8-b7c2-403f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:21.000Z",
"modified": "2016-03-16T13:43:21.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://ceengrmes.attachment.biz/?att=1450603943']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f9-83e0-4785-ada1-4f01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:21.000Z",
"modified": "2016-03-16T13:43:21.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://comdtoscc.attachment.biz/?att=1451926252']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f9-74ac-4d33-bea5-45dd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:21.000Z",
"modified": "2016-03-16T13:43:21.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://comdtoscc.attachment.biz/?att=1453788170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962f9-4478-4111-9c0c-4c1c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:21.000Z",
"modified": "2016-03-16T13:43:21.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://fileshare.attachment.biz/?att=1455255900']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e962fa-3a18-4ab7-9cee-47eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:22.000Z",
"modified": "2016-03-16T13:43:22.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'http://fileshare.attachment.biz/?att=1455264091']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96311-8db0-47ed-9b9a-4c82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:45.000Z",
"modified": "2016-03-16T13:43:45.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'ccfd8c384558c5a1e09350941faa08ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96312-6798-4b91-921d-42e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:46.000Z",
"modified": "2016-03-16T13:43:46.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '167d632eea9bd1b6cac00a69b431a5c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96312-8a78-4dce-b0b0-4d8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:46.000Z",
"modified": "2016-03-16T13:43:46.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'e3e4ced9b000aa47a449f186c7604ac8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96312-e31c-44ab-af95-4ab7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:46.000Z",
"modified": "2016-03-16T13:43:46.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '79f7e1d6389c73a7e2525d0ec8fa3ce2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96313-6f08-4980-96df-41ab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:47.000Z",
"modified": "2016-03-16T13:43:47.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '0a7a15180053270e25a220a3e38e7949']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96313-2628-49df-a12f-4119950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:47.000Z",
"modified": "2016-03-16T13:43:47.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '17495ce3d11e9cddf5a98ec34ee91d6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96313-1d64-4d66-b9cb-4f41950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:47.000Z",
"modified": "2016-03-16T13:43:47.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '148403235614461c1f088d524fbd9fd0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96314-a55c-49d8-be67-4188950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:48.000Z",
"modified": "2016-03-16T13:43:48.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'b67047e341653a01526cc178966d1f6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96314-bf64-4000-a5a3-40cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:48.000Z",
"modified": "2016-03-16T13:43:48.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'ef0ab9f731e7c980b163c7e1b5db9746']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96314-9844-430e-a30e-45cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:48.000Z",
"modified": "2016-03-16T13:43:48.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '3739bbf831d04e8a2b06275cd3af371d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96315-a19c-4348-959e-448b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:49.000Z",
"modified": "2016-03-16T13:43:49.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '0d7846a76675be378a50667767d0e35a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96315-f584-4183-927d-418a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:49.000Z",
"modified": "2016-03-16T13:43:49.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '4f9b754da90bed9a633130d893d65c4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96315-ea8c-46c8-add3-4cc2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:49.000Z",
"modified": "2016-03-16T13:43:49.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '3e91836b89b6d6249741dc8ee0d2895a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96316-24f8-4317-b8b8-4b82950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:43:50.000Z",
"modified": "2016-03-16T13:43:50.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '85429d5f2745d813e53b28d3d953d1cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:43:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96331-af64-47db-a1cd-4163950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:44:17.000Z",
"modified": "2016-03-16T13:44:17.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '870c0312cea7b3b6b82be01633b071cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:44:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96331-3058-4028-8aed-434a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:44:17.000Z",
"modified": "2016-03-16T13:44:17.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'a74165ec1d55b682ed232ffde62b3b11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:44:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96332-42ec-4745-a21d-4555950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:44:18.000Z",
"modified": "2016-03-16T13:44:18.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '8336d9aeccee3408a4f9fbf4b1a42bac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:44:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96332-c72c-4050-98be-44a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:44:18.000Z",
"modified": "2016-03-16T13:44:18.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '2dfe4468a052a07cab117a20e182adc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:44:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96353-01c0-4207-9829-45bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:44:51.000Z",
"modified": "2016-03-16T13:44:51.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.238.228.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:44:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9636f-765c-44c4-bec1-5391950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:45:19.000Z",
"modified": "2016-03-16T13:45:19.000Z",
"description": "Beendoor Downloader",
"pattern": "[file:hashes.MD5 = '950eb314435bdb3c46c9f0954c935287']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:45:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96382-8c50-4d92-a24d-45e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:45:38.000Z",
"modified": "2016-03-16T13:45:38.000Z",
"description": "Beendoor Sample",
"pattern": "[file:hashes.MD5 = 'd3094c89cad5f8d1ea5f0a7f23f0a2b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:45:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96395-00ec-41ad-b9eb-4b44950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:45:57.000Z",
"modified": "2016-03-16T13:45:57.000Z",
"description": "Beendoor C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.238.235.143']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:45:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963aa-ef14-4fd8-9b9c-44e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:18.000Z",
"modified": "2016-03-16T13:46:18.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '51c57b0366d0b71acf05b4df0afef52f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963aa-9a90-4f9c-badb-4e33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:18.000Z",
"modified": "2016-03-16T13:46:18.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '438f3ea41587e9891484dad233d6faa6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ab-69e0-4a7c-91d3-4fc1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:19.000Z",
"modified": "2016-03-16T13:46:19.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '71cd70b289c53567579f8f6033d8191b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ab-8590-41ac-8f90-44d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:19.000Z",
"modified": "2016-03-16T13:46:19.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'd8637bdbcfc9112fcb1f0167b398e771']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ab-b6a8-402e-91eb-43f8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:19.000Z",
"modified": "2016-03-16T13:46:19.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '12929730cd95c6cf50dd3d470dd5f347']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ac-5bb4-466c-9e01-4e71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:20.000Z",
"modified": "2016-03-16T13:46:20.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '7ccc752b5956b86b966d15a6a4cf6df0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ac-6488-4f4e-a311-487d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:20.000Z",
"modified": "2016-03-16T13:46:20.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'b2ed9415d7cf9bc06f8ccb8cfdba1ad6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ac-67dc-4f9e-9d22-4b33950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:20.000Z",
"modified": "2016-03-16T13:46:20.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'cedb0fc3dfbb748fdcbb3eae9eb0a3f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ad-c778-4b0f-bf7f-426b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:21.000Z",
"modified": "2016-03-16T13:46:21.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '95cba4805f980e8c1df180b660e2abb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963bf-88a0-469d-95a2-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:46:39.000Z",
"modified": "2016-03-16T13:46:39.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.150.227.71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:46:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963de-ded0-4a14-a250-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:10.000Z",
"modified": "2016-03-16T13:47:10.000Z",
"description": "Crimson Downloader Sample",
"pattern": "[file:hashes.MD5 = '5d9b42853ecf3ff28d4e4313276b21ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ee-72a8-40a1-8cc2-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:26.000Z",
"modified": "2016-03-16T13:47:26.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '90b07bc12b45f2eb1b0305949f2cec25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ee-0e98-432d-853a-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:26.000Z",
"modified": "2016-03-16T13:47:26.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '3e7c2791ff7bc14ef30bba74954ef1e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ee-5c44-41df-8c9a-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:26.000Z",
"modified": "2016-03-16T13:47:26.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '44145124e046804bf579c8839b63a9a7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ef-8564-4252-b62c-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:27.000Z",
"modified": "2016-03-16T13:47:27.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'a73494ca564f6404488a985cefd96f56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ef-743c-4de5-8ad6-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:27.000Z",
"modified": "2016-03-16T13:47:27.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '8a0db32b97be106d2834739ffd65715b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e963ef-7800-48d3-8690-5390950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:27.000Z",
"modified": "2016-03-16T13:47:27.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'ddb66b231ab63c65a8ce139e73652aec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640d-5dc8-483e-8c66-409c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:57.000Z",
"modified": "2016-03-16T13:47:57.000Z",
"description": "Crimson C&C",
"pattern": "[domain-name:value = 'bhai123.no-ip.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640d-934c-4350-8e58-4c95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:57.000Z",
"modified": "2016-03-16T13:47:57.000Z",
"description": "Crimson C&C",
"pattern": "[domain-name:value = 'bhai1.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640d-9eb0-48f5-b19e-4d3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:57.000Z",
"modified": "2016-03-16T13:47:57.000Z",
"description": "Crimson C&C",
"pattern": "[domain-name:value = 'sudhir71nda.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640e-60bc-4fe8-b0cc-4d2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:58.000Z",
"modified": "2016-03-16T13:47:58.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.154.134.211']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640e-88bc-4986-9346-4ac6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:58.000Z",
"modified": "2016-03-16T13:47:58.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.154.209.175']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640e-37b8-4159-a379-4e09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:58.000Z",
"modified": "2016-03-16T13:47:58.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.154.220.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640f-db70-44e0-b6cd-4bbc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:59.000Z",
"modified": "2016-03-16T13:47:59.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.157.163.145']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640f-0ebc-43ba-ba90-433c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:59.000Z",
"modified": "2016-03-16T13:47:59.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.157.229.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9640f-d6c0-454c-914a-46c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:47:59.000Z",
"modified": "2016-03-16T13:47:59.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.181.239.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:47:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96431-49c0-4d7b-8850-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:33.000Z",
"modified": "2016-03-16T13:48:33.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '6a1c037c66184aa39096933f75d2d8ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96432-16e8-438c-8d9e-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:34.000Z",
"modified": "2016-03-16T13:48:34.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '99d93e0c6bf9cf9acb92580686f6b743']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96432-bc30-4c37-b683-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:34.000Z",
"modified": "2016-03-16T13:48:34.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'af071cd2420057090cfe33fefa139d01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96432-f290-470f-966f-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:34.000Z",
"modified": "2016-03-16T13:48:34.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '8c30ed1bc13feaa8e937be0f6a739be4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96433-7368-478d-a6eb-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:35.000Z",
"modified": "2016-03-16T13:48:35.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'adf657337d7fa7fa07c72b12fb880e41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96433-a9d0-4644-b8e0-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:35.000Z",
"modified": "2016-03-16T13:48:35.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'e2d1309893c0de5a026a2ae9e8ada486']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96433-d0d4-4fa1-9744-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:35.000Z",
"modified": "2016-03-16T13:48:35.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'd0152f228e934dcafa866445c08e3242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96434-3fe4-4129-a67a-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:36.000Z",
"modified": "2016-03-16T13:48:36.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '9b674985a412c4c07d52c7482c2ed286']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96434-4a8c-4ddd-8bfd-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:36.000Z",
"modified": "2016-03-16T13:48:36.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'c3af6b938988a88ea2dc2e59f8418062']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96435-fbb0-4548-9c65-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:37.000Z",
"modified": "2016-03-16T13:48:37.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '2d58826fbff197918caa805aeed86059']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96435-3818-4dd4-ace1-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:37.000Z",
"modified": "2016-03-16T13:48:37.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'ab6b6f675e48d818044c5e66d05813ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96435-5e2c-495b-94dc-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:37.000Z",
"modified": "2016-03-16T13:48:37.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '4b1a627c43d4e0af504bf20023e74f6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96436-5908-49a5-8825-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:38.000Z",
"modified": "2016-03-16T13:48:38.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '75798547f0ddca076070bcea67a0b064']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96436-07f8-4459-a13a-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:38.000Z",
"modified": "2016-03-16T13:48:38.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '0255f73a32bf781c786d19d149ddfb90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96436-34d4-41a0-a7cb-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:38.000Z",
"modified": "2016-03-16T13:48:38.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '16eb146eee147a333ef82d39266d5cfb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96437-9af8-4343-ba56-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:39.000Z",
"modified": "2016-03-16T13:48:39.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '2507f545a2d6e52ade2d7708d9ce89d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96437-bcac-4c1c-9bb8-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:39.000Z",
"modified": "2016-03-16T13:48:39.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = 'f9798f171194ee4fec5334ded3d786e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96437-5a64-4f7e-a264-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:39.000Z",
"modified": "2016-03-16T13:48:39.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '9b77eb38e32d43a97c5bde5ec829c5ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96438-d390-4707-8221-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:48:40.000Z",
"modified": "2016-03-16T13:48:40.000Z",
"description": "Crimson Downloader Samples",
"pattern": "[file:hashes.MD5 = '2eea994efa88e0a612e82ee3e08e78f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:48:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96458-5ab8-468b-b959-449c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:12.000Z",
"modified": "2016-03-16T13:49:12.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'c303a6ac44e3c59a9c3613ac9f92373b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96458-43a4-4c8a-90b1-4b10950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:12.000Z",
"modified": "2016-03-16T13:49:12.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '92d6366d692a1b3691dce1379bb7b5aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96459-0ad0-4289-81b8-44cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:13.000Z",
"modified": "2016-03-16T13:49:13.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'eb01bbfe8ca7e8f59aab475ad1f18245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96459-1b48-44b8-9768-4e49950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:13.000Z",
"modified": "2016-03-16T13:49:13.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '4d7ad9ab4c1d40365da60d4f2f195db4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96459-b860-4221-8d2b-42fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:13.000Z",
"modified": "2016-03-16T13:49:13.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'f936afdd0b69d109215d295ab864d309']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645a-c7f4-4b5c-b8c8-4529950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:14.000Z",
"modified": "2016-03-16T13:49:14.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'ec4bef2233002d8fe568428d16e610b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645a-be40-45da-b97f-41bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:14.000Z",
"modified": "2016-03-16T13:49:14.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '045c4b69d907833729fd83d937669f66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645a-ec30-4c76-b394-47fe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:14.000Z",
"modified": "2016-03-16T13:49:14.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '522178a60b030bbab910cb86cfeaff20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645b-3ed0-4155-a3ec-4758950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:15.000Z",
"modified": "2016-03-16T13:49:15.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '1ab5f55763663ffb0807079397812b47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645b-e8c4-4dd7-a12c-4cbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:15.000Z",
"modified": "2016-03-16T13:49:15.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '73b878e56f790dccf08bd2344b4031c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645b-21b8-41ab-9f4b-4f13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:15.000Z",
"modified": "2016-03-16T13:49:15.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'f0f6544ddb26c55df2d6184f433d8c17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645c-f638-40ac-b238-4adf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:16.000Z",
"modified": "2016-03-16T13:49:16.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '7c23f984170fd793cfde5fd68535d0a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645c-62b4-45c7-925d-47de950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:16.000Z",
"modified": "2016-03-16T13:49:16.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '7e50c67f1e94b154f110d5d73e2f312c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645c-09b4-46ea-8357-4900950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:16.000Z",
"modified": "2016-03-16T13:49:16.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '1bedd50f4ae757c6009acbe7da021122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645d-f660-4402-9fa2-45be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:17.000Z",
"modified": "2016-03-16T13:49:17.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'ae9659a2c08e2cb9ab9e5cdcb8ab4036']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645d-73b8-47bb-8b54-4799950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:17.000Z",
"modified": "2016-03-16T13:49:17.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = '0991033c2414b4992c1b5ab21c5a47e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9645d-5ba8-4930-a8a7-4551950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:17.000Z",
"modified": "2016-03-16T13:49:17.000Z",
"description": "Crimson SecApp Samples",
"pattern": "[file:hashes.MD5 = 'f710e3ad19a682dab374c167c7c2796a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96472-8dcc-401b-a71a-4152950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:38.000Z",
"modified": "2016-03-16T13:49:38.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '214eb28f04d969c9f637b09e4ffad644']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96473-20b8-4efe-9033-4d38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:39.000Z",
"modified": "2016-03-16T13:49:39.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '29097319b60c103421437214d5a3297e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96473-cb5c-402c-9ada-4330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:39.000Z",
"modified": "2016-03-16T13:49:39.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '38ce32cb94092cc6790030abcc9a638b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96473-76ec-47d4-9c59-4f03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:39.000Z",
"modified": "2016-03-16T13:49:39.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '439ba84a964a17ce2c3d51ac49c68f81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96474-4118-40ce-9ef3-43c6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:40.000Z",
"modified": "2016-03-16T13:49:40.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '4e9b81e70227575f2d2a6dd941540afa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96474-4da0-47a6-83e7-4ef6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:40.000Z",
"modified": "2016-03-16T13:49:40.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '5b4361e6a6117e9f7189a564f46157d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96474-f300-426f-a008-4736950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:40.000Z",
"modified": "2016-03-16T13:49:40.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '5dbeb8475e22a938415eb43e6bd24fe8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96475-dd3c-447a-b103-4ba7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:41.000Z",
"modified": "2016-03-16T13:49:41.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '6409930f39cd6c17fb68f7fee47b1cdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96475-61a8-4548-b71d-4813950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:41.000Z",
"modified": "2016-03-16T13:49:41.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '82377fcf288e9db675ab24cbf76ea032']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96475-1bd0-4f20-aba2-47bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:41.000Z",
"modified": "2016-03-16T13:49:41.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '84c30675b5db34c407b98ea73c5e7e96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96476-12a8-4401-8cc6-418a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:42.000Z",
"modified": "2016-03-16T13:49:42.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '897fc3a65f84e1c3db932965a574d982']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96476-fd38-49ec-b17d-495e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:42.000Z",
"modified": "2016-03-16T13:49:42.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = '9e73d275202b02b3f0ed23951fda30da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96476-fe9c-40e3-9cd2-4294950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:42.000Z",
"modified": "2016-03-16T13:49:42.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'b0327f155ebaba23102f72c1100fa26b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96477-1b58-498d-8280-4771950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:43.000Z",
"modified": "2016-03-16T13:49:43.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'b05730eda99a9160cc3f8dec66e9f347']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96477-5990-420c-bc75-47e6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:43.000Z",
"modified": "2016-03-16T13:49:43.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'b467df662af8a1fbafa845c894d917e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96478-3f14-4abc-9793-4690950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:44.000Z",
"modified": "2016-03-16T13:49:44.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'c0bf5a0f535380edec9b42a3cebb84c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96478-0e44-46ed-8cf8-48c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:44.000Z",
"modified": "2016-03-16T13:49:44.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'ca48224adce9609dc07e50930dd1afae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96478-b548-4294-b2b4-4369950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:44.000Z",
"modified": "2016-03-16T13:49:44.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'dac44b9d5a8494a3293088c9678754bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96479-2898-45e2-aa88-45bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:45.000Z",
"modified": "2016-03-16T13:49:45.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'e0217714f3a03fae4cdf4b5120213c38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96479-dc38-43d8-a5d9-4b8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:45.000Z",
"modified": "2016-03-16T13:49:45.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'e66203177a03743a6361a7b3e668b6a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96479-2144-4569-bd06-4921950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:45.000Z",
"modified": "2016-03-16T13:49:45.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'f05834a930f6fda6b877011c3fb3ef18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9647a-c0d4-4930-bc7c-4191950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:49:46.000Z",
"modified": "2016-03-16T13:49:46.000Z",
"description": "Crimson RAT Samples",
"pattern": "[file:hashes.MD5 = 'f1a2caf0dd7922ea3a64231fd5af7715']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:49:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96495-f208-45e7-96dc-498d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:13.000Z",
"modified": "2016-03-16T13:50:13.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.131.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96495-3d98-400f-810f-4e5b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:13.000Z",
"modified": "2016-03-16T13:50:13.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.152.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96496-d270-4029-a739-4fd9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:14.000Z",
"modified": "2016-03-16T13:50:14.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.167.220']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96496-e814-4923-93f4-48e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:14.000Z",
"modified": "2016-03-16T13:50:14.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.189.167.23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96496-f89c-4ef5-887c-4144950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:14.000Z",
"modified": "2016-03-16T13:50:14.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.143.181.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96497-697c-4781-818d-4cec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:15.000Z",
"modified": "2016-03-16T13:50:15.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.143.188.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96497-ad9c-4a1b-9b1e-4794950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:15.000Z",
"modified": "2016-03-16T13:50:15.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.164.131.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96498-ab50-4c2f-967a-41a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:16.000Z",
"modified": "2016-03-16T13:50:16.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.136.69.224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96498-545c-40a2-84d7-47fd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:16.000Z",
"modified": "2016-03-16T13:50:16.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.136.73.122']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96498-1e8c-4752-9e76-483f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:16.000Z",
"modified": "2016-03-16T13:50:16.000Z",
"description": "Crimson C&C",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.136.84.43']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964a8-8760-40e7-b1f4-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:32.000Z",
"modified": "2016-03-16T13:50:32.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = 'f18172d7bb8b98246cb3dbb0e9144731']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964a9-51c4-4400-b025-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:33.000Z",
"modified": "2016-03-16T13:50:33.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = 'b55a7da332bed90e798313b968ce7819']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964a9-d67c-48e9-9eae-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:33.000Z",
"modified": "2016-03-16T13:50:33.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = 'c0eb694960d0a7316264ced4d44b3abb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964a9-2664-495d-8a20-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:33.000Z",
"modified": "2016-03-16T13:50:33.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = '292f468f98e322795d1185c2b15c1f62']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964aa-9670-4d8d-bd31-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:34.000Z",
"modified": "2016-03-16T13:50:34.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = 'b6263f987fdec3fb3877845c8d5479dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964aa-34a4-4bfd-9731-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:34.000Z",
"modified": "2016-03-16T13:50:34.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = '127ee83854f47628984ab47de725ee2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964aa-0da0-4323-bb8e-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:34.000Z",
"modified": "2016-03-16T13:50:34.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = '2fa82dd2490fc697bb0bb0f8feb0dd85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964ab-1614-4a80-9cf3-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:35.000Z",
"modified": "2016-03-16T13:50:35.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = 'bc6d139a3d630ba829337687b9328caf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964ab-30d4-4a36-97ad-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:35.000Z",
"modified": "2016-03-16T13:50:35.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = 'f3c8630d06e51e8f76aa1fb438371d21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964ac-a400-4efe-a302-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:36.000Z",
"modified": "2016-03-16T13:50:36.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = '3a64e2d3558a28c4fdb0f076fa09e1a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964ac-4700-42df-8e98-61d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:36.000Z",
"modified": "2016-03-16T13:50:36.000Z",
"description": "MSIL/Crimson Modules Keylogger",
"pattern": "[file:hashes.MD5 = '370bb0ec1c16bd8821f7e53f6bfc61e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964bc-7540-41a1-aa86-45eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:52.000Z",
"modified": "2016-03-16T13:50:52.000Z",
"description": "Infostealer",
"pattern": "[file:hashes.MD5 = 'd938a75d93c20790b1f2b5d5b7294895']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964bc-5cf0-4463-9682-4b76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:52.000Z",
"modified": "2016-03-16T13:50:52.000Z",
"description": "Infostealer",
"pattern": "[file:hashes.MD5 = '29eb61f04b905e2133e9afdd12482073']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964bd-5d60-44bd-b008-4fe9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:53.000Z",
"modified": "2016-03-16T13:50:53.000Z",
"description": "Infostealer",
"pattern": "[file:hashes.MD5 = '9bdfc0d5c45f1ce1200419ec6eec15f4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964bd-a3e0-4b7c-8ae0-4515950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:50:53.000Z",
"modified": "2016-03-16T13:50:53.000Z",
"description": "Infostealer",
"pattern": "[file:hashes.MD5 = '8a991eec65bd90f12450ee9dac0f286a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d3-7d84-4058-92ee-4e01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:15.000Z",
"modified": "2016-03-16T13:51:15.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = 'c3d65d73cd6894fdad3fc281b976fd8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d3-56bc-4ea3-a03c-42d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:15.000Z",
"modified": "2016-03-16T13:51:15.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = 'e9b1a3aa2de67300356b6587a8034b0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d3-e79c-4f34-afe0-4a9b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:15.000Z",
"modified": "2016-03-16T13:51:15.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = 'cf5e472613921dc330008c79870b23ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d4-d054-4842-9032-4a7e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:16.000Z",
"modified": "2016-03-16T13:51:16.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = 'bf2eb6c19778a35f812ddc86d616c837']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d4-09b4-42b2-9352-4503950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:16.000Z",
"modified": "2016-03-16T13:51:16.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = '1e5c2029dafdd50dce2effd5154b6879']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d4-a280-4245-93d0-414f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:16.000Z",
"modified": "2016-03-16T13:51:16.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = 'b785db2b3801d5190dad9e6f03d48999']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d5-b60c-4a9d-ad75-4cae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:17.000Z",
"modified": "2016-03-16T13:51:17.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = '3f84ddc0d9ec7b08477a76b75b4421b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d5-df84-414b-94c6-4c91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:17.000Z",
"modified": "2016-03-16T13:51:17.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = 'c0ceba3a708082c372c077aa9420d09e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e964d6-b42c-44ef-899c-47e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:51:18.000Z",
"modified": "2016-03-16T13:51:18.000Z",
"description": "USBstealer",
"pattern": "[file:hashes.MD5 = 'd11ebec8f1d42dd139b18639f7f9534a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:51:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e965f0-c6c0-46c4-ab2d-4121950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T13:56:00.000Z",
"modified": "2016-03-16T13:56:00.000Z",
"pattern": "[url:value = 'http://sahirlodhi.com/usr/api.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T13:56:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966fc-f118-4f80-a07e-473d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:28.000Z",
"modified": "2016-03-16T14:00:28.000Z",
"description": "USBstealer - Xchecked via VT: d11ebec8f1d42dd139b18639f7f9534a",
"pattern": "[file:hashes.SHA256 = '1a48342db5e148cb698753080788702e37b98d8d9439cfd050b4896a61db3b50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966fc-461c-4800-8898-409802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:28.000Z",
"modified": "2016-03-16T14:00:28.000Z",
"description": "USBstealer - Xchecked via VT: d11ebec8f1d42dd139b18639f7f9534a",
"pattern": "[file:hashes.SHA1 = '689ad5a784218a572257b83593179a1abc2473f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e966fc-59b0-46ba-9f9c-473302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:28.000Z",
"modified": "2016-03-16T14:00:28.000Z",
"first_observed": "2016-03-16T14:00:28Z",
"last_observed": "2016-03-16T14:00:28Z",
"number_observed": 1,
"object_refs": [
"url--56e966fc-59b0-46ba-9f9c-473302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e966fc-59b0-46ba-9f9c-473302de0b81",
"value": "https://www.virustotal.com/file/1a48342db5e148cb698753080788702e37b98d8d9439cfd050b4896a61db3b50/analysis/1457677602/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966fd-b360-4fa7-ac3f-479b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:29.000Z",
"modified": "2016-03-16T14:00:29.000Z",
"description": "USBstealer - Xchecked via VT: c0ceba3a708082c372c077aa9420d09e",
"pattern": "[file:hashes.SHA256 = '5215618bfcae4b572c635c2a2cb93b58b10afe417af9e8fc7b01e766a2276ba1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966fd-fd50-43c9-a82c-425002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:29.000Z",
"modified": "2016-03-16T14:00:29.000Z",
"description": "USBstealer - Xchecked via VT: c0ceba3a708082c372c077aa9420d09e",
"pattern": "[file:hashes.SHA1 = 'f935e3c775c42f9e1c425b1826705dec3633bf00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e966fd-5964-4bbb-95e3-471702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:29.000Z",
"modified": "2016-03-16T14:00:29.000Z",
"first_observed": "2016-03-16T14:00:29Z",
"last_observed": "2016-03-16T14:00:29Z",
"number_observed": 1,
"object_refs": [
"url--56e966fd-5964-4bbb-95e3-471702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e966fd-5964-4bbb-95e3-471702de0b81",
"value": "https://www.virustotal.com/file/5215618bfcae4b572c635c2a2cb93b58b10afe417af9e8fc7b01e766a2276ba1/analysis/1457023710/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966fe-d8c4-4b59-bd78-482702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:30.000Z",
"modified": "2016-03-16T14:00:30.000Z",
"description": "USBstealer - Xchecked via VT: b785db2b3801d5190dad9e6f03d48999",
"pattern": "[file:hashes.SHA256 = '29c00601e4b7a5c77d5beb80d68787a9f5ed140c2104fce2c8c3884362e04721']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966fe-5de4-47f6-81e5-42a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:30.000Z",
"modified": "2016-03-16T14:00:30.000Z",
"description": "USBstealer - Xchecked via VT: b785db2b3801d5190dad9e6f03d48999",
"pattern": "[file:hashes.SHA1 = '3dff7499341d5b75ab298f1f8a465775bef81c77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e966fe-3b38-4322-a522-453402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:30.000Z",
"modified": "2016-03-16T14:00:30.000Z",
"first_observed": "2016-03-16T14:00:30Z",
"last_observed": "2016-03-16T14:00:30Z",
"number_observed": 1,
"object_refs": [
"url--56e966fe-3b38-4322-a522-453402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e966fe-3b38-4322-a522-453402de0b81",
"value": "https://www.virustotal.com/file/29c00601e4b7a5c77d5beb80d68787a9f5ed140c2104fce2c8c3884362e04721/analysis/1457023710/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966ff-99e8-4a8f-8e4a-45af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:31.000Z",
"modified": "2016-03-16T14:00:31.000Z",
"description": "USBstealer - Xchecked via VT: 1e5c2029dafdd50dce2effd5154b6879",
"pattern": "[file:hashes.SHA256 = 'cfec185523d81d275f3523f08a5f10ef5c6b8a6f7fdd97acbcbbb15c2e23110e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e966ff-0130-4fdc-86dc-421a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:31.000Z",
"modified": "2016-03-16T14:00:31.000Z",
"description": "USBstealer - Xchecked via VT: 1e5c2029dafdd50dce2effd5154b6879",
"pattern": "[file:hashes.SHA1 = '4f0a9880439a5395d042492467427d0956d49a5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e966ff-5f38-4180-a99f-4dfb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:31.000Z",
"modified": "2016-03-16T14:00:31.000Z",
"first_observed": "2016-03-16T14:00:31Z",
"last_observed": "2016-03-16T14:00:31Z",
"number_observed": 1,
"object_refs": [
"url--56e966ff-5f38-4180-a99f-4dfb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e966ff-5f38-4180-a99f-4dfb02de0b81",
"value": "https://www.virustotal.com/file/cfec185523d81d275f3523f08a5f10ef5c6b8a6f7fdd97acbcbbb15c2e23110e/analysis/1457677212/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96700-a420-4212-8b42-46d802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:32.000Z",
"modified": "2016-03-16T14:00:32.000Z",
"description": "USBstealer - Xchecked via VT: bf2eb6c19778a35f812ddc86d616c837",
"pattern": "[file:hashes.SHA256 = 'd81648a2066c0ed6830125333ab0ecf2eb2b87f2d97200619203381d7e9b069f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96700-eecc-4786-b421-426102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:32.000Z",
"modified": "2016-03-16T14:00:32.000Z",
"description": "USBstealer - Xchecked via VT: bf2eb6c19778a35f812ddc86d616c837",
"pattern": "[file:hashes.SHA1 = '0b1520c9c04726db725fd808102d22cec91ee134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96700-0554-43ab-97cc-406002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:32.000Z",
"modified": "2016-03-16T14:00:32.000Z",
"first_observed": "2016-03-16T14:00:32Z",
"last_observed": "2016-03-16T14:00:32Z",
"number_observed": 1,
"object_refs": [
"url--56e96700-0554-43ab-97cc-406002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96700-0554-43ab-97cc-406002de0b81",
"value": "https://www.virustotal.com/file/d81648a2066c0ed6830125333ab0ecf2eb2b87f2d97200619203381d7e9b069f/analysis/1457023709/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96701-10f4-4cef-b3e0-4d3a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:33.000Z",
"modified": "2016-03-16T14:00:33.000Z",
"description": "USBstealer - Xchecked via VT: cf5e472613921dc330008c79870b23ab",
"pattern": "[file:hashes.SHA256 = '9b700a05d2abf489f830b6649e9f6ab0b570b3b1472b48f34ad122d90560bdbd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96701-bd28-48f0-9bc3-4f1102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:33.000Z",
"modified": "2016-03-16T14:00:33.000Z",
"description": "USBstealer - Xchecked via VT: cf5e472613921dc330008c79870b23ab",
"pattern": "[file:hashes.SHA1 = 'acf3761c0bf627be5dfa25c4bb89451ec8a2ff8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96701-20c0-4a47-b193-417802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:33.000Z",
"modified": "2016-03-16T14:00:33.000Z",
"first_observed": "2016-03-16T14:00:33Z",
"last_observed": "2016-03-16T14:00:33Z",
"number_observed": 1,
"object_refs": [
"url--56e96701-20c0-4a47-b193-417802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96701-20c0-4a47-b193-417802de0b81",
"value": "https://www.virustotal.com/file/9b700a05d2abf489f830b6649e9f6ab0b570b3b1472b48f34ad122d90560bdbd/analysis/1457503213/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96701-d9d4-4981-bf21-418e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:33.000Z",
"modified": "2016-03-16T14:00:33.000Z",
"description": "USBstealer - Xchecked via VT: c3d65d73cd6894fdad3fc281b976fd8b",
"pattern": "[file:hashes.SHA256 = '1b36599fe98c0fa9a417d4c8527eb3b2a6b83c39e79096c3ba7cca258e986f94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96702-9264-47a9-8351-4a7302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:34.000Z",
"modified": "2016-03-16T14:00:34.000Z",
"description": "USBstealer - Xchecked via VT: c3d65d73cd6894fdad3fc281b976fd8b",
"pattern": "[file:hashes.SHA1 = 'e8a8784142c83001a95aeedec4510fc9c8facf2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96702-b748-418d-a331-4bfc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:34.000Z",
"modified": "2016-03-16T14:00:34.000Z",
"first_observed": "2016-03-16T14:00:34Z",
"last_observed": "2016-03-16T14:00:34Z",
"number_observed": 1,
"object_refs": [
"url--56e96702-b748-418d-a331-4bfc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96702-b748-418d-a331-4bfc02de0b81",
"value": "https://www.virustotal.com/file/1b36599fe98c0fa9a417d4c8527eb3b2a6b83c39e79096c3ba7cca258e986f94/analysis/1457503170/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96702-b1c0-44ac-b8fb-409c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:34.000Z",
"modified": "2016-03-16T14:00:34.000Z",
"description": "Infostealer - Xchecked via VT: 9bdfc0d5c45f1ce1200419ec6eec15f4",
"pattern": "[file:hashes.SHA256 = 'cc313e826027ee065bfc538881230bae7cac21b59313bcce637fa25784b8feaf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96703-e884-4e03-baa3-4e5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:35.000Z",
"modified": "2016-03-16T14:00:35.000Z",
"description": "Infostealer - Xchecked via VT: 9bdfc0d5c45f1ce1200419ec6eec15f4",
"pattern": "[file:hashes.SHA1 = '5193508d216fa2a607fe149b9e40d0748432a8e7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96703-2414-4930-990f-488902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:35.000Z",
"modified": "2016-03-16T14:00:35.000Z",
"first_observed": "2016-03-16T14:00:35Z",
"last_observed": "2016-03-16T14:00:35Z",
"number_observed": 1,
"object_refs": [
"url--56e96703-2414-4930-990f-488902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96703-2414-4930-990f-488902de0b81",
"value": "https://www.virustotal.com/file/cc313e826027ee065bfc538881230bae7cac21b59313bcce637fa25784b8feaf/analysis/1457023708/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96703-40c8-4484-bc3d-4f4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:35.000Z",
"modified": "2016-03-16T14:00:35.000Z",
"description": "Infostealer - Xchecked via VT: 29eb61f04b905e2133e9afdd12482073",
"pattern": "[file:hashes.SHA256 = '8151c4ebf2308d94df5f68121d1a507025bbfe9407d670c380a45adad587d9dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96703-9964-47e4-ad19-4dca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:35.000Z",
"modified": "2016-03-16T14:00:35.000Z",
"description": "Infostealer - Xchecked via VT: 29eb61f04b905e2133e9afdd12482073",
"pattern": "[file:hashes.SHA1 = '29f7bd2d251a77379611bd80c0d6c19e36ce13e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96704-9ce4-4132-8f62-4eaa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:36.000Z",
"modified": "2016-03-16T14:00:36.000Z",
"first_observed": "2016-03-16T14:00:36Z",
"last_observed": "2016-03-16T14:00:36Z",
"number_observed": 1,
"object_refs": [
"url--56e96704-9ce4-4132-8f62-4eaa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96704-9ce4-4132-8f62-4eaa02de0b81",
"value": "https://www.virustotal.com/file/8151c4ebf2308d94df5f68121d1a507025bbfe9407d670c380a45adad587d9dc/analysis/1457585643/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96704-b194-4299-9f22-4c8502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:36.000Z",
"modified": "2016-03-16T14:00:36.000Z",
"description": "Infostealer - Xchecked via VT: d938a75d93c20790b1f2b5d5b7294895",
"pattern": "[file:hashes.SHA256 = 'e75eb656871bff48794c06f3c34cebc6238436229cd2c8ecebde7cdebebf0e0d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96704-64e0-4978-92ae-4fa602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:36.000Z",
"modified": "2016-03-16T14:00:36.000Z",
"description": "Infostealer - Xchecked via VT: d938a75d93c20790b1f2b5d5b7294895",
"pattern": "[file:hashes.SHA1 = '6c3717af68f89b05724a507d086c2d5729f81b2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96705-7a98-4f21-a1c4-4eee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:37.000Z",
"modified": "2016-03-16T14:00:37.000Z",
"first_observed": "2016-03-16T14:00:37Z",
"last_observed": "2016-03-16T14:00:37Z",
"number_observed": 1,
"object_refs": [
"url--56e96705-7a98-4f21-a1c4-4eee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96705-7a98-4f21-a1c4-4eee02de0b81",
"value": "https://www.virustotal.com/file/e75eb656871bff48794c06f3c34cebc6238436229cd2c8ecebde7cdebebf0e0d/analysis/1457677616/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96705-3578-4064-8049-439602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:37.000Z",
"modified": "2016-03-16T14:00:37.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: bc6d139a3d630ba829337687b9328caf",
"pattern": "[file:hashes.SHA256 = '6b3f41e7506591ba95f9a2bb62bb7c11112abebb3acb8efdfb71db3d86f528b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96705-2d38-44f3-98fc-4d7202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:37.000Z",
"modified": "2016-03-16T14:00:37.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: bc6d139a3d630ba829337687b9328caf",
"pattern": "[file:hashes.SHA1 = '97549d349f0d35375191e197161a138d49531965']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96706-97d8-4be8-9c63-4df102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:38.000Z",
"modified": "2016-03-16T14:00:38.000Z",
"first_observed": "2016-03-16T14:00:38Z",
"last_observed": "2016-03-16T14:00:38Z",
"number_observed": 1,
"object_refs": [
"url--56e96706-97d8-4be8-9c63-4df102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96706-97d8-4be8-9c63-4df102de0b81",
"value": "https://www.virustotal.com/file/6b3f41e7506591ba95f9a2bb62bb7c11112abebb3acb8efdfb71db3d86f528b1/analysis/1457172640/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96706-0390-45a3-a1d1-40e702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:38.000Z",
"modified": "2016-03-16T14:00:38.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: 2fa82dd2490fc697bb0bb0f8feb0dd85",
"pattern": "[file:hashes.SHA256 = 'fc99fcd3144d45c80a0acde670b201c2a1f0f0649806422e4344be66c61c5bc0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96706-5b14-4a7f-8f30-40a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:38.000Z",
"modified": "2016-03-16T14:00:38.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: 2fa82dd2490fc697bb0bb0f8feb0dd85",
"pattern": "[file:hashes.SHA1 = '9a606802405e15d660d2cf2d280f41aaeb98c88e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96706-35d8-48b2-80d1-433802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:38.000Z",
"modified": "2016-03-16T14:00:38.000Z",
"first_observed": "2016-03-16T14:00:38Z",
"last_observed": "2016-03-16T14:00:38Z",
"number_observed": 1,
"object_refs": [
"url--56e96706-35d8-48b2-80d1-433802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96706-35d8-48b2-80d1-433802de0b81",
"value": "https://www.virustotal.com/file/fc99fcd3144d45c80a0acde670b201c2a1f0f0649806422e4344be66c61c5bc0/analysis/1457023707/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96707-a6a0-4685-aa02-491f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:39.000Z",
"modified": "2016-03-16T14:00:39.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: 127ee83854f47628984ab47de725ee2f",
"pattern": "[file:hashes.SHA256 = 'bb3e132763ec034a5f022ce503d12fc50c324009d4268293f80ae66b6c07b7ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96707-47d4-4254-acbc-482402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:39.000Z",
"modified": "2016-03-16T14:00:39.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: 127ee83854f47628984ab47de725ee2f",
"pattern": "[file:hashes.SHA1 = '591d8dcea6ec8c65f0c3140abec7ff63a90cdd11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96707-73d8-464c-94a5-4d3e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:39.000Z",
"modified": "2016-03-16T14:00:39.000Z",
"first_observed": "2016-03-16T14:00:39Z",
"last_observed": "2016-03-16T14:00:39Z",
"number_observed": 1,
"object_refs": [
"url--56e96707-73d8-464c-94a5-4d3e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96707-73d8-464c-94a5-4d3e02de0b81",
"value": "https://www.virustotal.com/file/bb3e132763ec034a5f022ce503d12fc50c324009d4268293f80ae66b6c07b7ab/analysis/1457023706/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96707-4858-4170-a33f-44d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:39.000Z",
"modified": "2016-03-16T14:00:39.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: b6263f987fdec3fb3877845c8d5479dd",
"pattern": "[file:hashes.SHA256 = 'd7a86b8d6eea87143053609050e48b0bdfee1069efc30a05e57122c1909dc33b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96708-73b8-4658-8a77-4bf502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:40.000Z",
"modified": "2016-03-16T14:00:40.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: b6263f987fdec3fb3877845c8d5479dd",
"pattern": "[file:hashes.SHA1 = '30240ac09de99d7443a9ca6778c08565afafb784']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96708-df54-4fed-a71f-46dd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:40.000Z",
"modified": "2016-03-16T14:00:40.000Z",
"first_observed": "2016-03-16T14:00:40Z",
"last_observed": "2016-03-16T14:00:40Z",
"number_observed": 1,
"object_refs": [
"url--56e96708-df54-4fed-a71f-46dd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96708-df54-4fed-a71f-46dd02de0b81",
"value": "https://www.virustotal.com/file/d7a86b8d6eea87143053609050e48b0bdfee1069efc30a05e57122c1909dc33b/analysis/1457023706/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96708-ac70-4967-90e2-45b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:40.000Z",
"modified": "2016-03-16T14:00:40.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: 292f468f98e322795d1185c2b15c1f62",
"pattern": "[file:hashes.SHA256 = 'c071dafa7928ec9107a5d9f0266ae00c9d11a85e77f318229c310d2733c7ef63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96709-d530-43a9-ae7c-4bca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:41.000Z",
"modified": "2016-03-16T14:00:41.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: 292f468f98e322795d1185c2b15c1f62",
"pattern": "[file:hashes.SHA1 = '04b81e94d8ddae28e65eaee6ab15039be81bd3e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96709-04a8-4650-a81e-4e6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:41.000Z",
"modified": "2016-03-16T14:00:41.000Z",
"first_observed": "2016-03-16T14:00:41Z",
"last_observed": "2016-03-16T14:00:41Z",
"number_observed": 1,
"object_refs": [
"url--56e96709-04a8-4650-a81e-4e6402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96709-04a8-4650-a81e-4e6402de0b81",
"value": "https://www.virustotal.com/file/c071dafa7928ec9107a5d9f0266ae00c9d11a85e77f318229c310d2733c7ef63/analysis/1457578098/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96709-0b38-4951-9f87-449802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:41.000Z",
"modified": "2016-03-16T14:00:41.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: c0eb694960d0a7316264ced4d44b3abb",
"pattern": "[file:hashes.SHA256 = 'ce2c414abbe3eb98971ffb9653da8784ceb6ba29c20147001e9b2bcf8ab90f5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96709-6074-494f-b6cf-48cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:41.000Z",
"modified": "2016-03-16T14:00:41.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: c0eb694960d0a7316264ced4d44b3abb",
"pattern": "[file:hashes.SHA1 = 'e5efcecdde565cf80df88231cdda266be3859ade']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670a-9bdc-435c-971b-45ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:42.000Z",
"modified": "2016-03-16T14:00:42.000Z",
"first_observed": "2016-03-16T14:00:42Z",
"last_observed": "2016-03-16T14:00:42Z",
"number_observed": 1,
"object_refs": [
"url--56e9670a-9bdc-435c-971b-45ba02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670a-9bdc-435c-971b-45ba02de0b81",
"value": "https://www.virustotal.com/file/ce2c414abbe3eb98971ffb9653da8784ceb6ba29c20147001e9b2bcf8ab90f5e/analysis/1457173133/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670a-22ec-44c0-a92a-431702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:42.000Z",
"modified": "2016-03-16T14:00:42.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: b55a7da332bed90e798313b968ce7819",
"pattern": "[file:hashes.SHA256 = 'a168f0d23858657671ade1a151551dade4ee9d1f91e42fe40b614a456681d849']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670a-fd88-40e3-a6a7-4f5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:42.000Z",
"modified": "2016-03-16T14:00:42.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: b55a7da332bed90e798313b968ce7819",
"pattern": "[file:hashes.SHA1 = '21d3fddba0461a89605a459bd1f7f464b256ed2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670a-c078-4277-bd2d-482f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:42.000Z",
"modified": "2016-03-16T14:00:42.000Z",
"first_observed": "2016-03-16T14:00:42Z",
"last_observed": "2016-03-16T14:00:42Z",
"number_observed": 1,
"object_refs": [
"url--56e9670a-c078-4277-bd2d-482f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670a-c078-4277-bd2d-482f02de0b81",
"value": "https://www.virustotal.com/file/a168f0d23858657671ade1a151551dade4ee9d1f91e42fe40b614a456681d849/analysis/1457329544/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670b-5834-41bb-81fb-4cf602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:43.000Z",
"modified": "2016-03-16T14:00:43.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: f18172d7bb8b98246cb3dbb0e9144731",
"pattern": "[file:hashes.SHA256 = '7cbc5b2a6f2a3523a49ad13fa49ab08b521bd99a3f1e887daee4bfdcda622baf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670b-e0ac-47ce-926a-42f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:43.000Z",
"modified": "2016-03-16T14:00:43.000Z",
"description": "MSIL/Crimson Modules Keylogger - Xchecked via VT: f18172d7bb8b98246cb3dbb0e9144731",
"pattern": "[file:hashes.SHA1 = 'f2eaa097263ed48282a908a8305b691cb02c76e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670b-6c04-4c1a-86a8-42d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:43.000Z",
"modified": "2016-03-16T14:00:43.000Z",
"first_observed": "2016-03-16T14:00:43Z",
"last_observed": "2016-03-16T14:00:43Z",
"number_observed": 1,
"object_refs": [
"url--56e9670b-6c04-4c1a-86a8-42d702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670b-6c04-4c1a-86a8-42d702de0b81",
"value": "https://www.virustotal.com/file/7cbc5b2a6f2a3523a49ad13fa49ab08b521bd99a3f1e887daee4bfdcda622baf/analysis/1457023644/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670c-69b8-42ce-80b3-475302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:44.000Z",
"modified": "2016-03-16T14:00:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: f1a2caf0dd7922ea3a64231fd5af7715",
"pattern": "[file:hashes.SHA256 = '97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670c-8a48-4fc9-b659-49a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:44.000Z",
"modified": "2016-03-16T14:00:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: f1a2caf0dd7922ea3a64231fd5af7715",
"pattern": "[file:hashes.SHA1 = '8afaec7a8d1e17bbf18c3a00bd13a2af5901711f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670c-f78c-42ae-9e14-43f602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:44.000Z",
"modified": "2016-03-16T14:00:44.000Z",
"first_observed": "2016-03-16T14:00:44Z",
"last_observed": "2016-03-16T14:00:44Z",
"number_observed": 1,
"object_refs": [
"url--56e9670c-f78c-42ae-9e14-43f602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670c-f78c-42ae-9e14-43f602de0b81",
"value": "https://www.virustotal.com/file/97d3eadbe9b85aeb07a0ad9fe11ff36fb34d60d4968917f9c8e3e89688e3c437/analysis/1454754177/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670c-4d44-40d6-be64-45ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:44.000Z",
"modified": "2016-03-16T14:00:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: f05834a930f6fda6b877011c3fb3ef18",
"pattern": "[file:hashes.SHA256 = '3260a82398b8147c49d608295ff1a21e54a64aafb6b62c855eb4b2062f4ab6ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670d-a338-4fa7-9455-4d3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:45.000Z",
"modified": "2016-03-16T14:00:45.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: f05834a930f6fda6b877011c3fb3ef18",
"pattern": "[file:hashes.SHA1 = '5a7ff5d12d87fe90d5ba45a7d4f586db4e31dc98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670d-2930-4402-9995-4b4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:45.000Z",
"modified": "2016-03-16T14:00:45.000Z",
"first_observed": "2016-03-16T14:00:45Z",
"last_observed": "2016-03-16T14:00:45Z",
"number_observed": 1,
"object_refs": [
"url--56e9670d-2930-4402-9995-4b4002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670d-2930-4402-9995-4b4002de0b81",
"value": "https://www.virustotal.com/file/3260a82398b8147c49d608295ff1a21e54a64aafb6b62c855eb4b2062f4ab6ce/analysis/1457503408/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670d-43ec-4eb3-bcda-4a2302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:45.000Z",
"modified": "2016-03-16T14:00:45.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: e66203177a03743a6361a7b3e668b6a6",
"pattern": "[file:hashes.SHA256 = 'a68219383dd7e7dfd4142adac8573f89a5f6efe2feeb83c871d45c989376b8a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670e-27ec-4ee9-b948-42c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:46.000Z",
"modified": "2016-03-16T14:00:46.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: e66203177a03743a6361a7b3e668b6a6",
"pattern": "[file:hashes.SHA1 = '2d3dc754b9ca399df0fc073f4eeb1b2818fcbc4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670e-aa68-428d-90c1-465102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:46.000Z",
"modified": "2016-03-16T14:00:46.000Z",
"first_observed": "2016-03-16T14:00:46Z",
"last_observed": "2016-03-16T14:00:46Z",
"number_observed": 1,
"object_refs": [
"url--56e9670e-aa68-428d-90c1-465102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670e-aa68-428d-90c1-465102de0b81",
"value": "https://www.virustotal.com/file/a68219383dd7e7dfd4142adac8573f89a5f6efe2feeb83c871d45c989376b8a0/analysis/1457023705/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670e-6a10-4abf-b8a6-43b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:46.000Z",
"modified": "2016-03-16T14:00:46.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: e0217714f3a03fae4cdf4b5120213c38",
"pattern": "[file:hashes.SHA256 = '01c8d0efc53a616e898816f99d3d3965a9b03ac4d8f4b2f1f4ea64d167b4d7fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670e-ca88-4837-93d8-4d4902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:46.000Z",
"modified": "2016-03-16T14:00:46.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: e0217714f3a03fae4cdf4b5120213c38",
"pattern": "[file:hashes.SHA1 = '56f5790c70b5bdad36fed4cc59ead1bbd2f335f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670f-d6e8-4b95-8564-4fd202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:47.000Z",
"modified": "2016-03-16T14:00:47.000Z",
"first_observed": "2016-03-16T14:00:47Z",
"last_observed": "2016-03-16T14:00:47Z",
"number_observed": 1,
"object_refs": [
"url--56e9670f-d6e8-4b95-8564-4fd202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670f-d6e8-4b95-8564-4fd202de0b81",
"value": "https://www.virustotal.com/file/01c8d0efc53a616e898816f99d3d3965a9b03ac4d8f4b2f1f4ea64d167b4d7fd/analysis/1440538124/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670f-d81c-4b6d-8486-452702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:47.000Z",
"modified": "2016-03-16T14:00:47.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: dac44b9d5a8494a3293088c9678754bc",
"pattern": "[file:hashes.SHA256 = 'cede5730a0155749a2a36ae72c7eb1813f8d124da00c2dc3c70fbf78fb8f7cb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9670f-0c1c-40b3-8a97-411002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:47.000Z",
"modified": "2016-03-16T14:00:47.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: dac44b9d5a8494a3293088c9678754bc",
"pattern": "[file:hashes.SHA1 = 'e461dab1b0edda108f70572a10e8dc75e947e0f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9670f-a764-4a5a-bd5d-448002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:47.000Z",
"modified": "2016-03-16T14:00:47.000Z",
"first_observed": "2016-03-16T14:00:47Z",
"last_observed": "2016-03-16T14:00:47Z",
"number_observed": 1,
"object_refs": [
"url--56e9670f-a764-4a5a-bd5d-448002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9670f-a764-4a5a-bd5d-448002de0b81",
"value": "https://www.virustotal.com/file/cede5730a0155749a2a36ae72c7eb1813f8d124da00c2dc3c70fbf78fb8f7cb9/analysis/1442414543/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96710-8688-4135-b776-463e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:48.000Z",
"modified": "2016-03-16T14:00:48.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: c0bf5a0f535380edec9b42a3cebb84c4",
"pattern": "[file:hashes.SHA256 = 'adf87e5e72e29fb1912db9aa2b5f72a86ce3cbe8484ff998cbd7d4ebdbb3c92f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96710-80a8-46bf-b101-4a1d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:48.000Z",
"modified": "2016-03-16T14:00:48.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: c0bf5a0f535380edec9b42a3cebb84c4",
"pattern": "[file:hashes.SHA1 = 'b9c59c248adaa8e50dc7d05f12d01bd134ca16a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96710-e394-4d16-a0c4-48e302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:48.000Z",
"modified": "2016-03-16T14:00:48.000Z",
"first_observed": "2016-03-16T14:00:48Z",
"last_observed": "2016-03-16T14:00:48Z",
"number_observed": 1,
"object_refs": [
"url--56e96710-e394-4d16-a0c4-48e302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96710-e394-4d16-a0c4-48e302de0b81",
"value": "https://www.virustotal.com/file/adf87e5e72e29fb1912db9aa2b5f72a86ce3cbe8484ff998cbd7d4ebdbb3c92f/analysis/1453111781/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96711-8a3c-423e-925e-4f1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:49.000Z",
"modified": "2016-03-16T14:00:49.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b467df662af8a1fbafa845c894d917e3",
"pattern": "[file:hashes.SHA256 = 'ba298f10531c462f507a1e1c8f9fd80a938531a637e0bada3fa8a068f7febd80']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96711-8090-4012-a505-461c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:49.000Z",
"modified": "2016-03-16T14:00:49.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b467df662af8a1fbafa845c894d917e3",
"pattern": "[file:hashes.SHA1 = '637edcd549c8be0e2e8b7bc61c932ca0a58ca77d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96711-5c80-4903-bead-408d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:49.000Z",
"modified": "2016-03-16T14:00:49.000Z",
"first_observed": "2016-03-16T14:00:49Z",
"last_observed": "2016-03-16T14:00:49Z",
"number_observed": 1,
"object_refs": [
"url--56e96711-5c80-4903-bead-408d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96711-5c80-4903-bead-408d02de0b81",
"value": "https://www.virustotal.com/file/ba298f10531c462f507a1e1c8f9fd80a938531a637e0bada3fa8a068f7febd80/analysis/1457023704/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96711-b91c-4d91-8310-416602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:49.000Z",
"modified": "2016-03-16T14:00:49.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b05730eda99a9160cc3f8dec66e9f347",
"pattern": "[file:hashes.SHA256 = '91d09b8deb1d6a7e545583c130f035b5d442f3c76ea9436bbd3f7227427eda9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96712-e778-4f59-bc0d-4bfb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:50.000Z",
"modified": "2016-03-16T14:00:50.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b05730eda99a9160cc3f8dec66e9f347",
"pattern": "[file:hashes.SHA1 = '3084cbb9036cf0ae0ccfddd9b82eec0a56cab648']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96712-8b8c-4f26-ad24-4a1302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:50.000Z",
"modified": "2016-03-16T14:00:50.000Z",
"first_observed": "2016-03-16T14:00:50Z",
"last_observed": "2016-03-16T14:00:50Z",
"number_observed": 1,
"object_refs": [
"url--56e96712-8b8c-4f26-ad24-4a1302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96712-8b8c-4f26-ad24-4a1302de0b81",
"value": "https://www.virustotal.com/file/91d09b8deb1d6a7e545583c130f035b5d442f3c76ea9436bbd3f7227427eda9d/analysis/1457023703/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96712-fb4c-4dec-a604-4a2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:50.000Z",
"modified": "2016-03-16T14:00:50.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b0327f155ebaba23102f72c1100fa26b",
"pattern": "[file:hashes.SHA256 = 'af1d568b78976782a6692ebedbe6449bff5afeeb07d3f8445cb5b2a2289ff79c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96712-b414-4c0c-a225-47e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:50.000Z",
"modified": "2016-03-16T14:00:50.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b0327f155ebaba23102f72c1100fa26b",
"pattern": "[file:hashes.SHA1 = '9c32a727c1c7ef49c15609f6169222c38673324c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96713-32c8-4620-a9a5-4bdf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:51.000Z",
"modified": "2016-03-16T14:00:51.000Z",
"first_observed": "2016-03-16T14:00:51Z",
"last_observed": "2016-03-16T14:00:51Z",
"number_observed": 1,
"object_refs": [
"url--56e96713-32c8-4620-a9a5-4bdf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96713-32c8-4620-a9a5-4bdf02de0b81",
"value": "https://www.virustotal.com/file/af1d568b78976782a6692ebedbe6449bff5afeeb07d3f8445cb5b2a2289ff79c/analysis/1457023703/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96713-f320-4192-ae31-406c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:51.000Z",
"modified": "2016-03-16T14:00:51.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 9e73d275202b02b3f0ed23951fda30da",
"pattern": "[file:hashes.SHA256 = '9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96713-ca20-472c-9eb0-4d2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:51.000Z",
"modified": "2016-03-16T14:00:51.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 9e73d275202b02b3f0ed23951fda30da",
"pattern": "[file:hashes.SHA1 = 'fcc8ac89581e1625a05ef54cee9ce8d3a48a8144']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96714-c0a4-466b-975c-48db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:52.000Z",
"modified": "2016-03-16T14:00:52.000Z",
"first_observed": "2016-03-16T14:00:52Z",
"last_observed": "2016-03-16T14:00:52Z",
"number_observed": 1,
"object_refs": [
"url--56e96714-c0a4-466b-975c-48db02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96714-c0a4-466b-975c-48db02de0b81",
"value": "https://www.virustotal.com/file/9f50b0f990b7f89b105ab2c6d99b6bee93c3963f265ee41176d1854996069a40/analysis/1457023703/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96714-15e0-44c4-b145-4cbb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:52.000Z",
"modified": "2016-03-16T14:00:52.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 897fc3a65f84e1c3db932965a574d982",
"pattern": "[file:hashes.SHA256 = '9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96714-f290-4d9d-bb4b-4ea302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:52.000Z",
"modified": "2016-03-16T14:00:52.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 897fc3a65f84e1c3db932965a574d982",
"pattern": "[file:hashes.SHA1 = '2873f5215cd6e62b4b0a12861fce64685e557fdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96714-63c8-48bd-8a1f-411c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:52.000Z",
"modified": "2016-03-16T14:00:52.000Z",
"first_observed": "2016-03-16T14:00:52Z",
"last_observed": "2016-03-16T14:00:52Z",
"number_observed": 1,
"object_refs": [
"url--56e96714-63c8-48bd-8a1f-411c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96714-63c8-48bd-8a1f-411c02de0b81",
"value": "https://www.virustotal.com/file/9544bb44a22d6b3d15429fd0658cc6acc1e9379f0dcd659f9847f15b1effa934/analysis/1457677453/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96715-53c8-4dd4-aa74-497902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:53.000Z",
"modified": "2016-03-16T14:00:53.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 82377fcf288e9db675ab24cbf76ea032",
"pattern": "[file:hashes.SHA256 = '338920c50a0fbccf537f07c78eaaa0a8665b96131bedc107a74be6124a06d370']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96715-cd94-4b52-8b34-4ee602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:53.000Z",
"modified": "2016-03-16T14:00:53.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 82377fcf288e9db675ab24cbf76ea032",
"pattern": "[file:hashes.SHA1 = 'c0ab9e722ebab024697c3ac61b8a3d26c011fb49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96715-0424-49f4-858b-44d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:53.000Z",
"modified": "2016-03-16T14:00:53.000Z",
"first_observed": "2016-03-16T14:00:53Z",
"last_observed": "2016-03-16T14:00:53Z",
"number_observed": 1,
"object_refs": [
"url--56e96715-0424-49f4-858b-44d502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96715-0424-49f4-858b-44d502de0b81",
"value": "https://www.virustotal.com/file/338920c50a0fbccf537f07c78eaaa0a8665b96131bedc107a74be6124a06d370/analysis/1440598370/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96716-5244-4102-a6af-47f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:54.000Z",
"modified": "2016-03-16T14:00:54.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 5dbeb8475e22a938415eb43e6bd24fe8",
"pattern": "[file:hashes.SHA256 = '19e58e6767d3e7772b559f5ac3ef2a5c7572143b5e28cc7f4b8f32ad22a763e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96716-883c-475f-9100-42a702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:54.000Z",
"modified": "2016-03-16T14:00:54.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 5dbeb8475e22a938415eb43e6bd24fe8",
"pattern": "[file:hashes.SHA1 = '9691002753533f01dc8f2c590e09b187ab072da2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96716-3d48-4536-9f35-459c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:54.000Z",
"modified": "2016-03-16T14:00:54.000Z",
"first_observed": "2016-03-16T14:00:54Z",
"last_observed": "2016-03-16T14:00:54Z",
"number_observed": 1,
"object_refs": [
"url--56e96716-3d48-4536-9f35-459c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96716-3d48-4536-9f35-459c02de0b81",
"value": "https://www.virustotal.com/file/19e58e6767d3e7772b559f5ac3ef2a5c7572143b5e28cc7f4b8f32ad22a763e2/analysis/1457023703/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96716-59a0-44a1-8fbb-48a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:54.000Z",
"modified": "2016-03-16T14:00:54.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 5b4361e6a6117e9f7189a564f46157d7",
"pattern": "[file:hashes.SHA256 = '49096cb1914b4e9cf0088d60185a48e0242f3b3e4c3a7aab2cfc25aa98270025']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96717-97f0-4080-98ba-4eeb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:55.000Z",
"modified": "2016-03-16T14:00:55.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 5b4361e6a6117e9f7189a564f46157d7",
"pattern": "[file:hashes.SHA1 = 'f33f85659806779248b464e43df5ca8ee34d0174']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96717-ed14-4df3-b073-44ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:55.000Z",
"modified": "2016-03-16T14:00:55.000Z",
"first_observed": "2016-03-16T14:00:55Z",
"last_observed": "2016-03-16T14:00:55Z",
"number_observed": 1,
"object_refs": [
"url--56e96717-ed14-4df3-b073-44ad02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96717-ed14-4df3-b073-44ad02de0b81",
"value": "https://www.virustotal.com/file/49096cb1914b4e9cf0088d60185a48e0242f3b3e4c3a7aab2cfc25aa98270025/analysis/1454491801/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96717-52bc-446d-b1c8-45e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:55.000Z",
"modified": "2016-03-16T14:00:55.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 439ba84a964a17ce2c3d51ac49c68f81",
"pattern": "[file:hashes.SHA256 = 'e9879c927b43e65f7a9cab8c8f7aee73bfa9dd29db5920df7cfd05ad3ac3581d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96717-04e8-41fd-815a-4ab902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:55.000Z",
"modified": "2016-03-16T14:00:55.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 439ba84a964a17ce2c3d51ac49c68f81",
"pattern": "[file:hashes.SHA1 = '97bb70b88fee210728ac0b1fee6d7414e1a9789a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96718-9ba4-4847-9739-47b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:56.000Z",
"modified": "2016-03-16T14:00:56.000Z",
"first_observed": "2016-03-16T14:00:56Z",
"last_observed": "2016-03-16T14:00:56Z",
"number_observed": 1,
"object_refs": [
"url--56e96718-9ba4-4847-9739-47b302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96718-9ba4-4847-9739-47b302de0b81",
"value": "https://www.virustotal.com/file/e9879c927b43e65f7a9cab8c8f7aee73bfa9dd29db5920df7cfd05ad3ac3581d/analysis/1457023701/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96718-607c-4739-97ed-4ed202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:56.000Z",
"modified": "2016-03-16T14:00:56.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 38ce32cb94092cc6790030abcc9a638b",
"pattern": "[file:hashes.SHA256 = 'f2627e172eb2a55138a4ce8c849dab3ac9991af7382c74b22308e1fe7c9f6b97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96718-fa3c-4eb7-9e7c-477402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:56.000Z",
"modified": "2016-03-16T14:00:56.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 38ce32cb94092cc6790030abcc9a638b",
"pattern": "[file:hashes.SHA1 = '82c0c36800674769914fd7c6bdc2566369250543']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96719-789c-451f-94f0-471102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:57.000Z",
"modified": "2016-03-16T14:00:57.000Z",
"first_observed": "2016-03-16T14:00:57Z",
"last_observed": "2016-03-16T14:00:57Z",
"number_observed": 1,
"object_refs": [
"url--56e96719-789c-451f-94f0-471102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96719-789c-451f-94f0-471102de0b81",
"value": "https://www.virustotal.com/file/f2627e172eb2a55138a4ce8c849dab3ac9991af7382c74b22308e1fe7c9f6b97/analysis/1457023702/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96719-3d34-4bf7-8d2a-491e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:57.000Z",
"modified": "2016-03-16T14:00:57.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 29097319b60c103421437214d5a3297e",
"pattern": "[file:hashes.SHA256 = 'c6c44689d2b3b671b8a61c410bfe56ef63b68f64ba00925d97f092d661c2da97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96719-5054-49dd-a04e-440102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:57.000Z",
"modified": "2016-03-16T14:00:57.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 29097319b60c103421437214d5a3297e",
"pattern": "[file:hashes.SHA1 = '71ee491d2f26b5bd42ffe0be50e739f655828cc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96719-6130-4f89-a933-4f6a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:57.000Z",
"modified": "2016-03-16T14:00:57.000Z",
"first_observed": "2016-03-16T14:00:57Z",
"last_observed": "2016-03-16T14:00:57Z",
"number_observed": 1,
"object_refs": [
"url--56e96719-6130-4f89-a933-4f6a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96719-6130-4f89-a933-4f6a02de0b81",
"value": "https://www.virustotal.com/file/c6c44689d2b3b671b8a61c410bfe56ef63b68f64ba00925d97f092d661c2da97/analysis/1457023701/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671a-db08-44d2-9766-498602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:58.000Z",
"modified": "2016-03-16T14:00:58.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: f710e3ad19a682dab374c167c7c2796a",
"pattern": "[file:hashes.SHA256 = '4ab67af94e60a67fc42462bd42d82530281c12d1ca7ccf1ecc8baaa832cfdb4f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671a-2c3c-498e-8be1-4f9102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:58.000Z",
"modified": "2016-03-16T14:00:58.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: f710e3ad19a682dab374c167c7c2796a",
"pattern": "[file:hashes.SHA1 = '702104c7b7b7ff2176d7a0718f19196ff392af34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9671a-1328-4378-adea-452b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:58.000Z",
"modified": "2016-03-16T14:00:58.000Z",
"first_observed": "2016-03-16T14:00:58Z",
"last_observed": "2016-03-16T14:00:58Z",
"number_observed": 1,
"object_refs": [
"url--56e9671a-1328-4378-adea-452b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9671a-1328-4378-adea-452b02de0b81",
"value": "https://www.virustotal.com/file/4ab67af94e60a67fc42462bd42d82530281c12d1ca7ccf1ecc8baaa832cfdb4f/analysis/1457023701/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671a-3a4c-46d8-8cfc-467b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:58.000Z",
"modified": "2016-03-16T14:00:58.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0991033c2414b4992c1b5ab21c5a47e2",
"pattern": "[file:hashes.SHA256 = '24eba94fa7e03d688c27bef6b4f47c4109192abf8baeb25e93e2005f01994b20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671b-2f2c-4853-9af5-422902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:59.000Z",
"modified": "2016-03-16T14:00:59.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0991033c2414b4992c1b5ab21c5a47e2",
"pattern": "[file:hashes.SHA1 = 'd2d17eb95628826ec068bef46dec8348fd9c4b76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9671b-2198-4093-a6e4-4d0f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:59.000Z",
"modified": "2016-03-16T14:00:59.000Z",
"first_observed": "2016-03-16T14:00:59Z",
"last_observed": "2016-03-16T14:00:59Z",
"number_observed": 1,
"object_refs": [
"url--56e9671b-2198-4093-a6e4-4d0f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9671b-2198-4093-a6e4-4d0f02de0b81",
"value": "https://www.virustotal.com/file/24eba94fa7e03d688c27bef6b4f47c4109192abf8baeb25e93e2005f01994b20/analysis/1457023700/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671b-c668-4758-ba7c-417b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:00:59.000Z",
"modified": "2016-03-16T14:00:59.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ae9659a2c08e2cb9ab9e5cdcb8ab4036",
"pattern": "[file:hashes.SHA256 = 'dc9b11b602e4819a29b5cf1e4545da0ef097d1fe63e8a96b3aae5fd9542a30d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:00:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671c-ed48-40a0-bfa8-41bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:00.000Z",
"modified": "2016-03-16T14:01:00.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ae9659a2c08e2cb9ab9e5cdcb8ab4036",
"pattern": "[file:hashes.SHA1 = '168a9a5c8ebc79d7639a15ea3d1f5fde156bcbb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9671c-5674-4fac-9649-490e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:00.000Z",
"modified": "2016-03-16T14:01:00.000Z",
"first_observed": "2016-03-16T14:01:00Z",
"last_observed": "2016-03-16T14:01:00Z",
"number_observed": 1,
"object_refs": [
"url--56e9671c-5674-4fac-9649-490e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9671c-5674-4fac-9649-490e02de0b81",
"value": "https://www.virustotal.com/file/dc9b11b602e4819a29b5cf1e4545da0ef097d1fe63e8a96b3aae5fd9542a30d0/analysis/1457023700/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671c-3ecc-4d62-8a7d-455802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:00.000Z",
"modified": "2016-03-16T14:01:00.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 1bedd50f4ae757c6009acbe7da021122",
"pattern": "[file:hashes.SHA256 = 'eb8407cfd7f94bebb6e354562a64c4024a05f200bd62d7546c8594f7b61387a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671c-eec8-4f79-9afc-41b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:00.000Z",
"modified": "2016-03-16T14:01:00.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 1bedd50f4ae757c6009acbe7da021122",
"pattern": "[file:hashes.SHA1 = '05c0494441c4302f5a7fb4f78bf7c986b0b62849']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9671d-1b20-468d-b381-489302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:01.000Z",
"modified": "2016-03-16T14:01:01.000Z",
"first_observed": "2016-03-16T14:01:01Z",
"last_observed": "2016-03-16T14:01:01Z",
"number_observed": 1,
"object_refs": [
"url--56e9671d-1b20-468d-b381-489302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9671d-1b20-468d-b381-489302de0b81",
"value": "https://www.virustotal.com/file/eb8407cfd7f94bebb6e354562a64c4024a05f200bd62d7546c8594f7b61387a8/analysis/1446805527/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671d-0ef8-47ba-98df-423102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:01.000Z",
"modified": "2016-03-16T14:01:01.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 7e50c67f1e94b154f110d5d73e2f312c",
"pattern": "[file:hashes.SHA256 = '5e6199f7cf3ddc4f16bd57a3bd2f6e97616067b6c355e422db689c08022c32f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671d-5a6c-47e0-b2c8-465102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:01.000Z",
"modified": "2016-03-16T14:01:01.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 7e50c67f1e94b154f110d5d73e2f312c",
"pattern": "[file:hashes.SHA1 = '956069c0b2dd84823e35deff62c969910624d437']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9671d-9ebc-4dea-ba27-455b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:01.000Z",
"modified": "2016-03-16T14:01:01.000Z",
"first_observed": "2016-03-16T14:01:01Z",
"last_observed": "2016-03-16T14:01:01Z",
"number_observed": 1,
"object_refs": [
"url--56e9671d-9ebc-4dea-ba27-455b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9671d-9ebc-4dea-ba27-455b02de0b81",
"value": "https://www.virustotal.com/file/5e6199f7cf3ddc4f16bd57a3bd2f6e97616067b6c355e422db689c08022c32f7/analysis/1457677439/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671e-7c1c-47b9-be92-419802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:02.000Z",
"modified": "2016-03-16T14:01:02.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 7c23f984170fd793cfde5fd68535d0a8",
"pattern": "[file:hashes.SHA256 = 'cf8c45fcafd11c10b4239dac1c4bac85b0e432b2912587b45c924acf9c9078ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671e-1570-44bf-962f-46f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:02.000Z",
"modified": "2016-03-16T14:01:02.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 7c23f984170fd793cfde5fd68535d0a8",
"pattern": "[file:hashes.SHA1 = 'f6873b6eb245deb5dae4aa3c4f79c91235a4998a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9671e-9310-4468-b96c-4f9202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:02.000Z",
"modified": "2016-03-16T14:01:02.000Z",
"first_observed": "2016-03-16T14:01:02Z",
"last_observed": "2016-03-16T14:01:02Z",
"number_observed": 1,
"object_refs": [
"url--56e9671e-9310-4468-b96c-4f9202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9671e-9310-4468-b96c-4f9202de0b81",
"value": "https://www.virustotal.com/file/cf8c45fcafd11c10b4239dac1c4bac85b0e432b2912587b45c924acf9c9078ad/analysis/1446814738/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671f-6788-4df0-9c5c-49bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:03.000Z",
"modified": "2016-03-16T14:01:03.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: f0f6544ddb26c55df2d6184f433d8c17",
"pattern": "[file:hashes.SHA256 = 'b1e19b637dc7c677d8d80de7b62220b2c92299acfc99246d369c6fd0d04472f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671f-9a78-4170-813e-4a7402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:03.000Z",
"modified": "2016-03-16T14:01:03.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: f0f6544ddb26c55df2d6184f433d8c17",
"pattern": "[file:hashes.SHA1 = '1421c353bfba53249fcbf0504b8580095cdd7e86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9671f-6b20-4ae1-a425-432d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:03.000Z",
"modified": "2016-03-16T14:01:03.000Z",
"first_observed": "2016-03-16T14:01:03Z",
"last_observed": "2016-03-16T14:01:03Z",
"number_observed": 1,
"object_refs": [
"url--56e9671f-6b20-4ae1-a425-432d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9671f-6b20-4ae1-a425-432d02de0b81",
"value": "https://www.virustotal.com/file/b1e19b637dc7c677d8d80de7b62220b2c92299acfc99246d369c6fd0d04472f0/analysis/1457677679/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9671f-c724-4589-aa03-45bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:03.000Z",
"modified": "2016-03-16T14:01:03.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 73b878e56f790dccf08bd2344b4031c8",
"pattern": "[file:hashes.SHA256 = '9b59554c61ed649e1d9de14fcd3281098156769825a6a17811ec644faab36214']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96720-3930-47bc-9d2d-492502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:04.000Z",
"modified": "2016-03-16T14:01:04.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 73b878e56f790dccf08bd2344b4031c8",
"pattern": "[file:hashes.SHA1 = '186129443141496fb60c1e8cff002ecde2b55255']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96720-da50-4b10-90ed-4e0f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:04.000Z",
"modified": "2016-03-16T14:01:04.000Z",
"first_observed": "2016-03-16T14:01:04Z",
"last_observed": "2016-03-16T14:01:04Z",
"number_observed": 1,
"object_refs": [
"url--56e96720-da50-4b10-90ed-4e0f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96720-da50-4b10-90ed-4e0f02de0b81",
"value": "https://www.virustotal.com/file/9b59554c61ed649e1d9de14fcd3281098156769825a6a17811ec644faab36214/analysis/1455075149/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96720-6b7c-4612-96d5-497302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:04.000Z",
"modified": "2016-03-16T14:01:04.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 1ab5f55763663ffb0807079397812b47",
"pattern": "[file:hashes.SHA256 = 'e392cb3d3b4dae9aabf84d90d5c53fb465c119596f870fbd3e03dbde06736ee5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96721-b778-4542-8a4a-48f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:05.000Z",
"modified": "2016-03-16T14:01:05.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 1ab5f55763663ffb0807079397812b47",
"pattern": "[file:hashes.SHA1 = 'f5f63583a604dc3d2cefad5ecdd1551771e59008']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96721-b83c-4e95-b91c-4e1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:05.000Z",
"modified": "2016-03-16T14:01:05.000Z",
"first_observed": "2016-03-16T14:01:05Z",
"last_observed": "2016-03-16T14:01:05Z",
"number_observed": 1,
"object_refs": [
"url--56e96721-b83c-4e95-b91c-4e1402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96721-b83c-4e95-b91c-4e1402de0b81",
"value": "https://www.virustotal.com/file/e392cb3d3b4dae9aabf84d90d5c53fb465c119596f870fbd3e03dbde06736ee5/analysis/1454455594/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96721-2040-45d3-8932-456d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:05.000Z",
"modified": "2016-03-16T14:01:05.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 522178a60b030bbab910cb86cfeaff20",
"pattern": "[file:hashes.SHA256 = '3a819fca00ea6e20bd57b9f186759565c81b11c2386fa5ab0f6476c385cedf78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96721-30ac-4157-b5c7-464a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:05.000Z",
"modified": "2016-03-16T14:01:05.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 522178a60b030bbab910cb86cfeaff20",
"pattern": "[file:hashes.SHA1 = 'dea0b32f1c529114f6ea9956996ca1c9628f427f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96722-258c-46bd-88aa-4a1c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:06.000Z",
"modified": "2016-03-16T14:01:06.000Z",
"first_observed": "2016-03-16T14:01:06Z",
"last_observed": "2016-03-16T14:01:06Z",
"number_observed": 1,
"object_refs": [
"url--56e96722-258c-46bd-88aa-4a1c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96722-258c-46bd-88aa-4a1c02de0b81",
"value": "https://www.virustotal.com/file/3a819fca00ea6e20bd57b9f186759565c81b11c2386fa5ab0f6476c385cedf78/analysis/1455074920/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96722-39ec-4274-a4af-4ba802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:06.000Z",
"modified": "2016-03-16T14:01:06.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 045c4b69d907833729fd83d937669f66",
"pattern": "[file:hashes.SHA256 = '91d21c69d7fa3cf605321f4c631e83b8db57270b3317c274bb473002ff38b8c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96722-807c-450b-9198-4d4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:06.000Z",
"modified": "2016-03-16T14:01:06.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 045c4b69d907833729fd83d937669f66",
"pattern": "[file:hashes.SHA1 = '3e513079b6513680c0d3d0f2f66b2119c59000f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96722-aa34-4a8b-9a6e-4ba602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:06.000Z",
"modified": "2016-03-16T14:01:06.000Z",
"first_observed": "2016-03-16T14:01:06Z",
"last_observed": "2016-03-16T14:01:06Z",
"number_observed": 1,
"object_refs": [
"url--56e96722-aa34-4a8b-9a6e-4ba602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96722-aa34-4a8b-9a6e-4ba602de0b81",
"value": "https://www.virustotal.com/file/91d21c69d7fa3cf605321f4c631e83b8db57270b3317c274bb473002ff38b8c6/analysis/1457023700/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96723-84ec-4e09-b881-4e2502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:07.000Z",
"modified": "2016-03-16T14:01:07.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ec4bef2233002d8fe568428d16e610b1",
"pattern": "[file:hashes.SHA256 = '2326ceea09f9313075eb61259c127d230e7f97641181624445f4138a9e9f4c51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96723-1334-437c-a4f2-469e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:07.000Z",
"modified": "2016-03-16T14:01:07.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ec4bef2233002d8fe568428d16e610b1",
"pattern": "[file:hashes.SHA1 = 'c729e3d3975eacd748c4b7d64ac2d9888b325bf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96723-fda4-414e-ba86-4d4602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:07.000Z",
"modified": "2016-03-16T14:01:07.000Z",
"first_observed": "2016-03-16T14:01:07Z",
"last_observed": "2016-03-16T14:01:07Z",
"number_observed": 1,
"object_refs": [
"url--56e96723-fda4-414e-ba86-4d4602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96723-fda4-414e-ba86-4d4602de0b81",
"value": "https://www.virustotal.com/file/2326ceea09f9313075eb61259c127d230e7f97641181624445f4138a9e9f4c51/analysis/1447074660/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96724-7cf4-4d48-be94-424202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:08.000Z",
"modified": "2016-03-16T14:01:08.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: f936afdd0b69d109215d295ab864d309",
"pattern": "[file:hashes.SHA256 = '05a1efc7bbe2d533e945e3facb2ba308c48964fe68f6058b1cc87854cb0ace7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96724-b0d0-427c-a60e-42ed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:08.000Z",
"modified": "2016-03-16T14:01:08.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: f936afdd0b69d109215d295ab864d309",
"pattern": "[file:hashes.SHA1 = 'ea1b8fce8fd4e8f6c7ea093ae763948c86d95a0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96724-302c-4eb9-8e32-412102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:08.000Z",
"modified": "2016-03-16T14:01:08.000Z",
"first_observed": "2016-03-16T14:01:08Z",
"last_observed": "2016-03-16T14:01:08Z",
"number_observed": 1,
"object_refs": [
"url--56e96724-302c-4eb9-8e32-412102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96724-302c-4eb9-8e32-412102de0b81",
"value": "https://www.virustotal.com/file/05a1efc7bbe2d533e945e3facb2ba308c48964fe68f6058b1cc87854cb0ace7b/analysis/1446703593/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96724-af0c-44b4-b9f0-482002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:08.000Z",
"modified": "2016-03-16T14:01:08.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 4d7ad9ab4c1d40365da60d4f2f195db4",
"pattern": "[file:hashes.SHA256 = '67c60606a3fa28cbf706c1b52be123fd798df3f30c938e5eb294e8344aca40f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96725-36c0-4884-9198-485702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:09.000Z",
"modified": "2016-03-16T14:01:09.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 4d7ad9ab4c1d40365da60d4f2f195db4",
"pattern": "[file:hashes.SHA1 = 'bdc2905298b718f94a64ab8441fcc2c038417af9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96725-22e4-4cc2-9cdb-4d8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:09.000Z",
"modified": "2016-03-16T14:01:09.000Z",
"first_observed": "2016-03-16T14:01:09Z",
"last_observed": "2016-03-16T14:01:09Z",
"number_observed": 1,
"object_refs": [
"url--56e96725-22e4-4cc2-9cdb-4d8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96725-22e4-4cc2-9cdb-4d8f02de0b81",
"value": "https://www.virustotal.com/file/67c60606a3fa28cbf706c1b52be123fd798df3f30c938e5eb294e8344aca40f5/analysis/1448493965/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96725-7330-47b6-b068-4fa602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:09.000Z",
"modified": "2016-03-16T14:01:09.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: eb01bbfe8ca7e8f59aab475ad1f18245",
"pattern": "[file:hashes.SHA256 = 'dd3406409f33590aabf9bdfa7e55b6872f1d42ef96f1dec24072328072f54cec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96725-f368-4cf6-a37a-40ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:09.000Z",
"modified": "2016-03-16T14:01:09.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: eb01bbfe8ca7e8f59aab475ad1f18245",
"pattern": "[file:hashes.SHA1 = '0bebfcdb6f23b7bb749633068e176c35a72768cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96726-d4ec-4a5f-9bc9-439202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:10.000Z",
"modified": "2016-03-16T14:01:10.000Z",
"first_observed": "2016-03-16T14:01:10Z",
"last_observed": "2016-03-16T14:01:10Z",
"number_observed": 1,
"object_refs": [
"url--56e96726-d4ec-4a5f-9bc9-439202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96726-d4ec-4a5f-9bc9-439202de0b81",
"value": "https://www.virustotal.com/file/dd3406409f33590aabf9bdfa7e55b6872f1d42ef96f1dec24072328072f54cec/analysis/1457677655/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96726-ef54-4ffb-8a86-432b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:10.000Z",
"modified": "2016-03-16T14:01:10.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 92d6366d692a1b3691dce1379bb7b5aa",
"pattern": "[file:hashes.SHA256 = '375e903d8a81e9cd84c452884524f678b1d3bb9c828882860315415037fb861d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96726-3d4c-4ff4-8364-47c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:10.000Z",
"modified": "2016-03-16T14:01:10.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 92d6366d692a1b3691dce1379bb7b5aa",
"pattern": "[file:hashes.SHA1 = 'c45aa8713b357a06db13e3164b0b0f89cff1956c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96727-4cf0-4067-8f2b-4b0f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:11.000Z",
"modified": "2016-03-16T14:01:11.000Z",
"first_observed": "2016-03-16T14:01:11Z",
"last_observed": "2016-03-16T14:01:11Z",
"number_observed": 1,
"object_refs": [
"url--56e96727-4cf0-4067-8f2b-4b0f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96727-4cf0-4067-8f2b-4b0f02de0b81",
"value": "https://www.virustotal.com/file/375e903d8a81e9cd84c452884524f678b1d3bb9c828882860315415037fb861d/analysis/1457502832/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96727-2284-459e-bb99-4b2e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:11.000Z",
"modified": "2016-03-16T14:01:11.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: c303a6ac44e3c59a9c3613ac9f92373b",
"pattern": "[file:hashes.SHA256 = '86f6bdf40e132a9788415f6bda100f20fdaa07638c0ddc80ded99c59e8f0fd83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96727-ef70-400c-9c4a-423702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:11.000Z",
"modified": "2016-03-16T14:01:11.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: c303a6ac44e3c59a9c3613ac9f92373b",
"pattern": "[file:hashes.SHA1 = 'eb5df6b6b4037a4117d203ce643371e68d13355c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96727-53a4-43ca-a224-4f3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:11.000Z",
"modified": "2016-03-16T14:01:11.000Z",
"first_observed": "2016-03-16T14:01:11Z",
"last_observed": "2016-03-16T14:01:11Z",
"number_observed": 1,
"object_refs": [
"url--56e96727-53a4-43ca-a224-4f3102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96727-53a4-43ca-a224-4f3102de0b81",
"value": "https://www.virustotal.com/file/86f6bdf40e132a9788415f6bda100f20fdaa07638c0ddc80ded99c59e8f0fd83/analysis/1457677561/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96728-6a84-4cf8-9c1d-459002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:12.000Z",
"modified": "2016-03-16T14:01:12.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2eea994efa88e0a612e82ee3e08e78f1",
"pattern": "[file:hashes.SHA256 = '57a162ef2bac41b885f8072e0b2a23ee481bbdeec870251e5e26d076f3a890ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96728-28d0-4923-a546-4d6802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:12.000Z",
"modified": "2016-03-16T14:01:12.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2eea994efa88e0a612e82ee3e08e78f1",
"pattern": "[file:hashes.SHA1 = 'a6eae7a078589bc84147ecce0d0239f8056fe2a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96728-d0a0-4f23-8d2e-4a0f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:12.000Z",
"modified": "2016-03-16T14:01:12.000Z",
"first_observed": "2016-03-16T14:01:12Z",
"last_observed": "2016-03-16T14:01:12Z",
"number_observed": 1,
"object_refs": [
"url--56e96728-d0a0-4f23-8d2e-4a0f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96728-d0a0-4f23-8d2e-4a0f02de0b81",
"value": "https://www.virustotal.com/file/57a162ef2bac41b885f8072e0b2a23ee481bbdeec870251e5e26d076f3a890ae/analysis/1457677249/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96729-d820-44c8-8602-4e1102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:12.000Z",
"modified": "2016-03-16T14:01:12.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 9b77eb38e32d43a97c5bde5ec829c5ca",
"pattern": "[file:hashes.SHA256 = 'f2eb8c2b40d0e483e778a521b64dbbdd0997d31af3264ef2c8017adca2f21561']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96729-c2cc-45e7-a0a5-4e4902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:13.000Z",
"modified": "2016-03-16T14:01:13.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 9b77eb38e32d43a97c5bde5ec829c5ca",
"pattern": "[file:hashes.SHA1 = '892acd433c3fcf8ca5b9c881d0dfd98ed88c059e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96729-3fdc-44c7-a058-4e1702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:13.000Z",
"modified": "2016-03-16T14:01:13.000Z",
"first_observed": "2016-03-16T14:01:13Z",
"last_observed": "2016-03-16T14:01:13Z",
"number_observed": 1,
"object_refs": [
"url--56e96729-3fdc-44c7-a058-4e1702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96729-3fdc-44c7-a058-4e1702de0b81",
"value": "https://www.virustotal.com/file/f2eb8c2b40d0e483e778a521b64dbbdd0997d31af3264ef2c8017adca2f21561/analysis/1457023698/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96729-6694-4dfa-a382-485002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:13.000Z",
"modified": "2016-03-16T14:01:13.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: f9798f171194ee4fec5334ded3d786e7",
"pattern": "[file:hashes.SHA256 = '221913be6d35172556fd4444b15b70f921d3fc8f4b3c786be693eefde744d70d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672a-fdc8-470f-9ff8-4ff202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:14.000Z",
"modified": "2016-03-16T14:01:14.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: f9798f171194ee4fec5334ded3d786e7",
"pattern": "[file:hashes.SHA1 = 'd95a5f9a69cb4c4aa094accd3921f4b22078872b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9672a-cd40-43f5-97a4-414c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:14.000Z",
"modified": "2016-03-16T14:01:14.000Z",
"first_observed": "2016-03-16T14:01:14Z",
"last_observed": "2016-03-16T14:01:14Z",
"number_observed": 1,
"object_refs": [
"url--56e9672a-cd40-43f5-97a4-414c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9672a-cd40-43f5-97a4-414c02de0b81",
"value": "https://www.virustotal.com/file/221913be6d35172556fd4444b15b70f921d3fc8f4b3c786be693eefde744d70d/analysis/1457023697/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672a-7a28-4eff-86d5-461302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:14.000Z",
"modified": "2016-03-16T14:01:14.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2507f545a2d6e52ade2d7708d9ce89d1",
"pattern": "[file:hashes.SHA256 = '52215e39337aefcdceb1000bdb40de70eb20e0148b01bdf80eaa47f8fa2ee7b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672a-bcc0-42bf-8307-405602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:14.000Z",
"modified": "2016-03-16T14:01:14.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2507f545a2d6e52ade2d7708d9ce89d1",
"pattern": "[file:hashes.SHA1 = 'e158f4870d869055752467e0774e09c49dcac515']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9672b-30cc-48d3-bf39-465802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:15.000Z",
"modified": "2016-03-16T14:01:15.000Z",
"first_observed": "2016-03-16T14:01:15Z",
"last_observed": "2016-03-16T14:01:15Z",
"number_observed": 1,
"object_refs": [
"url--56e9672b-30cc-48d3-bf39-465802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9672b-30cc-48d3-bf39-465802de0b81",
"value": "https://www.virustotal.com/file/52215e39337aefcdceb1000bdb40de70eb20e0148b01bdf80eaa47f8fa2ee7b0/analysis/1457023698/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672b-f7c0-4fce-8b2a-493d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:15.000Z",
"modified": "2016-03-16T14:01:15.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 16eb146eee147a333ef82d39266d5cfb",
"pattern": "[file:hashes.SHA256 = '3f7e8f181a6d5bc4888135aed6bf14817cbf9fe28984ace484943069c051909c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672b-73e8-4e1c-84da-418c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:15.000Z",
"modified": "2016-03-16T14:01:15.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 16eb146eee147a333ef82d39266d5cfb",
"pattern": "[file:hashes.SHA1 = '7abea945bce42f5fa6d59d1f0e2fe71a4ac12a41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9672c-f2ec-4c7b-a5c2-4dab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:16.000Z",
"modified": "2016-03-16T14:01:16.000Z",
"first_observed": "2016-03-16T14:01:16Z",
"last_observed": "2016-03-16T14:01:16Z",
"number_observed": 1,
"object_refs": [
"url--56e9672c-f2ec-4c7b-a5c2-4dab02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9672c-f2ec-4c7b-a5c2-4dab02de0b81",
"value": "https://www.virustotal.com/file/3f7e8f181a6d5bc4888135aed6bf14817cbf9fe28984ace484943069c051909c/analysis/1457677186/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672c-2410-4cac-8ce8-483102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:16.000Z",
"modified": "2016-03-16T14:01:16.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0255f73a32bf781c786d19d149ddfb90",
"pattern": "[file:hashes.SHA256 = '4ebc8402f6ae2e14949180c62fd34b90d0076841175fbc73af061724c77b7230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672c-3d00-42e8-bcb1-470102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:16.000Z",
"modified": "2016-03-16T14:01:16.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0255f73a32bf781c786d19d149ddfb90",
"pattern": "[file:hashes.SHA1 = 'dd1f54c8d3c937cbf561808c4d2991b135e0faeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9672c-7da0-480b-88ee-4d3a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:16.000Z",
"modified": "2016-03-16T14:01:16.000Z",
"first_observed": "2016-03-16T14:01:16Z",
"last_observed": "2016-03-16T14:01:16Z",
"number_observed": 1,
"object_refs": [
"url--56e9672c-7da0-480b-88ee-4d3a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9672c-7da0-480b-88ee-4d3a02de0b81",
"value": "https://www.virustotal.com/file/4ebc8402f6ae2e14949180c62fd34b90d0076841175fbc73af061724c77b7230/analysis/1457502267/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672d-88c8-4ebf-be01-459f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:17.000Z",
"modified": "2016-03-16T14:01:17.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 75798547f0ddca076070bcea67a0b064",
"pattern": "[file:hashes.SHA256 = '8a20bca39e9c61120ec2c2d5730e4945ec9c092fc2cd0c9e778937d3dfa0a6b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672d-8bec-496d-b99e-493502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:17.000Z",
"modified": "2016-03-16T14:01:17.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 75798547f0ddca076070bcea67a0b064",
"pattern": "[file:hashes.SHA1 = '1c104d02048ad62224e0f725cee1becfb75d4976']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9672d-bb78-4a05-8fc3-45f302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:17.000Z",
"modified": "2016-03-16T14:01:17.000Z",
"first_observed": "2016-03-16T14:01:17Z",
"last_observed": "2016-03-16T14:01:17Z",
"number_observed": 1,
"object_refs": [
"url--56e9672d-bb78-4a05-8fc3-45f302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9672d-bb78-4a05-8fc3-45f302de0b81",
"value": "https://www.virustotal.com/file/8a20bca39e9c61120ec2c2d5730e4945ec9c092fc2cd0c9e778937d3dfa0a6b5/analysis/1457677426/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672e-9bd8-4692-9eb3-496702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:18.000Z",
"modified": "2016-03-16T14:01:18.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 4b1a627c43d4e0af504bf20023e74f6b",
"pattern": "[file:hashes.SHA256 = '64f72f1237410ae4bd54220de443b9266bef5eb6e2a058c418a9989754236e4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672e-5eac-4e9b-83b6-408602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:18.000Z",
"modified": "2016-03-16T14:01:18.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 4b1a627c43d4e0af504bf20023e74f6b",
"pattern": "[file:hashes.SHA1 = 'e83dac8806b0a5014d3df888c62a84c08933032b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9672e-5148-4443-9e27-4e9d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:18.000Z",
"modified": "2016-03-16T14:01:18.000Z",
"first_observed": "2016-03-16T14:01:18Z",
"last_observed": "2016-03-16T14:01:18Z",
"number_observed": 1,
"object_refs": [
"url--56e9672e-5148-4443-9e27-4e9d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9672e-5148-4443-9e27-4e9d02de0b81",
"value": "https://www.virustotal.com/file/64f72f1237410ae4bd54220de443b9266bef5eb6e2a058c418a9989754236e4e/analysis/1455262428/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672e-8e5c-4f9d-889e-4e3d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:18.000Z",
"modified": "2016-03-16T14:01:18.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: ab6b6f675e48d818044c5e66d05813ce",
"pattern": "[file:hashes.SHA256 = 'a321a6679171831d0e8e0e0b4216893171bfdd113b7aa7ac975fa424c92873ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672f-7374-490f-916b-4e2e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:19.000Z",
"modified": "2016-03-16T14:01:19.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: ab6b6f675e48d818044c5e66d05813ce",
"pattern": "[file:hashes.SHA1 = 'e42b2966dd2b4edd2203cbeaa8dd1afd5c1ea2ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9672f-c5e4-42b3-9ed1-4f2902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:19.000Z",
"modified": "2016-03-16T14:01:19.000Z",
"first_observed": "2016-03-16T14:01:19Z",
"last_observed": "2016-03-16T14:01:19Z",
"number_observed": 1,
"object_refs": [
"url--56e9672f-c5e4-42b3-9ed1-4f2902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9672f-c5e4-42b3-9ed1-4f2902de0b81",
"value": "https://www.virustotal.com/file/a321a6679171831d0e8e0e0b4216893171bfdd113b7aa7ac975fa424c92873ce/analysis/1457023696/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9672f-c42c-45d1-b825-436e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:19.000Z",
"modified": "2016-03-16T14:01:19.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2d58826fbff197918caa805aeed86059",
"pattern": "[file:hashes.SHA256 = 'a6f88de9a16a46e0d544594e6024a0cf93d67fc00e5750b7c144d963226777cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96730-2558-4cce-8ee7-4c6802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:20.000Z",
"modified": "2016-03-16T14:01:20.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2d58826fbff197918caa805aeed86059",
"pattern": "[file:hashes.SHA1 = '0c10e5e2471e99283547d23cc9228d3541a5f8ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96730-03c4-4b76-8d42-49b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:20.000Z",
"modified": "2016-03-16T14:01:20.000Z",
"first_observed": "2016-03-16T14:01:20Z",
"last_observed": "2016-03-16T14:01:20Z",
"number_observed": 1,
"object_refs": [
"url--56e96730-03c4-4b76-8d42-49b902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96730-03c4-4b76-8d42-49b902de0b81",
"value": "https://www.virustotal.com/file/a6f88de9a16a46e0d544594e6024a0cf93d67fc00e5750b7c144d963226777cc/analysis/1457023696/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96730-1c40-4a03-8596-424102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:20.000Z",
"modified": "2016-03-16T14:01:20.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: c3af6b938988a88ea2dc2e59f8418062",
"pattern": "[file:hashes.SHA256 = '62f55a2761a4c7acbb1001ac89b07216a511f941a08666ac4d55e092d599a861']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96730-e9cc-4b41-b803-4a0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:20.000Z",
"modified": "2016-03-16T14:01:20.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: c3af6b938988a88ea2dc2e59f8418062",
"pattern": "[file:hashes.SHA1 = 'af4d8fb994b4a666b585315660349cbc412df689']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96731-f214-4d06-8d23-417902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:21.000Z",
"modified": "2016-03-16T14:01:21.000Z",
"first_observed": "2016-03-16T14:01:21Z",
"last_observed": "2016-03-16T14:01:21Z",
"number_observed": 1,
"object_refs": [
"url--56e96731-f214-4d06-8d23-417902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96731-f214-4d06-8d23-417902de0b81",
"value": "https://www.virustotal.com/file/62f55a2761a4c7acbb1001ac89b07216a511f941a08666ac4d55e092d599a861/analysis/1457677561/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96731-1d5c-47a7-b867-45d402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:21.000Z",
"modified": "2016-03-16T14:01:21.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 9b674985a412c4c07d52c7482c2ed286",
"pattern": "[file:hashes.SHA256 = '1a8c9e2967f7a3a5dcc7115657a78caf9f0ab089634bf1f70253285e4b583416']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96731-11dc-4e22-a517-4e5202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:21.000Z",
"modified": "2016-03-16T14:01:21.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 9b674985a412c4c07d52c7482c2ed286",
"pattern": "[file:hashes.SHA1 = 'fdb53df74b6d4c5cc2ad78fc1e195867cbfdff34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96732-92ec-42c9-9e42-467c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:22.000Z",
"modified": "2016-03-16T14:01:22.000Z",
"first_observed": "2016-03-16T14:01:22Z",
"last_observed": "2016-03-16T14:01:22Z",
"number_observed": 1,
"object_refs": [
"url--56e96732-92ec-42c9-9e42-467c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96732-92ec-42c9-9e42-467c02de0b81",
"value": "https://www.virustotal.com/file/1a8c9e2967f7a3a5dcc7115657a78caf9f0ab089634bf1f70253285e4b583416/analysis/1457023696/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96732-bc9c-41fa-b367-4ade02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:22.000Z",
"modified": "2016-03-16T14:01:22.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: d0152f228e934dcafa866445c08e3242",
"pattern": "[file:hashes.SHA256 = '70f9cb076e00542cb7e762f34df5ca50b1166bb6cf7d5c4b25a71450e5e5a025']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96732-a920-409c-b9ee-4ead02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:22.000Z",
"modified": "2016-03-16T14:01:22.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: d0152f228e934dcafa866445c08e3242",
"pattern": "[file:hashes.SHA1 = '968d801c4eaa176f2caea1abf2f9f655f9f9ec6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96732-1634-43d1-8739-4e4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:22.000Z",
"modified": "2016-03-16T14:01:22.000Z",
"first_observed": "2016-03-16T14:01:22Z",
"last_observed": "2016-03-16T14:01:22Z",
"number_observed": 1,
"object_refs": [
"url--56e96732-1634-43d1-8739-4e4b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96732-1634-43d1-8739-4e4b02de0b81",
"value": "https://www.virustotal.com/file/70f9cb076e00542cb7e762f34df5ca50b1166bb6cf7d5c4b25a71450e5e5a025/analysis/1457023694/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96733-9a2c-40da-8329-4fb002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:23.000Z",
"modified": "2016-03-16T14:01:23.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: e2d1309893c0de5a026a2ae9e8ada486",
"pattern": "[file:hashes.SHA256 = '17e005dd7a902324e050ffa5014b31ce780d24ce92ef8969826772a05d34961c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96733-6af8-48c1-b212-4fd002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:23.000Z",
"modified": "2016-03-16T14:01:23.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: e2d1309893c0de5a026a2ae9e8ada486",
"pattern": "[file:hashes.SHA1 = '4379fc4707c583d6872f09008e21fffea7b0fd68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96733-b954-448e-b477-40c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:23.000Z",
"modified": "2016-03-16T14:01:23.000Z",
"first_observed": "2016-03-16T14:01:23Z",
"last_observed": "2016-03-16T14:01:23Z",
"number_observed": 1,
"object_refs": [
"url--56e96733-b954-448e-b477-40c502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96733-b954-448e-b477-40c502de0b81",
"value": "https://www.virustotal.com/file/17e005dd7a902324e050ffa5014b31ce780d24ce92ef8969826772a05d34961c/analysis/1457023695/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96733-8334-4499-881f-4bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:23.000Z",
"modified": "2016-03-16T14:01:23.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: adf657337d7fa7fa07c72b12fb880e41",
"pattern": "[file:hashes.SHA256 = 'a013a3cf086847e1b1c36ff14d23e5d9b65627d4997b6b68381c6d6f729b85e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96734-ef80-4f63-9706-4e3f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:24.000Z",
"modified": "2016-03-16T14:01:24.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: adf657337d7fa7fa07c72b12fb880e41",
"pattern": "[file:hashes.SHA1 = '70d6ee2dd0b600025b401b73130c502c9de96c87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96734-0f04-4a53-819f-44bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:24.000Z",
"modified": "2016-03-16T14:01:24.000Z",
"first_observed": "2016-03-16T14:01:24Z",
"last_observed": "2016-03-16T14:01:24Z",
"number_observed": 1,
"object_refs": [
"url--56e96734-0f04-4a53-819f-44bf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96734-0f04-4a53-819f-44bf02de0b81",
"value": "https://www.virustotal.com/file/a013a3cf086847e1b1c36ff14d23e5d9b65627d4997b6b68381c6d6f729b85e6/analysis/1457023694/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96734-7ed8-41cb-83ef-449e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:24.000Z",
"modified": "2016-03-16T14:01:24.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 8c30ed1bc13feaa8e937be0f6a739be4",
"pattern": "[file:hashes.SHA256 = '808c43ddb13b876699a8d0914b100b4e4a52bc4f2f5a3db7f55939743257d239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96735-bad8-4011-839d-4b2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:25.000Z",
"modified": "2016-03-16T14:01:25.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 8c30ed1bc13feaa8e937be0f6a739be4",
"pattern": "[file:hashes.SHA1 = '73d00ad49547b8a59aa5a30fc03ba8b0ef86e257']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96735-2784-4f59-ad45-489502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:25.000Z",
"modified": "2016-03-16T14:01:25.000Z",
"first_observed": "2016-03-16T14:01:25Z",
"last_observed": "2016-03-16T14:01:25Z",
"number_observed": 1,
"object_refs": [
"url--56e96735-2784-4f59-ad45-489502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96735-2784-4f59-ad45-489502de0b81",
"value": "https://www.virustotal.com/file/808c43ddb13b876699a8d0914b100b4e4a52bc4f2f5a3db7f55939743257d239/analysis/1441449488/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96735-d350-42c0-9531-474202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:25.000Z",
"modified": "2016-03-16T14:01:25.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: af071cd2420057090cfe33fefa139d01",
"pattern": "[file:hashes.SHA256 = '9af8a5c346443a9b0a06bdcc8c4e70ff617d0f6d1d05f5bff9ed22b43ac93049']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96735-8668-43cc-b2f6-499402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:25.000Z",
"modified": "2016-03-16T14:01:25.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: af071cd2420057090cfe33fefa139d01",
"pattern": "[file:hashes.SHA1 = 'f744de801831433bad87ef91cd52c75fa9483239']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96736-1db4-44d2-8937-4c3402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:26.000Z",
"modified": "2016-03-16T14:01:26.000Z",
"first_observed": "2016-03-16T14:01:26Z",
"last_observed": "2016-03-16T14:01:26Z",
"number_observed": 1,
"object_refs": [
"url--56e96736-1db4-44d2-8937-4c3402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96736-1db4-44d2-8937-4c3402de0b81",
"value": "https://www.virustotal.com/file/9af8a5c346443a9b0a06bdcc8c4e70ff617d0f6d1d05f5bff9ed22b43ac93049/analysis/1457023695/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96736-a8b0-4eb2-b336-4a5802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:26.000Z",
"modified": "2016-03-16T14:01:26.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 99d93e0c6bf9cf9acb92580686f6b743",
"pattern": "[file:hashes.SHA256 = '9aefdda207f4ee5d8621b25eb605bbe6bdd861e56f8de1b885f08d090b86338e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96736-3678-4275-8026-483302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:26.000Z",
"modified": "2016-03-16T14:01:26.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 99d93e0c6bf9cf9acb92580686f6b743",
"pattern": "[file:hashes.SHA1 = '8fc1f5f09f918816b5f5ff2ceb133d5c0c336bdd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96737-3480-4ff5-9d8d-4b6302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:27.000Z",
"modified": "2016-03-16T14:01:27.000Z",
"first_observed": "2016-03-16T14:01:27Z",
"last_observed": "2016-03-16T14:01:27Z",
"number_observed": 1,
"object_refs": [
"url--56e96737-3480-4ff5-9d8d-4b6302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96737-3480-4ff5-9d8d-4b6302de0b81",
"value": "https://www.virustotal.com/file/9aefdda207f4ee5d8621b25eb605bbe6bdd861e56f8de1b885f08d090b86338e/analysis/1457023694/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96737-c498-42c3-8795-4d6d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:27.000Z",
"modified": "2016-03-16T14:01:27.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6a1c037c66184aa39096933f75d2d8ca",
"pattern": "[file:hashes.SHA256 = '7150ed7a0b12a08183bfec3281b1f3b8d4f01577bc24811a03a9d6223d0e6d8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96737-7120-4865-86d7-480302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:27.000Z",
"modified": "2016-03-16T14:01:27.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6a1c037c66184aa39096933f75d2d8ca",
"pattern": "[file:hashes.SHA1 = '8f70d77577ccc3428dd0f33c5b83858b5c5f5cff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96737-23b4-4d1a-bfc6-476f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:27.000Z",
"modified": "2016-03-16T14:01:27.000Z",
"first_observed": "2016-03-16T14:01:27Z",
"last_observed": "2016-03-16T14:01:27Z",
"number_observed": 1,
"object_refs": [
"url--56e96737-23b4-4d1a-bfc6-476f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96737-23b4-4d1a-bfc6-476f02de0b81",
"value": "https://www.virustotal.com/file/7150ed7a0b12a08183bfec3281b1f3b8d4f01577bc24811a03a9d6223d0e6d8a/analysis/1457023694/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96738-8b5c-4358-869d-4ed502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:28.000Z",
"modified": "2016-03-16T14:01:28.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 8a0db32b97be106d2834739ffd65715b",
"pattern": "[file:hashes.SHA256 = 'fe048bb499a85f51a739a773664d0fa0474c15eba527ed9031f544e6e9710d05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96738-36b8-45db-9c66-4b2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:28.000Z",
"modified": "2016-03-16T14:01:28.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 8a0db32b97be106d2834739ffd65715b",
"pattern": "[file:hashes.SHA1 = 'a91069338fbfb65c621e505f90dc013e470ee6b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96738-8c50-4002-beb3-426802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:28.000Z",
"modified": "2016-03-16T14:01:28.000Z",
"first_observed": "2016-03-16T14:01:28Z",
"last_observed": "2016-03-16T14:01:28Z",
"number_observed": 1,
"object_refs": [
"url--56e96738-8c50-4002-beb3-426802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96738-8c50-4002-beb3-426802de0b81",
"value": "https://www.virustotal.com/file/fe048bb499a85f51a739a773664d0fa0474c15eba527ed9031f544e6e9710d05/analysis/1457023693/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96738-e800-4bcb-9dcb-475202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:28.000Z",
"modified": "2016-03-16T14:01:28.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: a73494ca564f6404488a985cefd96f56",
"pattern": "[file:hashes.SHA256 = 'f147494780e6faa095b352183be5373de023e7d71fc127dacb00ad953577ebb7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96739-6b04-455a-8c01-461402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:29.000Z",
"modified": "2016-03-16T14:01:29.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: a73494ca564f6404488a985cefd96f56",
"pattern": "[file:hashes.SHA1 = '6d15452fdf3719bf57e4c1c6424b948f7111e912']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96739-f8e0-472b-9f67-4f1802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:29.000Z",
"modified": "2016-03-16T14:01:29.000Z",
"first_observed": "2016-03-16T14:01:29Z",
"last_observed": "2016-03-16T14:01:29Z",
"number_observed": 1,
"object_refs": [
"url--56e96739-f8e0-472b-9f67-4f1802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96739-f8e0-472b-9f67-4f1802de0b81",
"value": "https://www.virustotal.com/file/f147494780e6faa095b352183be5373de023e7d71fc127dacb00ad953577ebb7/analysis/1457023693/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96739-0840-4bb6-ae56-4d2502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:29.000Z",
"modified": "2016-03-16T14:01:29.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 44145124e046804bf579c8839b63a9a7",
"pattern": "[file:hashes.SHA256 = '7baac6f22c24ce505c0b34855d073b4f9808b6f627559015c623a6fdec35bf21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673a-0134-4d46-8429-438402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:30.000Z",
"modified": "2016-03-16T14:01:30.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 44145124e046804bf579c8839b63a9a7",
"pattern": "[file:hashes.SHA1 = 'd9820ef32911421161241871304c277cb01a5c5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9673a-6150-4e84-8ff4-4de402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:30.000Z",
"modified": "2016-03-16T14:01:30.000Z",
"first_observed": "2016-03-16T14:01:30Z",
"last_observed": "2016-03-16T14:01:30Z",
"number_observed": 1,
"object_refs": [
"url--56e9673a-6150-4e84-8ff4-4de402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9673a-6150-4e84-8ff4-4de402de0b81",
"value": "https://www.virustotal.com/file/7baac6f22c24ce505c0b34855d073b4f9808b6f627559015c623a6fdec35bf21/analysis/1457023692/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673a-e2bc-4bec-a178-40d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:30.000Z",
"modified": "2016-03-16T14:01:30.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 3e7c2791ff7bc14ef30bba74954ef1e2",
"pattern": "[file:hashes.SHA256 = '7237c1052e25fccbf4ba53bcb1853618a92cbf8709d2d6906024e03ea4cceea9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673a-3b34-49e6-9016-45d902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:30.000Z",
"modified": "2016-03-16T14:01:30.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 3e7c2791ff7bc14ef30bba74954ef1e2",
"pattern": "[file:hashes.SHA1 = '04805d76ced9e314ca85d610ecf90aa95a1276e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9673b-7870-425e-8755-4b1402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:31.000Z",
"modified": "2016-03-16T14:01:31.000Z",
"first_observed": "2016-03-16T14:01:31Z",
"last_observed": "2016-03-16T14:01:31Z",
"number_observed": 1,
"object_refs": [
"url--56e9673b-7870-425e-8755-4b1402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9673b-7870-425e-8755-4b1402de0b81",
"value": "https://www.virustotal.com/file/7237c1052e25fccbf4ba53bcb1853618a92cbf8709d2d6906024e03ea4cceea9/analysis/1457023692/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673b-db64-4fb3-8271-491c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:31.000Z",
"modified": "2016-03-16T14:01:31.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 90b07bc12b45f2eb1b0305949f2cec25",
"pattern": "[file:hashes.SHA256 = 'dac2dc97d581f2cec688fe577096b60d9e525a807d239c1cc003ea9ef524bbd8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673b-ec90-43b6-ae5e-4e4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:31.000Z",
"modified": "2016-03-16T14:01:31.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 90b07bc12b45f2eb1b0305949f2cec25",
"pattern": "[file:hashes.SHA1 = 'c1cc12a3f8693c150bea97b027f5de4bb9a644ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9673b-aa48-4da9-923f-462602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:31.000Z",
"modified": "2016-03-16T14:01:31.000Z",
"first_observed": "2016-03-16T14:01:31Z",
"last_observed": "2016-03-16T14:01:31Z",
"number_observed": 1,
"object_refs": [
"url--56e9673b-aa48-4da9-923f-462602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9673b-aa48-4da9-923f-462602de0b81",
"value": "https://www.virustotal.com/file/dac2dc97d581f2cec688fe577096b60d9e525a807d239c1cc003ea9ef524bbd8/analysis/1457677462/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673c-63fc-4117-9dc3-470802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:32.000Z",
"modified": "2016-03-16T14:01:32.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 95cba4805f980e8c1df180b660e2abb4",
"pattern": "[file:hashes.SHA256 = '75c62fd62a7a71ab357c578ed8af5a9e8b6fbcd6706242192f6012b83758993a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673c-94c8-45c6-b7a5-425802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:32.000Z",
"modified": "2016-03-16T14:01:32.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 95cba4805f980e8c1df180b660e2abb4",
"pattern": "[file:hashes.SHA1 = 'acf0dcf5981f383dd2558663e917907c058566ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9673c-0788-48ae-9760-41df02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:32.000Z",
"modified": "2016-03-16T14:01:32.000Z",
"first_observed": "2016-03-16T14:01:32Z",
"last_observed": "2016-03-16T14:01:32Z",
"number_observed": 1,
"object_refs": [
"url--56e9673c-0788-48ae-9760-41df02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9673c-0788-48ae-9760-41df02de0b81",
"value": "https://www.virustotal.com/file/75c62fd62a7a71ab357c578ed8af5a9e8b6fbcd6706242192f6012b83758993a/analysis/1457853852/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673d-f254-41f8-921a-494e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:33.000Z",
"modified": "2016-03-16T14:01:33.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: cedb0fc3dfbb748fdcbb3eae9eb0a3f1",
"pattern": "[file:hashes.SHA256 = '5481af07cff7edf221b3c05bb24780e58b321595c40b776da4fb7cde4693dfba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673d-2c84-4369-8dff-457702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:33.000Z",
"modified": "2016-03-16T14:01:33.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: cedb0fc3dfbb748fdcbb3eae9eb0a3f1",
"pattern": "[file:hashes.SHA1 = '2bc0fba586148f69616239a1c939ddaff371bd14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9673d-71d8-4e2b-9124-46f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:33.000Z",
"modified": "2016-03-16T14:01:33.000Z",
"first_observed": "2016-03-16T14:01:33Z",
"last_observed": "2016-03-16T14:01:33Z",
"number_observed": 1,
"object_refs": [
"url--56e9673d-71d8-4e2b-9124-46f502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9673d-71d8-4e2b-9124-46f502de0b81",
"value": "https://www.virustotal.com/file/5481af07cff7edf221b3c05bb24780e58b321595c40b776da4fb7cde4693dfba/analysis/1457677587/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673d-8490-4605-9c75-435f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:33.000Z",
"modified": "2016-03-16T14:01:33.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b2ed9415d7cf9bc06f8ccb8cfdba1ad6",
"pattern": "[file:hashes.SHA256 = '51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673e-0308-4858-a617-4e5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:34.000Z",
"modified": "2016-03-16T14:01:34.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: b2ed9415d7cf9bc06f8ccb8cfdba1ad6",
"pattern": "[file:hashes.SHA1 = '02996c6faf5da9f6a6a909fcb800e4490f9406f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9673e-3730-4d64-81cf-484002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:34.000Z",
"modified": "2016-03-16T14:01:34.000Z",
"first_observed": "2016-03-16T14:01:34Z",
"last_observed": "2016-03-16T14:01:34Z",
"number_observed": 1,
"object_refs": [
"url--56e9673e-3730-4d64-81cf-484002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9673e-3730-4d64-81cf-484002de0b81",
"value": "https://www.virustotal.com/file/51cb06da2422a76bc707333f5d09a4216014771b8f1f00c24c7194fd60acf4d1/analysis/1457677540/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673e-04b8-44ba-8abc-4a9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:34.000Z",
"modified": "2016-03-16T14:01:34.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 7ccc752b5956b86b966d15a6a4cf6df0",
"pattern": "[file:hashes.SHA256 = '20209d23c45ffc377d09a53439af30f516ee833d78fb16f4eb9c74752c343fca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673e-3cfc-46f3-9cdf-4d8b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:34.000Z",
"modified": "2016-03-16T14:01:34.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 7ccc752b5956b86b966d15a6a4cf6df0",
"pattern": "[file:hashes.SHA1 = '455498910d59fbe4789ed8137929cc63aca4ae1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9673f-2368-4d93-b10a-4bcf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:35.000Z",
"modified": "2016-03-16T14:01:35.000Z",
"first_observed": "2016-03-16T14:01:35Z",
"last_observed": "2016-03-16T14:01:35Z",
"number_observed": 1,
"object_refs": [
"url--56e9673f-2368-4d93-b10a-4bcf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9673f-2368-4d93-b10a-4bcf02de0b81",
"value": "https://www.virustotal.com/file/20209d23c45ffc377d09a53439af30f516ee833d78fb16f4eb9c74752c343fca/analysis/1457023690/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673f-fdf4-4712-8b75-465202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:35.000Z",
"modified": "2016-03-16T14:01:35.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 12929730cd95c6cf50dd3d470dd5f347",
"pattern": "[file:hashes.SHA256 = 'dd56146ce07f793e09134f18e62968159ab26690a7742f12e52d808d3e2fc032']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9673f-de34-4e5e-92b4-426d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:35.000Z",
"modified": "2016-03-16T14:01:35.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 12929730cd95c6cf50dd3d470dd5f347",
"pattern": "[file:hashes.SHA1 = '75b3dc0d7eeae91d2bee63f91896abea7d40213d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96740-534c-4484-8db2-475902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:36.000Z",
"modified": "2016-03-16T14:01:36.000Z",
"first_observed": "2016-03-16T14:01:36Z",
"last_observed": "2016-03-16T14:01:36Z",
"number_observed": 1,
"object_refs": [
"url--56e96740-534c-4484-8db2-475902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96740-534c-4484-8db2-475902de0b81",
"value": "https://www.virustotal.com/file/dd56146ce07f793e09134f18e62968159ab26690a7742f12e52d808d3e2fc032/analysis/1457677177/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96740-7f64-4180-a2f5-4bc002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:36.000Z",
"modified": "2016-03-16T14:01:36.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: d8637bdbcfc9112fcb1f0167b398e771",
"pattern": "[file:hashes.SHA256 = '09f7d02a3c2382199458c98a62b045145ee54ab6aba86166aecf3d10c3c1444c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96740-65bc-48bc-b475-408c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:36.000Z",
"modified": "2016-03-16T14:01:36.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: d8637bdbcfc9112fcb1f0167b398e771",
"pattern": "[file:hashes.SHA1 = '3135ba4f32052528bb0c8909fc2f954699d4a8fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96740-90a8-4c3d-ac72-4c2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:36.000Z",
"modified": "2016-03-16T14:01:36.000Z",
"first_observed": "2016-03-16T14:01:36Z",
"last_observed": "2016-03-16T14:01:36Z",
"number_observed": 1,
"object_refs": [
"url--56e96740-90a8-4c3d-ac72-4c2202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96740-90a8-4c3d-ac72-4c2202de0b81",
"value": "https://www.virustotal.com/file/09f7d02a3c2382199458c98a62b045145ee54ab6aba86166aecf3d10c3c1444c/analysis/1457023689/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96741-0518-4316-8bf1-4a0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:37.000Z",
"modified": "2016-03-16T14:01:37.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 71cd70b289c53567579f8f6033d8191b",
"pattern": "[file:hashes.SHA256 = '2042b4c5ee7ebb4253d59dc084742f2d2c3c102aa9983333e0785de4d689e6fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96741-8440-409f-abfb-423a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:37.000Z",
"modified": "2016-03-16T14:01:37.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 71cd70b289c53567579f8f6033d8191b",
"pattern": "[file:hashes.SHA1 = 'bb160e68a045d9c66895efe2c3d44b1b9a20775b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96741-cad0-4152-9799-42cf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:37.000Z",
"modified": "2016-03-16T14:01:37.000Z",
"first_observed": "2016-03-16T14:01:37Z",
"last_observed": "2016-03-16T14:01:37Z",
"number_observed": 1,
"object_refs": [
"url--56e96741-cad0-4152-9799-42cf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96741-cad0-4152-9799-42cf02de0b81",
"value": "https://www.virustotal.com/file/2042b4c5ee7ebb4253d59dc084742f2d2c3c102aa9983333e0785de4d689e6fc/analysis/1457023690/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96741-3cc0-44b9-893a-441d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:37.000Z",
"modified": "2016-03-16T14:01:37.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 438f3ea41587e9891484dad233d6faa6",
"pattern": "[file:hashes.SHA256 = 'f5ebfbda54c3ab58798eb1d436271546bc7ea9aea8e25b688489a0313b55c67c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96742-a9b0-43c6-b452-4d3302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:38.000Z",
"modified": "2016-03-16T14:01:38.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 438f3ea41587e9891484dad233d6faa6",
"pattern": "[file:hashes.SHA1 = 'd75a66ebf43aefe1a7f12f7e04e3fff923e6a19e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96742-b910-400d-8f27-40a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:38.000Z",
"modified": "2016-03-16T14:01:38.000Z",
"first_observed": "2016-03-16T14:01:38Z",
"last_observed": "2016-03-16T14:01:38Z",
"number_observed": 1,
"object_refs": [
"url--56e96742-b910-400d-8f27-40a602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96742-b910-400d-8f27-40a602de0b81",
"value": "https://www.virustotal.com/file/f5ebfbda54c3ab58798eb1d436271546bc7ea9aea8e25b688489a0313b55c67c/analysis/1457502544/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96742-a308-459a-9717-4bc102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:38.000Z",
"modified": "2016-03-16T14:01:38.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 51c57b0366d0b71acf05b4df0afef52f",
"pattern": "[file:hashes.SHA256 = '17a1cec5b8ce358f8a0c43ac7a16292e2b455a79ba62aec1e24ac0a51427cf48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96743-59d4-48d9-b4b0-4c8e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:39.000Z",
"modified": "2016-03-16T14:01:39.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 51c57b0366d0b71acf05b4df0afef52f",
"pattern": "[file:hashes.SHA1 = '18fcd5ca1236e67c4526fb4b5e009be97bded8db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96743-d540-4a4e-9b71-41ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:39.000Z",
"modified": "2016-03-16T14:01:39.000Z",
"first_observed": "2016-03-16T14:01:39Z",
"last_observed": "2016-03-16T14:01:39Z",
"number_observed": 1,
"object_refs": [
"url--56e96743-d540-4a4e-9b71-41ae02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96743-d540-4a4e-9b71-41ae02de0b81",
"value": "https://www.virustotal.com/file/17a1cec5b8ce358f8a0c43ac7a16292e2b455a79ba62aec1e24ac0a51427cf48/analysis/1457677342/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96743-ce10-42da-8f50-466502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:39.000Z",
"modified": "2016-03-16T14:01:39.000Z",
"description": "Beendoor Sample - Xchecked via VT: d3094c89cad5f8d1ea5f0a7f23f0a2b1",
"pattern": "[file:hashes.SHA256 = '9a8ad801d1b9c97eb38ed7b829968fce71723ccf4b1087b283863996efbb6e89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96743-1c74-42f3-b8d0-4c7c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:39.000Z",
"modified": "2016-03-16T14:01:39.000Z",
"description": "Beendoor Sample - Xchecked via VT: d3094c89cad5f8d1ea5f0a7f23f0a2b1",
"pattern": "[file:hashes.SHA1 = '313049a0594f50b0015a06b44703d903ad36bc68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96744-53cc-4352-97b9-43b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:40.000Z",
"modified": "2016-03-16T14:01:40.000Z",
"first_observed": "2016-03-16T14:01:40Z",
"last_observed": "2016-03-16T14:01:40Z",
"number_observed": 1,
"object_refs": [
"url--56e96744-53cc-4352-97b9-43b302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96744-53cc-4352-97b9-43b302de0b81",
"value": "https://www.virustotal.com/file/9a8ad801d1b9c97eb38ed7b829968fce71723ccf4b1087b283863996efbb6e89/analysis/1455821930/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96744-87ec-41c1-b775-499302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:40.000Z",
"modified": "2016-03-16T14:01:40.000Z",
"description": "Beendoor Downloader - Xchecked via VT: 950eb314435bdb3c46c9f0954c935287",
"pattern": "[file:hashes.SHA256 = 'a5e6752aa1b9689201a98c92f8077b8f483435f0d8d38da1dfe74bb12b47dc74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96744-15e0-41f5-a557-4fe302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:40.000Z",
"modified": "2016-03-16T14:01:40.000Z",
"description": "Beendoor Downloader - Xchecked via VT: 950eb314435bdb3c46c9f0954c935287",
"pattern": "[file:hashes.SHA1 = '75dec30eb62c03b917f62a091971c5640e556170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96745-1904-4307-92cc-4bd902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:41.000Z",
"modified": "2016-03-16T14:01:41.000Z",
"first_observed": "2016-03-16T14:01:41Z",
"last_observed": "2016-03-16T14:01:41Z",
"number_observed": 1,
"object_refs": [
"url--56e96745-1904-4307-92cc-4bd902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96745-1904-4307-92cc-4bd902de0b81",
"value": "https://www.virustotal.com/file/a5e6752aa1b9689201a98c92f8077b8f483435f0d8d38da1dfe74bb12b47dc74/analysis/1455821916/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96745-87d8-4aae-9ce8-46c002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:41.000Z",
"modified": "2016-03-16T14:01:41.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 85429d5f2745d813e53b28d3d953d1cd",
"pattern": "[file:hashes.SHA256 = 'b56073581d6f2863688d779c800b2cc884a2e40e72c681b419bc3fa9c9814956']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96745-4448-4b22-a543-425502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:41.000Z",
"modified": "2016-03-16T14:01:41.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 85429d5f2745d813e53b28d3d953d1cd",
"pattern": "[file:hashes.SHA1 = 'bdbec6894729e6d550d3000a00433b5fc23987ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96745-2f88-4498-afdd-4b3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:41.000Z",
"modified": "2016-03-16T14:01:41.000Z",
"first_observed": "2016-03-16T14:01:41Z",
"last_observed": "2016-03-16T14:01:41Z",
"number_observed": 1,
"object_refs": [
"url--56e96745-2f88-4498-afdd-4b3602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96745-2f88-4498-afdd-4b3602de0b81",
"value": "https://www.virustotal.com/file/b56073581d6f2863688d779c800b2cc884a2e40e72c681b419bc3fa9c9814956/analysis/1457349886/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96746-cca8-4afa-8d2a-49d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:42.000Z",
"modified": "2016-03-16T14:01:42.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 3e91836b89b6d6249741dc8ee0d2895a",
"pattern": "[file:hashes.SHA256 = 'd143ceb1a3e33d3eb56baa4b3a050ae9595ad4c4c65c7f804a5323e27924f903']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96746-bc84-40fc-8780-4f4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:42.000Z",
"modified": "2016-03-16T14:01:42.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 3e91836b89b6d6249741dc8ee0d2895a",
"pattern": "[file:hashes.SHA1 = 'ad505ac717d8a76d926503d0d0c26ae72f2014be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96746-25f0-47e2-a9df-4d9202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:42.000Z",
"modified": "2016-03-16T14:01:42.000Z",
"first_observed": "2016-03-16T14:01:42Z",
"last_observed": "2016-03-16T14:01:42Z",
"number_observed": 1,
"object_refs": [
"url--56e96746-25f0-47e2-a9df-4d9202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96746-25f0-47e2-a9df-4d9202de0b81",
"value": "https://www.virustotal.com/file/d143ceb1a3e33d3eb56baa4b3a050ae9595ad4c4c65c7f804a5323e27924f903/analysis/1457023688/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96746-c5ac-4a6c-83d6-4b5402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:42.000Z",
"modified": "2016-03-16T14:01:42.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 4f9b754da90bed9a633130d893d65c4e",
"pattern": "[file:hashes.SHA256 = '8eb61e3d802869e45e2ee94176dd7dbb0ab5fe8aec980104a7b16b1f0dde13d6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96747-afac-4d78-8b01-42c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:43.000Z",
"modified": "2016-03-16T14:01:43.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 4f9b754da90bed9a633130d893d65c4e",
"pattern": "[file:hashes.SHA1 = '532985b1c4a237d538d468bfd73d2e6aba53eea3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96747-98b0-4a21-801d-4d0e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:43.000Z",
"modified": "2016-03-16T14:01:43.000Z",
"first_observed": "2016-03-16T14:01:43Z",
"last_observed": "2016-03-16T14:01:43Z",
"number_observed": 1,
"object_refs": [
"url--56e96747-98b0-4a21-801d-4d0e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96747-98b0-4a21-801d-4d0e02de0b81",
"value": "https://www.virustotal.com/file/8eb61e3d802869e45e2ee94176dd7dbb0ab5fe8aec980104a7b16b1f0dde13d6/analysis/1457023687/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96747-6edc-497a-ba40-402802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:43.000Z",
"modified": "2016-03-16T14:01:43.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0d7846a76675be378a50667767d0e35a",
"pattern": "[file:hashes.SHA256 = '91fb5a6a40eef74971092a1c9c503d4bba5ed446fe4af843237590689f593c41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96748-febc-45fd-b019-490d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:44.000Z",
"modified": "2016-03-16T14:01:44.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0d7846a76675be378a50667767d0e35a",
"pattern": "[file:hashes.SHA1 = 'edf3d9239508270a37bcd295327facdcb3100067']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96748-9380-45a4-b915-4cef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:44.000Z",
"modified": "2016-03-16T14:01:44.000Z",
"first_observed": "2016-03-16T14:01:44Z",
"last_observed": "2016-03-16T14:01:44Z",
"number_observed": 1,
"object_refs": [
"url--56e96748-9380-45a4-b915-4cef02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96748-9380-45a4-b915-4cef02de0b81",
"value": "https://www.virustotal.com/file/91fb5a6a40eef74971092a1c9c503d4bba5ed446fe4af843237590689f593c41/analysis/1446814736/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96748-9974-4f67-a963-416302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:44.000Z",
"modified": "2016-03-16T14:01:44.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 3739bbf831d04e8a2b06275cd3af371d",
"pattern": "[file:hashes.SHA256 = 'e394ab8a308e92ca6cf10ffbb951b3225685278b55a4b00c68c4c763d0601efa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96748-7c2c-4938-804e-4bfa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:44.000Z",
"modified": "2016-03-16T14:01:44.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 3739bbf831d04e8a2b06275cd3af371d",
"pattern": "[file:hashes.SHA1 = '1bb0cb1be5227645c14b5757932df14b1b52c3cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96749-2b64-4bd9-a578-44f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:45.000Z",
"modified": "2016-03-16T14:01:45.000Z",
"first_observed": "2016-03-16T14:01:45Z",
"last_observed": "2016-03-16T14:01:45Z",
"number_observed": 1,
"object_refs": [
"url--56e96749-2b64-4bd9-a578-44f102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96749-2b64-4bd9-a578-44f102de0b81",
"value": "https://www.virustotal.com/file/e394ab8a308e92ca6cf10ffbb951b3225685278b55a4b00c68c4c763d0601efa/analysis/1457023686/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96749-adf4-4193-9ed7-40a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:45.000Z",
"modified": "2016-03-16T14:01:45.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ef0ab9f731e7c980b163c7e1b5db9746",
"pattern": "[file:hashes.SHA256 = '9c5186016229c89364544973423cc47b28c0c1ed47da267c54e5f1a80a76363e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96749-9788-453d-b82a-4fa502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:45.000Z",
"modified": "2016-03-16T14:01:45.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ef0ab9f731e7c980b163c7e1b5db9746",
"pattern": "[file:hashes.SHA1 = '75dd19ec9719f82b94d1e207102fa1f0bca55c9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96749-0f28-468c-bae9-44ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:45.000Z",
"modified": "2016-03-16T14:01:45.000Z",
"first_observed": "2016-03-16T14:01:45Z",
"last_observed": "2016-03-16T14:01:45Z",
"number_observed": 1,
"object_refs": [
"url--56e96749-0f28-468c-bae9-44ad02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96749-0f28-468c-bae9-44ad02de0b81",
"value": "https://www.virustotal.com/file/9c5186016229c89364544973423cc47b28c0c1ed47da267c54e5f1a80a76363e/analysis/1457677676/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674a-ea70-479b-b490-42d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:46.000Z",
"modified": "2016-03-16T14:01:46.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: b67047e341653a01526cc178966d1f6c",
"pattern": "[file:hashes.SHA256 = 'e1134cbff0420854e6a84105f4dd5dea3b07ec77e120ba98df3bf1310afaff99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674a-1574-4664-9a8c-4acf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:46.000Z",
"modified": "2016-03-16T14:01:46.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: b67047e341653a01526cc178966d1f6c",
"pattern": "[file:hashes.SHA1 = '3f3c7f6bd905c476e76129e39a55ed0f955f77d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9674a-4a60-4bb1-aeb2-4cec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:46.000Z",
"modified": "2016-03-16T14:01:46.000Z",
"first_observed": "2016-03-16T14:01:46Z",
"last_observed": "2016-03-16T14:01:46Z",
"number_observed": 1,
"object_refs": [
"url--56e9674a-4a60-4bb1-aeb2-4cec02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9674a-4a60-4bb1-aeb2-4cec02de0b81",
"value": "https://www.virustotal.com/file/e1134cbff0420854e6a84105f4dd5dea3b07ec77e120ba98df3bf1310afaff99/analysis/1457023686/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674a-652c-4947-8d41-47af02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:46.000Z",
"modified": "2016-03-16T14:01:46.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 148403235614461c1f088d524fbd9fd0",
"pattern": "[file:hashes.SHA256 = '6d77ec735345787c611367717c8e5eb70f24e0b6f4c25ed2073f1750caa79419']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674b-e5c4-4fb6-a317-496c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:47.000Z",
"modified": "2016-03-16T14:01:47.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 148403235614461c1f088d524fbd9fd0",
"pattern": "[file:hashes.SHA1 = 'ec1df6ba0af285931bab81205e8c177e727cade5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9674b-1794-489c-9298-47a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:47.000Z",
"modified": "2016-03-16T14:01:47.000Z",
"first_observed": "2016-03-16T14:01:47Z",
"last_observed": "2016-03-16T14:01:47Z",
"number_observed": 1,
"object_refs": [
"url--56e9674b-1794-489c-9298-47a202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9674b-1794-489c-9298-47a202de0b81",
"value": "https://www.virustotal.com/file/6d77ec735345787c611367717c8e5eb70f24e0b6f4c25ed2073f1750caa79419/analysis/1457677181/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674b-ca98-4296-9de0-468a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:47.000Z",
"modified": "2016-03-16T14:01:47.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 17495ce3d11e9cddf5a98ec34ee91d6a",
"pattern": "[file:hashes.SHA256 = '0de80caf5f1369419852d26f28f7a4abff53d1f7861cf639c25ab20a67a3c7d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674c-5a68-4bf8-874f-412802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:48.000Z",
"modified": "2016-03-16T14:01:48.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 17495ce3d11e9cddf5a98ec34ee91d6a",
"pattern": "[file:hashes.SHA1 = 'b9fc15f37996096889ed889a422e56303e209a6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9674c-1044-49b9-bc72-4a5802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:48.000Z",
"modified": "2016-03-16T14:01:48.000Z",
"first_observed": "2016-03-16T14:01:48Z",
"last_observed": "2016-03-16T14:01:48Z",
"number_observed": 1,
"object_refs": [
"url--56e9674c-1044-49b9-bc72-4a5802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9674c-1044-49b9-bc72-4a5802de0b81",
"value": "https://www.virustotal.com/file/0de80caf5f1369419852d26f28f7a4abff53d1f7861cf639c25ab20a67a3c7d7/analysis/1457677187/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674c-8b74-443d-bf7b-475d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:48.000Z",
"modified": "2016-03-16T14:01:48.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0a7a15180053270e25a220a3e38e7949",
"pattern": "[file:hashes.SHA256 = '7a865f17ce37cc71427deaf200f4e632b51ea202db8c5099ec2f9ca6ac1b647f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674c-f208-4ef9-a516-47f202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:48.000Z",
"modified": "2016-03-16T14:01:48.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0a7a15180053270e25a220a3e38e7949",
"pattern": "[file:hashes.SHA1 = 'c02ee343850afdc47e762e7091531788f41f254e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9674d-b23c-4c40-8ea1-4f1f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:49.000Z",
"modified": "2016-03-16T14:01:49.000Z",
"first_observed": "2016-03-16T14:01:49Z",
"last_observed": "2016-03-16T14:01:49Z",
"number_observed": 1,
"object_refs": [
"url--56e9674d-b23c-4c40-8ea1-4f1f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9674d-b23c-4c40-8ea1-4f1f02de0b81",
"value": "https://www.virustotal.com/file/7a865f17ce37cc71427deaf200f4e632b51ea202db8c5099ec2f9ca6ac1b647f/analysis/1457173117/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674d-2fbc-4335-83ec-4d5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:49.000Z",
"modified": "2016-03-16T14:01:49.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 79f7e1d6389c73a7e2525d0ec8fa3ce2",
"pattern": "[file:hashes.SHA256 = '28f457b4582701907d1cdaabbd9fdbea169185dc3e97925fd48589ef44e72812']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674d-1800-479c-a01c-43df02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:49.000Z",
"modified": "2016-03-16T14:01:49.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 79f7e1d6389c73a7e2525d0ec8fa3ce2",
"pattern": "[file:hashes.SHA1 = '20bd67010fe69f56bdb00667100a0c1bc1e7c906']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9674e-3050-4cc3-b695-4d8402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:50.000Z",
"modified": "2016-03-16T14:01:50.000Z",
"first_observed": "2016-03-16T14:01:50Z",
"last_observed": "2016-03-16T14:01:50Z",
"number_observed": 1,
"object_refs": [
"url--56e9674e-3050-4cc3-b695-4d8402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9674e-3050-4cc3-b695-4d8402de0b81",
"value": "https://www.virustotal.com/file/28f457b4582701907d1cdaabbd9fdbea169185dc3e97925fd48589ef44e72812/analysis/1446814738/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674e-d544-40d9-8cdd-4cbf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:50.000Z",
"modified": "2016-03-16T14:01:50.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: e3e4ced9b000aa47a449f186c7604ac8",
"pattern": "[file:hashes.SHA256 = '892d6bb277ab45d1a65c07bc4712f133c1194002ef6f1d6d9ff04564016e1e7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674e-845c-4177-b077-423302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:50.000Z",
"modified": "2016-03-16T14:01:50.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: e3e4ced9b000aa47a449f186c7604ac8",
"pattern": "[file:hashes.SHA1 = '33f39fd1444b69dd3eaade0bf4d518544b443090']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9674e-77c8-42a8-84d3-42d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:50.000Z",
"modified": "2016-03-16T14:01:50.000Z",
"first_observed": "2016-03-16T14:01:50Z",
"last_observed": "2016-03-16T14:01:50Z",
"number_observed": 1,
"object_refs": [
"url--56e9674e-77c8-42a8-84d3-42d702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9674e-77c8-42a8-84d3-42d702de0b81",
"value": "https://www.virustotal.com/file/892d6bb277ab45d1a65c07bc4712f133c1194002ef6f1d6d9ff04564016e1e7b/analysis/1457677635/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674f-bdfc-40a6-861e-452302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:51.000Z",
"modified": "2016-03-16T14:01:51.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 167d632eea9bd1b6cac00a69b431a5c0",
"pattern": "[file:hashes.SHA256 = '246cb6ba041aa51c07affe89237916b5fb49c60b5ca8835cb7730bac9f7bd999']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674f-10c0-4c91-bb80-4f3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:51.000Z",
"modified": "2016-03-16T14:01:51.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 167d632eea9bd1b6cac00a69b431a5c0",
"pattern": "[file:hashes.SHA1 = 'f24b483e07fb989ed8b10931249f20943d789d85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9674f-1104-4e63-97fb-499902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:51.000Z",
"modified": "2016-03-16T14:01:51.000Z",
"first_observed": "2016-03-16T14:01:51Z",
"last_observed": "2016-03-16T14:01:51Z",
"number_observed": 1,
"object_refs": [
"url--56e9674f-1104-4e63-97fb-499902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9674f-1104-4e63-97fb-499902de0b81",
"value": "https://www.virustotal.com/file/246cb6ba041aa51c07affe89237916b5fb49c60b5ca8835cb7730bac9f7bd999/analysis/1457023686/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9674f-d538-4c91-a6a1-409902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:51.000Z",
"modified": "2016-03-16T14:01:51.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ccfd8c384558c5a1e09350941faa08ab",
"pattern": "[file:hashes.SHA256 = '4db52d468cede61e288f0fe0b1faaeb19b1e109299dee737b133c3a8a40f094e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96750-82e4-4291-b399-4fde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:52.000Z",
"modified": "2016-03-16T14:01:52.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: ccfd8c384558c5a1e09350941faa08ab",
"pattern": "[file:hashes.SHA1 = 'e968ee4b81dec1a98fb4cc44dc713807c843190c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96750-1e8c-40c9-aa62-45a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:52.000Z",
"modified": "2016-03-16T14:01:52.000Z",
"first_observed": "2016-03-16T14:01:52Z",
"last_observed": "2016-03-16T14:01:52Z",
"number_observed": 1,
"object_refs": [
"url--56e96750-1e8c-40c9-aa62-45a102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96750-1e8c-40c9-aa62-45a102de0b81",
"value": "https://www.virustotal.com/file/4db52d468cede61e288f0fe0b1faaeb19b1e109299dee737b133c3a8a40f094e/analysis/1444229731/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96750-99ac-41e6-a7bc-48ef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:52.000Z",
"modified": "2016-03-16T14:01:52.000Z",
"description": "Andromeda Samples - Xchecked via VT: fb2cb45bf53cef41674da2d9a4bdba32",
"pattern": "[file:hashes.SHA256 = '546ce68250c10c9173c896576519d199c642bdb3237b6289608fe61afa1939c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96751-ee7c-4d4e-8ad4-466002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:53.000Z",
"modified": "2016-03-16T14:01:53.000Z",
"description": "Andromeda Samples - Xchecked via VT: fb2cb45bf53cef41674da2d9a4bdba32",
"pattern": "[file:hashes.SHA1 = 'd5ce42e49fdd8052f9bda52fcea77e1a325a61be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96751-6ca4-4d42-a1ef-499402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:53.000Z",
"modified": "2016-03-16T14:01:53.000Z",
"first_observed": "2016-03-16T14:01:53Z",
"last_observed": "2016-03-16T14:01:53Z",
"number_observed": 1,
"object_refs": [
"url--56e96751-6ca4-4d42-a1ef-499402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96751-6ca4-4d42-a1ef-499402de0b81",
"value": "https://www.virustotal.com/file/546ce68250c10c9173c896576519d199c642bdb3237b6289608fe61afa1939c3/analysis/1457023678/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96751-2468-4be0-af6e-48c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:53.000Z",
"modified": "2016-03-16T14:01:53.000Z",
"description": "Andromeda Samples - Xchecked via VT: f4123e7f09961479452f0f42b3706293",
"pattern": "[file:hashes.SHA256 = '1ecdf49da74cd502fe10fc145eadcc1a72987dffae187f06507c797380949d78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96751-5618-4478-a0fc-41d502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:53.000Z",
"modified": "2016-03-16T14:01:53.000Z",
"description": "Andromeda Samples - Xchecked via VT: f4123e7f09961479452f0f42b3706293",
"pattern": "[file:hashes.SHA1 = 'edb9006f9a1ee46000727f99e4049c4163675e2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96752-4844-4ebc-bfdc-449b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:54.000Z",
"modified": "2016-03-16T14:01:54.000Z",
"first_observed": "2016-03-16T14:01:54Z",
"last_observed": "2016-03-16T14:01:54Z",
"number_observed": 1,
"object_refs": [
"url--56e96752-4844-4ebc-bfdc-449b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96752-4844-4ebc-bfdc-449b02de0b81",
"value": "https://www.virustotal.com/file/1ecdf49da74cd502fe10fc145eadcc1a72987dffae187f06507c797380949d78/analysis/1445879905/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96752-837c-4784-8cd5-405502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:54.000Z",
"modified": "2016-03-16T14:01:54.000Z",
"description": "Andromeda Samples - Xchecked via VT: f0e64d2b011223ece668c595406f1abc",
"pattern": "[file:hashes.SHA256 = 'cb89c7f28bc19040b5d01a774c1d35152e232bcc979ea5326c13d3aedd6fa23f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96752-ee24-45f3-85c6-44f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:54.000Z",
"modified": "2016-03-16T14:01:54.000Z",
"description": "Andromeda Samples - Xchecked via VT: f0e64d2b011223ece668c595406f1abc",
"pattern": "[file:hashes.SHA1 = '67a36a06d3e510f4c76bf5ae9be6b24acdc61a9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96752-721c-4f06-84bb-464902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:54.000Z",
"modified": "2016-03-16T14:01:54.000Z",
"first_observed": "2016-03-16T14:01:54Z",
"last_observed": "2016-03-16T14:01:54Z",
"number_observed": 1,
"object_refs": [
"url--56e96752-721c-4f06-84bb-464902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96752-721c-4f06-84bb-464902de0b81",
"value": "https://www.virustotal.com/file/cb89c7f28bc19040b5d01a774c1d35152e232bcc979ea5326c13d3aedd6fa23f/analysis/1457503408/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96753-7d10-4a1b-92e1-432202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:55.000Z",
"modified": "2016-03-16T14:01:55.000Z",
"description": "Andromeda Samples - Xchecked via VT: aec91b4453a1b321e302127bc9f21a7c",
"pattern": "[file:hashes.SHA256 = 'e9549a3eef49c56a00ac3bce5efcfeb4e97e3db47395c69f9156470a558d484b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96753-9288-4f46-8b0d-4a0c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:55.000Z",
"modified": "2016-03-16T14:01:55.000Z",
"description": "Andromeda Samples - Xchecked via VT: aec91b4453a1b321e302127bc9f21a7c",
"pattern": "[file:hashes.SHA1 = '404eeab11a9ae79eb19a75e402dac3d0e0f127a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96753-5204-48f9-8090-475b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:55.000Z",
"modified": "2016-03-16T14:01:55.000Z",
"first_observed": "2016-03-16T14:01:55Z",
"last_observed": "2016-03-16T14:01:55Z",
"number_observed": 1,
"object_refs": [
"url--56e96753-5204-48f9-8090-475b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96753-5204-48f9-8090-475b02de0b81",
"value": "https://www.virustotal.com/file/e9549a3eef49c56a00ac3bce5efcfeb4e97e3db47395c69f9156470a558d484b/analysis/1451298563/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96754-8774-4467-92ab-445902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:56.000Z",
"modified": "2016-03-16T14:01:56.000Z",
"description": "Andromeda Samples - Xchecked via VT: ae2ef98a91c70dc43979ce7df8e475ad",
"pattern": "[file:hashes.SHA256 = '62de46db67941d90148a69f999dc79e0f2dece1f5aa4996566b021e43bf2e7ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96754-eca4-493b-ac57-431d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:56.000Z",
"modified": "2016-03-16T14:01:56.000Z",
"description": "Andromeda Samples - Xchecked via VT: ae2ef98a91c70dc43979ce7df8e475ad",
"pattern": "[file:hashes.SHA1 = 'ca15b161c5b7a585d87e442c92daf2b4b0b7eb9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96754-fce4-4d0b-b310-47d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:56.000Z",
"modified": "2016-03-16T14:01:56.000Z",
"first_observed": "2016-03-16T14:01:56Z",
"last_observed": "2016-03-16T14:01:56Z",
"number_observed": 1,
"object_refs": [
"url--56e96754-fce4-4d0b-b310-47d302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96754-fce4-4d0b-b310-47d302de0b81",
"value": "https://www.virustotal.com/file/62de46db67941d90148a69f999dc79e0f2dece1f5aa4996566b021e43bf2e7ed/analysis/1457503060/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96754-8c2c-4600-a029-458f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:56.000Z",
"modified": "2016-03-16T14:01:56.000Z",
"description": "Andromeda Samples - Xchecked via VT: a6d75b57bd597e723335f96f074f5700",
"pattern": "[file:hashes.SHA256 = '5c2cb4405d9def8e24ba05819ab1ccefbf56046e0bdee162749e258b15efd966']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96755-1890-4120-8677-445202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:57.000Z",
"modified": "2016-03-16T14:01:57.000Z",
"description": "Andromeda Samples - Xchecked via VT: a6d75b57bd597e723335f96f074f5700",
"pattern": "[file:hashes.SHA1 = 'cc327a7fe358b6c8e1b0cbbc0f768db928627503']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96755-7b4c-4bb0-acf9-41e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:57.000Z",
"modified": "2016-03-16T14:01:57.000Z",
"first_observed": "2016-03-16T14:01:57Z",
"last_observed": "2016-03-16T14:01:57Z",
"number_observed": 1,
"object_refs": [
"url--56e96755-7b4c-4bb0-acf9-41e402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96755-7b4c-4bb0-acf9-41e402de0b81",
"value": "https://www.virustotal.com/file/5c2cb4405d9def8e24ba05819ab1ccefbf56046e0bdee162749e258b15efd966/analysis/1457677513/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96755-8240-4a23-8509-4d8302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:57.000Z",
"modified": "2016-03-16T14:01:57.000Z",
"description": "Andromeda Samples - Xchecked via VT: a4ce604f8d3ac2e5facdae3c63ef4dc6",
"pattern": "[file:hashes.SHA256 = '2650d426bc3565559f05c6bdbe48e87f764d1862b82913140f3c95adbd40d9ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96755-18e4-48cb-b1c0-4f2402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:57.000Z",
"modified": "2016-03-16T14:01:57.000Z",
"description": "Andromeda Samples - Xchecked via VT: a4ce604f8d3ac2e5facdae3c63ef4dc6",
"pattern": "[file:hashes.SHA1 = '4d8216e5b4b170ffda4f0e885b0954e6ebcd8405']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96756-e95c-4628-a35a-41fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:58.000Z",
"modified": "2016-03-16T14:01:58.000Z",
"first_observed": "2016-03-16T14:01:58Z",
"last_observed": "2016-03-16T14:01:58Z",
"number_observed": 1,
"object_refs": [
"url--56e96756-e95c-4628-a35a-41fc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96756-e95c-4628-a35a-41fc02de0b81",
"value": "https://www.virustotal.com/file/2650d426bc3565559f05c6bdbe48e87f764d1862b82913140f3c95adbd40d9ea/analysis/1422516876/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96756-7200-4b4c-85b5-41e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:58.000Z",
"modified": "2016-03-16T14:01:58.000Z",
"description": "Andromeda Samples - Xchecked via VT: 990c3b67061109d82627a5642bf1bb68",
"pattern": "[file:hashes.SHA256 = '01fae9dc21c49e23417af27843165b5b1d9dde9d0dcd6ab524a34a552e923f21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96756-eeb0-4afb-9cea-487b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:58.000Z",
"modified": "2016-03-16T14:01:58.000Z",
"description": "Andromeda Samples - Xchecked via VT: 990c3b67061109d82627a5642bf1bb68",
"pattern": "[file:hashes.SHA1 = 'db57aade2d442aad2b3d4b95aeb21711c0a9d694']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96756-ccd4-4da2-9320-49ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:58.000Z",
"modified": "2016-03-16T14:01:58.000Z",
"first_observed": "2016-03-16T14:01:58Z",
"last_observed": "2016-03-16T14:01:58Z",
"number_observed": 1,
"object_refs": [
"url--56e96756-ccd4-4da2-9320-49ad02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96756-ccd4-4da2-9320-49ad02de0b81",
"value": "https://www.virustotal.com/file/01fae9dc21c49e23417af27843165b5b1d9dde9d0dcd6ab524a34a552e923f21/analysis/1457502846/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96757-d5e0-4a7d-93d0-485202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:59.000Z",
"modified": "2016-03-16T14:01:59.000Z",
"description": "Andromeda Samples - Xchecked via VT: 878aa68245675ca5ea677aaf28707b7a",
"pattern": "[file:hashes.SHA256 = 'ea75a5fdb8837f17d63e468134396d10dce6c3160166d1f007d83705e8a03242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96757-e390-42f9-866c-4d2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:59.000Z",
"modified": "2016-03-16T14:01:59.000Z",
"description": "Andromeda Samples - Xchecked via VT: 878aa68245675ca5ea677aaf28707b7a",
"pattern": "[file:hashes.SHA1 = '1c4aa56d2eefb5ca70b68e055f6d73d31766e699']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:01:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96757-a24c-4c2f-8229-43b002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:01:59.000Z",
"modified": "2016-03-16T14:01:59.000Z",
"first_observed": "2016-03-16T14:01:59Z",
"last_observed": "2016-03-16T14:01:59Z",
"number_observed": 1,
"object_refs": [
"url--56e96757-a24c-4c2f-8229-43b002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96757-a24c-4c2f-8229-43b002de0b81",
"value": "https://www.virustotal.com/file/ea75a5fdb8837f17d63e468134396d10dce6c3160166d1f007d83705e8a03242/analysis/1457023677/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96758-2bd4-4758-9960-4da902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:00.000Z",
"modified": "2016-03-16T14:02:00.000Z",
"description": "Andromeda Samples - Xchecked via VT: 7ec3ec88185f9c235e2d3da7434b928a",
"pattern": "[file:hashes.SHA256 = 'f530b0ffed4dbbb83184970dc889a56dc374057699b3861795d93c4234f9338b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96758-d584-448c-bbe0-434702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:00.000Z",
"modified": "2016-03-16T14:02:00.000Z",
"description": "Andromeda Samples - Xchecked via VT: 7ec3ec88185f9c235e2d3da7434b928a",
"pattern": "[file:hashes.SHA1 = '42ec1c2e141923cf529beb467b8d8bb52f1037f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96758-76ec-4319-9f43-44c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:00.000Z",
"modified": "2016-03-16T14:02:00.000Z",
"first_observed": "2016-03-16T14:02:00Z",
"last_observed": "2016-03-16T14:02:00Z",
"number_observed": 1,
"object_refs": [
"url--56e96758-76ec-4319-9f43-44c402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96758-76ec-4319-9f43-44c402de0b81",
"value": "https://www.virustotal.com/file/f530b0ffed4dbbb83184970dc889a56dc374057699b3861795d93c4234f9338b/analysis/1457023676/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96758-1710-46be-bcb3-43cd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:00.000Z",
"modified": "2016-03-16T14:02:00.000Z",
"description": "Andromeda Samples - Xchecked via VT: 4b0481a591c87e8542e2089396a10d3c",
"pattern": "[file:hashes.SHA256 = '1db8c4a926b414e6fe1f87793f602e3e899c677ed5aba7dc66bb403bd2c704bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96759-b9a8-4247-9a1e-486302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:01.000Z",
"modified": "2016-03-16T14:02:01.000Z",
"description": "Andromeda Samples - Xchecked via VT: 4b0481a591c87e8542e2089396a10d3c",
"pattern": "[file:hashes.SHA1 = '7a4658d0f58f8a85e9736c80b514ecd60e1c14b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96759-63d0-491f-bbb5-4b6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:01.000Z",
"modified": "2016-03-16T14:02:01.000Z",
"first_observed": "2016-03-16T14:02:01Z",
"last_observed": "2016-03-16T14:02:01Z",
"number_observed": 1,
"object_refs": [
"url--56e96759-63d0-491f-bbb5-4b6202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96759-63d0-491f-bbb5-4b6202de0b81",
"value": "https://www.virustotal.com/file/1db8c4a926b414e6fe1f87793f602e3e899c677ed5aba7dc66bb403bd2c704bd/analysis/1406139343/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96759-fc4c-4e00-9b18-4e9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:01.000Z",
"modified": "2016-03-16T14:02:01.000Z",
"description": "Andromeda Samples - Xchecked via VT: 1f97ddaea7ac0c4e20b2db75969b4545",
"pattern": "[file:hashes.SHA256 = 'bfe5aa095b074b3a62443566be27056549b63a461f11e9d1563e994fc645bca9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96759-bab0-4207-8c3e-480d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:01.000Z",
"modified": "2016-03-16T14:02:01.000Z",
"description": "Andromeda Samples - Xchecked via VT: 1f97ddaea7ac0c4e20b2db75969b4545",
"pattern": "[file:hashes.SHA1 = '6b8e1371972011ad8bc8ea97668ca03de1e0d396']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675a-a1ac-4f42-bd24-415602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:02.000Z",
"modified": "2016-03-16T14:02:02.000Z",
"first_observed": "2016-03-16T14:02:02Z",
"last_observed": "2016-03-16T14:02:02Z",
"number_observed": 1,
"object_refs": [
"url--56e9675a-a1ac-4f42-bd24-415602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675a-a1ac-4f42-bd24-415602de0b81",
"value": "https://www.virustotal.com/file/bfe5aa095b074b3a62443566be27056549b63a461f11e9d1563e994fc645bca9/analysis/1436547376/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675a-e8cc-4eac-acfc-422b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:02.000Z",
"modified": "2016-03-16T14:02:02.000Z",
"description": "Andromeda Samples - Xchecked via VT: 133e0c441ea744951080d700604a63ee",
"pattern": "[file:hashes.SHA256 = '26efeda05a25a72a8bb9abf0a334ff5724f3f9921c7444b1ce50c92f8776d4f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675a-7890-4706-9e54-4b7802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:02.000Z",
"modified": "2016-03-16T14:02:02.000Z",
"description": "Andromeda Samples - Xchecked via VT: 133e0c441ea744951080d700604a63ee",
"pattern": "[file:hashes.SHA1 = 'e782c6bc7a781573c4913af76e1ae0792e83aaa9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675b-c1fc-4542-a55e-469402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:03.000Z",
"modified": "2016-03-16T14:02:03.000Z",
"first_observed": "2016-03-16T14:02:03Z",
"last_observed": "2016-03-16T14:02:03Z",
"number_observed": 1,
"object_refs": [
"url--56e9675b-c1fc-4542-a55e-469402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675b-c1fc-4542-a55e-469402de0b81",
"value": "https://www.virustotal.com/file/26efeda05a25a72a8bb9abf0a334ff5724f3f9921c7444b1ce50c92f8776d4f0/analysis/1457023675/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675b-5a84-4085-87b4-4fc102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:03.000Z",
"modified": "2016-03-16T14:02:03.000Z",
"description": "Andromeda Samples - Xchecked via VT: 128c0ccc1252098bc2314d88f4e70044",
"pattern": "[file:hashes.SHA256 = '1c608103de01265eec33f4a22e9f7dd51f1679b7527f7c2af40510d24b3963d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675b-fbb0-4cf9-82f0-4a3302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:03.000Z",
"modified": "2016-03-16T14:02:03.000Z",
"description": "Andromeda Samples - Xchecked via VT: 128c0ccc1252098bc2314d88f4e70044",
"pattern": "[file:hashes.SHA1 = '182673034f2104fbee681611d8f451cf8c42c3c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675b-a704-4b6b-91f2-4be002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:03.000Z",
"modified": "2016-03-16T14:02:03.000Z",
"first_observed": "2016-03-16T14:02:03Z",
"last_observed": "2016-03-16T14:02:03Z",
"number_observed": 1,
"object_refs": [
"url--56e9675b-a704-4b6b-91f2-4be002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675b-a704-4b6b-91f2-4be002de0b81",
"value": "https://www.virustotal.com/file/1c608103de01265eec33f4a22e9f7dd51f1679b7527f7c2af40510d24b3963d0/analysis/1457677177/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675c-1a2c-4661-851c-435f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:04.000Z",
"modified": "2016-03-16T14:02:04.000Z",
"description": "Andromeda Samples - Xchecked via VT: 114551a87fa332a243fc05b7246309b9",
"pattern": "[file:hashes.SHA256 = '06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675c-89d4-4db8-bccb-48e602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:04.000Z",
"modified": "2016-03-16T14:02:04.000Z",
"description": "Andromeda Samples - Xchecked via VT: 114551a87fa332a243fc05b7246309b9",
"pattern": "[file:hashes.SHA1 = '3596aaec2e1703545b104f74b14998cf90123952']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675c-3018-4461-ace6-445502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:04.000Z",
"modified": "2016-03-16T14:02:04.000Z",
"first_observed": "2016-03-16T14:02:04Z",
"last_observed": "2016-03-16T14:02:04Z",
"number_observed": 1,
"object_refs": [
"url--56e9675c-3018-4461-ace6-445502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675c-3018-4461-ace6-445502de0b81",
"value": "https://www.virustotal.com/file/06a0066a2d40b99d51c485589e8eae8f0402d04667285316b4706497764b2515/analysis/1457023674/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675d-d344-4853-8276-4e3a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:05.000Z",
"modified": "2016-03-16T14:02:05.000Z",
"description": "Andromeda Samples - Xchecked via VT: 0123411a6cfe8afb4a45e4afeed767e7",
"pattern": "[file:hashes.SHA256 = '17b98bd8212b1aeb803255986862db90777c7339f8016f92e80e4a593ee8b77b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675d-cfe8-4878-8efe-448002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:05.000Z",
"modified": "2016-03-16T14:02:05.000Z",
"description": "Andromeda Samples - Xchecked via VT: 0123411a6cfe8afb4a45e4afeed767e7",
"pattern": "[file:hashes.SHA1 = '0619fc967e7b57556281ed502ce8387069868543']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675d-15f4-40db-8bb7-42c102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:05.000Z",
"modified": "2016-03-16T14:02:05.000Z",
"first_observed": "2016-03-16T14:02:05Z",
"last_observed": "2016-03-16T14:02:05Z",
"number_observed": 1,
"object_refs": [
"url--56e9675d-15f4-40db-8bb7-42c102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675d-15f4-40db-8bb7-42c102de0b81",
"value": "https://www.virustotal.com/file/17b98bd8212b1aeb803255986862db90777c7339f8016f92e80e4a593ee8b77b/analysis/1435263465/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675d-6f8c-466c-bbd1-4ada02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:05.000Z",
"modified": "2016-03-16T14:02:05.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: fab5eff5fc65a7a2c5920586df5e29c2",
"pattern": "[file:hashes.SHA256 = 'e0589e289673eced96cbb06e5985170778c84de5f092cf2fc50921990f67342d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675e-5adc-47bc-8d1f-4f3602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:06.000Z",
"modified": "2016-03-16T14:02:06.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: fab5eff5fc65a7a2c5920586df5e29c2",
"pattern": "[file:hashes.SHA1 = '64258b369139ab724a81fd66b834a984a331836e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675e-4024-4890-9722-477d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:06.000Z",
"modified": "2016-03-16T14:02:06.000Z",
"first_observed": "2016-03-16T14:02:06Z",
"last_observed": "2016-03-16T14:02:06Z",
"number_observed": 1,
"object_refs": [
"url--56e9675e-4024-4890-9722-477d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675e-4024-4890-9722-477d02de0b81",
"value": "https://www.virustotal.com/file/e0589e289673eced96cbb06e5985170778c84de5f092cf2fc50921990f67342d/analysis/1457585958/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675e-aa48-4d30-a3f1-4bae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:06.000Z",
"modified": "2016-03-16T14:02:06.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: fa97cba6a52896e1f2146957a6eec04f",
"pattern": "[file:hashes.SHA256 = 'ffd73874741bbf82c6cf26fc57002b4672bb3c9a625fca30d1a4f31180d86475']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675e-de2c-4c06-a3b8-4dd302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:06.000Z",
"modified": "2016-03-16T14:02:06.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: fa97cba6a52896e1f2146957a6eec04f",
"pattern": "[file:hashes.SHA1 = 'd06253668c761f8d1ac5aa63e8b24405a87b943d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675f-53f8-463c-9ec1-431c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:07.000Z",
"modified": "2016-03-16T14:02:07.000Z",
"first_observed": "2016-03-16T14:02:07Z",
"last_observed": "2016-03-16T14:02:07Z",
"number_observed": 1,
"object_refs": [
"url--56e9675f-53f8-463c-9ec1-431c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675f-53f8-463c-9ec1-431c02de0b81",
"value": "https://www.virustotal.com/file/ffd73874741bbf82c6cf26fc57002b4672bb3c9a625fca30d1a4f31180d86475/analysis/1457023673/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675f-b5e8-47a8-838d-4ddc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:07.000Z",
"modified": "2016-03-16T14:02:07.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: f8955450fbd62cb4461c725d8985ff60",
"pattern": "[file:hashes.SHA256 = 'be9664c7ebe6bbd0e45778033e6f5df07801b4a553857900a3dc98ce6a6516d1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9675f-9380-4f1d-8093-4d6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:07.000Z",
"modified": "2016-03-16T14:02:07.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: f8955450fbd62cb4461c725d8985ff60",
"pattern": "[file:hashes.SHA1 = '061388b418af03bdca9fb4b01e50a4e4edc7df3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9675f-8fa8-422a-b015-4b7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:07.000Z",
"modified": "2016-03-16T14:02:07.000Z",
"first_observed": "2016-03-16T14:02:07Z",
"last_observed": "2016-03-16T14:02:07Z",
"number_observed": 1,
"object_refs": [
"url--56e9675f-8fa8-422a-b015-4b7902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9675f-8fa8-422a-b015-4b7902de0b81",
"value": "https://www.virustotal.com/file/be9664c7ebe6bbd0e45778033e6f5df07801b4a553857900a3dc98ce6a6516d1/analysis/1457023673/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96760-c530-4225-b938-40a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:08.000Z",
"modified": "2016-03-16T14:02:08.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: f6d141f45e76cefcb712f69c193b3ac1",
"pattern": "[file:hashes.SHA256 = '2e6ac815d4c2aa909d48f6cfdaa00c0c64b27e7e545c38674d82351c27a1e6d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96760-7d70-4f49-b42f-449202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:08.000Z",
"modified": "2016-03-16T14:02:08.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: f6d141f45e76cefcb712f69c193b3ac1",
"pattern": "[file:hashes.SHA1 = '6560a133411fb84608cad6c8cd17abebb9edd315']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96760-8e04-4e8d-8839-4a8b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:08.000Z",
"modified": "2016-03-16T14:02:08.000Z",
"first_observed": "2016-03-16T14:02:08Z",
"last_observed": "2016-03-16T14:02:08Z",
"number_observed": 1,
"object_refs": [
"url--56e96760-8e04-4e8d-8839-4a8b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96760-8e04-4e8d-8839-4a8b02de0b81",
"value": "https://www.virustotal.com/file/2e6ac815d4c2aa909d48f6cfdaa00c0c64b27e7e545c38674d82351c27a1e6d7/analysis/1457023673/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96761-8e44-47f3-ba7c-414e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:09.000Z",
"modified": "2016-03-16T14:02:09.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: f13a1a0cbcd5e13dd00dbc77c35973ef",
"pattern": "[file:hashes.SHA256 = '42d5f609c0143ec808b45b247f2cbf8decce5bee0572a30c2437ecb6bf8b37b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96761-3f7c-4468-b9dc-4b0802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:09.000Z",
"modified": "2016-03-16T14:02:09.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: f13a1a0cbcd5e13dd00dbc77c35973ef",
"pattern": "[file:hashes.SHA1 = 'c3b73db2da16071f0e6580b1b95855e74f61091e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96761-d334-4224-b6a9-480b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:09.000Z",
"modified": "2016-03-16T14:02:09.000Z",
"first_observed": "2016-03-16T14:02:09Z",
"last_observed": "2016-03-16T14:02:09Z",
"number_observed": 1,
"object_refs": [
"url--56e96761-d334-4224-b6a9-480b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96761-d334-4224-b6a9-480b02de0b81",
"value": "https://www.virustotal.com/file/42d5f609c0143ec808b45b247f2cbf8decce5bee0572a30c2437ecb6bf8b37b4/analysis/1457677680/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96761-6e2c-415a-a826-406402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:09.000Z",
"modified": "2016-03-16T14:02:09.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: ee5a460ded205d2074a23e387c377840",
"pattern": "[file:hashes.SHA256 = 'b9bac4e6bda22e8d65011aee0205f92bdc92d2c8f2db6de08cc50daafaf3890d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96762-f330-4571-82b6-4bcd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:10.000Z",
"modified": "2016-03-16T14:02:10.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: ee5a460ded205d2074a23e387c377840",
"pattern": "[file:hashes.SHA1 = 'a024c6a7948b90281ad03288b573636dd950f8ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96762-544c-41bf-ad72-465c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:10.000Z",
"modified": "2016-03-16T14:02:10.000Z",
"first_observed": "2016-03-16T14:02:10Z",
"last_observed": "2016-03-16T14:02:10Z",
"number_observed": 1,
"object_refs": [
"url--56e96762-544c-41bf-ad72-465c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96762-544c-41bf-ad72-465c02de0b81",
"value": "https://www.virustotal.com/file/b9bac4e6bda22e8d65011aee0205f92bdc92d2c8f2db6de08cc50daafaf3890d/analysis/1457023671/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96762-b300-4d7e-92df-470902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:10.000Z",
"modified": "2016-03-16T14:02:10.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: c9e4c816b4ef23c28992e0e894b9c822",
"pattern": "[file:hashes.SHA256 = '98cdd9e8efc6859c717407a8f765f5cf780b16aecb93d2b791b27a13db9d3a1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96763-81f0-4333-9075-485602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:10.000Z",
"modified": "2016-03-16T14:02:10.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: c9e4c816b4ef23c28992e0e894b9c822",
"pattern": "[file:hashes.SHA1 = '99ce1e59bf34eed73dc8fdb7a07b2a01006346be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96763-6504-44cb-8719-4b5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:11.000Z",
"modified": "2016-03-16T14:02:11.000Z",
"first_observed": "2016-03-16T14:02:11Z",
"last_observed": "2016-03-16T14:02:11Z",
"number_observed": 1,
"object_refs": [
"url--56e96763-6504-44cb-8719-4b5e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96763-6504-44cb-8719-4b5e02de0b81",
"value": "https://www.virustotal.com/file/98cdd9e8efc6859c717407a8f765f5cf780b16aecb93d2b791b27a13db9d3a1f/analysis/1457023672/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96763-7d8c-437d-9545-42ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:11.000Z",
"modified": "2016-03-16T14:02:11.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: c33c79c437d94fad3476f78361df0f24",
"pattern": "[file:hashes.SHA256 = 'fa72b66dc74ff7e3f8531bf835c2d61d298410fdcb0eadbf874068b9bc05c2b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96763-b120-4716-8274-4bf402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:11.000Z",
"modified": "2016-03-16T14:02:11.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: c33c79c437d94fad3476f78361df0f24",
"pattern": "[file:hashes.SHA1 = '0f570eabe749b05d59cb2eca9dcef81ad9b044bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96764-7abc-4a14-ae0c-4b6502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:12.000Z",
"modified": "2016-03-16T14:02:12.000Z",
"first_observed": "2016-03-16T14:02:12Z",
"last_observed": "2016-03-16T14:02:12Z",
"number_observed": 1,
"object_refs": [
"url--56e96764-7abc-4a14-ae0c-4b6502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96764-7abc-4a14-ae0c-4b6502de0b81",
"value": "https://www.virustotal.com/file/fa72b66dc74ff7e3f8531bf835c2d61d298410fdcb0eadbf874068b9bc05c2b1/analysis/1457023671/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96764-6058-42a0-8283-42fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:12.000Z",
"modified": "2016-03-16T14:02:12.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: b04117ee18182c1c07ffaf6fb35b08bc",
"pattern": "[file:hashes.SHA256 = 'e533575676bc71ea17cb951cb3a7fd7cbe510c346cbce74685dd37595512c9cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96764-8da4-458c-b8c3-452b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:12.000Z",
"modified": "2016-03-16T14:02:12.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: b04117ee18182c1c07ffaf6fb35b08bc",
"pattern": "[file:hashes.SHA1 = 'cd882c6fcb74f446b1b7f7ac5970d999eb6a474d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96764-de98-4744-9342-422702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:12.000Z",
"modified": "2016-03-16T14:02:12.000Z",
"first_observed": "2016-03-16T14:02:12Z",
"last_observed": "2016-03-16T14:02:12Z",
"number_observed": 1,
"object_refs": [
"url--56e96764-de98-4744-9342-422702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96764-de98-4744-9342-422702de0b81",
"value": "https://www.virustotal.com/file/e533575676bc71ea17cb951cb3a7fd7cbe510c346cbce74685dd37595512c9cf/analysis/1457023671/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96765-c300-4ad0-a1b4-410202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:13.000Z",
"modified": "2016-03-16T14:02:13.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: af5e96e260b71356d62900551f68f338",
"pattern": "[file:hashes.SHA256 = '97f931ad60edbe7599838cae8bcb219b56be3260896af62210407d88f870f340']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96765-06f4-483a-b9f6-40b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:13.000Z",
"modified": "2016-03-16T14:02:13.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: af5e96e260b71356d62900551f68f338",
"pattern": "[file:hashes.SHA1 = '03dfbc209cc712e13a5891f4d033c9d9744f81a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96765-6c60-4b1c-9349-4b6102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:13.000Z",
"modified": "2016-03-16T14:02:13.000Z",
"first_observed": "2016-03-16T14:02:13Z",
"last_observed": "2016-03-16T14:02:13Z",
"number_observed": 1,
"object_refs": [
"url--56e96765-6c60-4b1c-9349-4b6102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96765-6c60-4b1c-9349-4b6102de0b81",
"value": "https://www.virustotal.com/file/97f931ad60edbe7599838cae8bcb219b56be3260896af62210407d88f870f340/analysis/1457442856/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96766-16bc-439b-a874-457202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:14.000Z",
"modified": "2016-03-16T14:02:14.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 7920862303764a55050d2da38b8bf4db",
"pattern": "[file:hashes.SHA256 = '7761193ab931db800772708912b9455e687b6df8112a674fac4fba45c3e8ee3b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96766-15f8-4890-b4b7-432102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:14.000Z",
"modified": "2016-03-16T14:02:14.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 7920862303764a55050d2da38b8bf4db",
"pattern": "[file:hashes.SHA1 = 'e861c257c257401a5bd4c5487a45696d7796135c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96766-6a50-41f0-844c-4a4102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:14.000Z",
"modified": "2016-03-16T14:02:14.000Z",
"first_observed": "2016-03-16T14:02:14Z",
"last_observed": "2016-03-16T14:02:14Z",
"number_observed": 1,
"object_refs": [
"url--56e96766-6a50-41f0-844c-4a4102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96766-6a50-41f0-844c-4a4102de0b81",
"value": "https://www.virustotal.com/file/7761193ab931db800772708912b9455e687b6df8112a674fac4fba45c3e8ee3b/analysis/1457023669/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96766-c05c-42e8-a703-49fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:14.000Z",
"modified": "2016-03-16T14:02:14.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 77c7c0117a0e457d7e3ceef4ab82c2ca",
"pattern": "[file:hashes.SHA256 = 'b7b22712d01821d03a6f5631a126b4caf52d4bc1c7c95a83702f95b1f75227ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96767-af8c-4a8f-a260-47c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:15.000Z",
"modified": "2016-03-16T14:02:15.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 77c7c0117a0e457d7e3ceef4ab82c2ca",
"pattern": "[file:hashes.SHA1 = 'c7fc5c49edfab9b77b70e03047d57583f27d2f5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96767-bfec-405c-9f4d-4e5a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:15.000Z",
"modified": "2016-03-16T14:02:15.000Z",
"first_observed": "2016-03-16T14:02:15Z",
"last_observed": "2016-03-16T14:02:15Z",
"number_observed": 1,
"object_refs": [
"url--56e96767-bfec-405c-9f4d-4e5a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96767-bfec-405c-9f4d-4e5a02de0b81",
"value": "https://www.virustotal.com/file/b7b22712d01821d03a6f5631a126b4caf52d4bc1c7c95a83702f95b1f75227ec/analysis/1457023669/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96767-8c64-45c7-be42-401202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:15.000Z",
"modified": "2016-03-16T14:02:15.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 725379749d3fa793edcce12291782134",
"pattern": "[file:hashes.SHA256 = 'fd17b3af93efc13a7801fe1eaf94ad35791a06cb84d773376474ced60657f482']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96768-99e4-4c79-98a0-4e6c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:16.000Z",
"modified": "2016-03-16T14:02:16.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 725379749d3fa793edcce12291782134",
"pattern": "[file:hashes.SHA1 = 'c589c5aac5ad87607f6166b149d1acd37482ae79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96768-b514-4dd9-b2a0-4b8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:16.000Z",
"modified": "2016-03-16T14:02:16.000Z",
"first_observed": "2016-03-16T14:02:16Z",
"last_observed": "2016-03-16T14:02:16Z",
"number_observed": 1,
"object_refs": [
"url--56e96768-b514-4dd9-b2a0-4b8802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96768-b514-4dd9-b2a0-4b8802de0b81",
"value": "https://www.virustotal.com/file/fd17b3af93efc13a7801fe1eaf94ad35791a06cb84d773376474ced60657f482/analysis/1456917535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96768-d54c-4540-a212-418802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:16.000Z",
"modified": "2016-03-16T14:02:16.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 5998641f454f82b738977aa8b3d1d283",
"pattern": "[file:hashes.SHA256 = '096bca0c665b5eb0075112b18729efb85c67597a8699e79427b1fa2961c6e700']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96769-60f0-4478-a824-49c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:17.000Z",
"modified": "2016-03-16T14:02:17.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 5998641f454f82b738977aa8b3d1d283",
"pattern": "[file:hashes.SHA1 = '3111404b815b71329b30048ef65c752c67c1495a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96769-dae8-41c8-a591-47c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:17.000Z",
"modified": "2016-03-16T14:02:17.000Z",
"first_observed": "2016-03-16T14:02:17Z",
"last_observed": "2016-03-16T14:02:17Z",
"number_observed": 1,
"object_refs": [
"url--56e96769-dae8-41c8-a591-47c402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96769-dae8-41c8-a591-47c402de0b81",
"value": "https://www.virustotal.com/file/096bca0c665b5eb0075112b18729efb85c67597a8699e79427b1fa2961c6e700/analysis/1457023668/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96769-60c8-4cd7-8676-4cc202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:17.000Z",
"modified": "2016-03-16T14:02:17.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 511bcd411ec79c6ca555670e98709e46",
"pattern": "[file:hashes.SHA256 = 'dc77b6a04697f82002d0e29a8c3cbdc676aa2d6c6d1123ac04401173aad1cf2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676a-6e04-483d-b6af-404a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:18.000Z",
"modified": "2016-03-16T14:02:18.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 511bcd411ec79c6ca555670e98709e46",
"pattern": "[file:hashes.SHA1 = 'b5c77e24346d394aaf197c7ede7bf8d967c6cd33']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9676a-7788-4f5a-9cc8-487902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:18.000Z",
"modified": "2016-03-16T14:02:18.000Z",
"first_observed": "2016-03-16T14:02:18Z",
"last_observed": "2016-03-16T14:02:18Z",
"number_observed": 1,
"object_refs": [
"url--56e9676a-7788-4f5a-9cc8-487902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9676a-7788-4f5a-9cc8-487902de0b81",
"value": "https://www.virustotal.com/file/dc77b6a04697f82002d0e29a8c3cbdc676aa2d6c6d1123ac04401173aad1cf2d/analysis/1457023669/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676a-efd0-463d-82ce-475a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:18.000Z",
"modified": "2016-03-16T14:02:18.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 4a717b657ea475197d967008c7db8353",
"pattern": "[file:hashes.SHA256 = '643f9cf9f9d05f2585236f93946038a628d6f02d96cc44310d55e717354aa2b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676b-0348-4baa-8e16-4b5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:19.000Z",
"modified": "2016-03-16T14:02:19.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 4a717b657ea475197d967008c7db8353",
"pattern": "[file:hashes.SHA1 = 'acbd4b388a9374ea775e48087ead55754c3c6c40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9676b-551c-4932-b847-443802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:19.000Z",
"modified": "2016-03-16T14:02:19.000Z",
"first_observed": "2016-03-16T14:02:19Z",
"last_observed": "2016-03-16T14:02:19Z",
"number_observed": 1,
"object_refs": [
"url--56e9676b-551c-4932-b847-443802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9676b-551c-4932-b847-443802de0b81",
"value": "https://www.virustotal.com/file/643f9cf9f9d05f2585236f93946038a628d6f02d96cc44310d55e717354aa2b4/analysis/1457677327/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676b-8ef0-4820-acd8-4f6e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:19.000Z",
"modified": "2016-03-16T14:02:19.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 3540f2771b2661ecbd03933c227fb7f7",
"pattern": "[file:hashes.SHA256 = '7ef0043c19e126203afbe14a3b15657e63ec15ec18c92aa9dd346199aa9a9f1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676c-da28-42c3-9adb-423e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:20.000Z",
"modified": "2016-03-16T14:02:20.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 3540f2771b2661ecbd03933c227fb7f7",
"pattern": "[file:hashes.SHA1 = '9f9478a3e7d15890b764ee988b16035fdfdf1dea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9676c-b054-4b22-9c81-48a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:20.000Z",
"modified": "2016-03-16T14:02:20.000Z",
"first_observed": "2016-03-16T14:02:20Z",
"last_observed": "2016-03-16T14:02:20Z",
"number_observed": 1,
"object_refs": [
"url--56e9676c-b054-4b22-9c81-48a202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9676c-b054-4b22-9c81-48a202de0b81",
"value": "https://www.virustotal.com/file/7ef0043c19e126203afbe14a3b15657e63ec15ec18c92aa9dd346199aa9a9f1e/analysis/1457023669/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676c-4654-47c9-bb60-4efc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:20.000Z",
"modified": "2016-03-16T14:02:20.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 31a9e46ff607b842b8fff4a0644cc0f4",
"pattern": "[file:hashes.SHA256 = '4c016afa84e6a8179d5dc15d3fa18989a7604889437bba45a0086a8857b04e34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676d-c8d0-4c6b-a431-451602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:21.000Z",
"modified": "2016-03-16T14:02:21.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 31a9e46ff607b842b8fff4a0644cc0f4",
"pattern": "[file:hashes.SHA1 = '13a66618881d1ab2ca474a630c4c0802fab54596']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9676d-6498-49e0-9f80-474402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:21.000Z",
"modified": "2016-03-16T14:02:21.000Z",
"first_observed": "2016-03-16T14:02:21Z",
"last_observed": "2016-03-16T14:02:21Z",
"number_observed": 1,
"object_refs": [
"url--56e9676d-6498-49e0-9f80-474402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9676d-6498-49e0-9f80-474402de0b81",
"value": "https://www.virustotal.com/file/4c016afa84e6a8179d5dc15d3fa18989a7604889437bba45a0086a8857b04e34/analysis/1457023667/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676d-abf8-41d1-8a19-4f9302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:21.000Z",
"modified": "2016-03-16T14:02:21.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 2cff1578ac42cc0cd5f59e28d6e7240f",
"pattern": "[file:hashes.SHA256 = 'a41205eea1fe9ecb2061439518e54f76c28bb24a74f899f15b408f17f28ed491']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676e-ba40-4f15-8067-4e6f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:22.000Z",
"modified": "2016-03-16T14:02:22.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 2cff1578ac42cc0cd5f59e28d6e7240f",
"pattern": "[file:hashes.SHA1 = 'a17c08b971d526f433c40814520c5e2c909920d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9676e-9ebc-4511-88a1-4f3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:22.000Z",
"modified": "2016-03-16T14:02:22.000Z",
"first_observed": "2016-03-16T14:02:22Z",
"last_observed": "2016-03-16T14:02:22Z",
"number_observed": 1,
"object_refs": [
"url--56e9676e-9ebc-4511-88a1-4f3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9676e-9ebc-4511-88a1-4f3702de0b81",
"value": "https://www.virustotal.com/file/a41205eea1fe9ecb2061439518e54f76c28bb24a74f899f15b408f17f28ed491/analysis/1457023667/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676e-6510-4912-b3b7-4b5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:22.000Z",
"modified": "2016-03-16T14:02:22.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 2463d1ff1166e845e52a0c580fd3cb7d",
"pattern": "[file:hashes.SHA256 = '63275154c99227e3ae277590636accaaca7efcc0f8a7838312d66d4c30685c22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676f-f3e0-4432-b5d4-40bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:23.000Z",
"modified": "2016-03-16T14:02:23.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 2463d1ff1166e845e52a0c580fd3cb7d",
"pattern": "[file:hashes.SHA1 = '3d44cf9a814e57ded1590b008d1e9b28545f6bc3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9676f-c2e4-4b2a-ac70-4ebd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:23.000Z",
"modified": "2016-03-16T14:02:23.000Z",
"first_observed": "2016-03-16T14:02:23Z",
"last_observed": "2016-03-16T14:02:23Z",
"number_observed": 1,
"object_refs": [
"url--56e9676f-c2e4-4b2a-ac70-4ebd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9676f-c2e4-4b2a-ac70-4ebd02de0b81",
"value": "https://www.virustotal.com/file/63275154c99227e3ae277590636accaaca7efcc0f8a7838312d66d4c30685c22/analysis/1457023667/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9676f-9f00-41fe-9c6c-40ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:23.000Z",
"modified": "2016-03-16T14:02:23.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 23ec916b3eae3f88853bde8081be870f",
"pattern": "[file:hashes.SHA256 = 'dddc8b703f69d0fb7323e1cf0ef64b1e8468551e9110a3ec1c8efcb7514ada57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96770-7284-4813-b06f-479102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:24.000Z",
"modified": "2016-03-16T14:02:24.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 23ec916b3eae3f88853bde8081be870f",
"pattern": "[file:hashes.SHA1 = '6b265b5e9520c58e1c0859a6abca0bdf6fb04020']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96770-4f90-41c0-8cef-4a6902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:24.000Z",
"modified": "2016-03-16T14:02:24.000Z",
"first_observed": "2016-03-16T14:02:24Z",
"last_observed": "2016-03-16T14:02:24Z",
"number_observed": 1,
"object_refs": [
"url--56e96770-4f90-41c0-8cef-4a6902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96770-4f90-41c0-8cef-4a6902de0b81",
"value": "https://www.virustotal.com/file/dddc8b703f69d0fb7323e1cf0ef64b1e8468551e9110a3ec1c8efcb7514ada57/analysis/1457023666/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96770-45f8-4973-b587-491102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:24.000Z",
"modified": "2016-03-16T14:02:24.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 22192141d2010fe9fed871d05573dda4",
"pattern": "[file:hashes.SHA256 = '8142d4e6908d773d8241fcb54f04ff033b1ca67f8e474ef09ce2ce22b85474fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96771-b400-420a-9c2f-46e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:25.000Z",
"modified": "2016-03-16T14:02:25.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 22192141d2010fe9fed871d05573dda4",
"pattern": "[file:hashes.SHA1 = '231ca1967f581b740d31fb0cccee7c97b0ce22a3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96771-96a4-45a0-b938-466202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:25.000Z",
"modified": "2016-03-16T14:02:25.000Z",
"first_observed": "2016-03-16T14:02:25Z",
"last_observed": "2016-03-16T14:02:25Z",
"number_observed": 1,
"object_refs": [
"url--56e96771-96a4-45a0-b938-466202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96771-96a4-45a0-b938-466202de0b81",
"value": "https://www.virustotal.com/file/8142d4e6908d773d8241fcb54f04ff033b1ca67f8e474ef09ce2ce22b85474fe/analysis/1457023665/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96771-ea04-45c0-9121-4d5a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:25.000Z",
"modified": "2016-03-16T14:02:25.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 1d49dc6af6803d9ffc59a859315b2ac4",
"pattern": "[file:hashes.SHA256 = 'c8ae3bc242d003787798705b4fe3641417760259ecb7495323338d30adff34e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96771-c228-422d-8f4e-40ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:25.000Z",
"modified": "2016-03-16T14:02:25.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 1d49dc6af6803d9ffc59a859315b2ac4",
"pattern": "[file:hashes.SHA1 = 'd82f8532c410856e0569871e8f7c38599d8fc591']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96772-34bc-459b-94fe-479602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:26.000Z",
"modified": "2016-03-16T14:02:26.000Z",
"first_observed": "2016-03-16T14:02:26Z",
"last_observed": "2016-03-16T14:02:26Z",
"number_observed": 1,
"object_refs": [
"url--56e96772-34bc-459b-94fe-479602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96772-34bc-459b-94fe-479602de0b81",
"value": "https://www.virustotal.com/file/c8ae3bc242d003787798705b4fe3641417760259ecb7495323338d30adff34e1/analysis/1457023666/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96772-a6b0-411d-aaaa-4b8402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:26.000Z",
"modified": "2016-03-16T14:02:26.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 17d22686bfc825d9369a0751c4cc6a22",
"pattern": "[file:hashes.SHA256 = 'd97ee2b4edb9e1af5e054fd880c13401a17d68886cf9edf99c7eb5efc1fcd5c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96772-c55c-4d4f-a6a3-41c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:26.000Z",
"modified": "2016-03-16T14:02:26.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 17d22686bfc825d9369a0751c4cc6a22",
"pattern": "[file:hashes.SHA1 = 'e36a18b8276e5c560d72027fd39ec0153ccfffaf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96772-afdc-42b7-8adc-47b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:26.000Z",
"modified": "2016-03-16T14:02:26.000Z",
"first_observed": "2016-03-16T14:02:26Z",
"last_observed": "2016-03-16T14:02:26Z",
"number_observed": 1,
"object_refs": [
"url--56e96772-afdc-42b7-8adc-47b802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96772-afdc-42b7-8adc-47b802de0b81",
"value": "https://www.virustotal.com/file/d97ee2b4edb9e1af5e054fd880c13401a17d68886cf9edf99c7eb5efc1fcd5c8/analysis/1457023665/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96773-5eb4-42e4-8c00-4f4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:27.000Z",
"modified": "2016-03-16T14:02:27.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 131b4ed3df80e2f794a3e353e2c7f8fb",
"pattern": "[file:hashes.SHA256 = '7927fb4016f3e4bb4118e3eb0e58593b9642e5b709d7ce2936c719c4fe2f9a69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96773-b988-4fbf-8051-44b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:27.000Z",
"modified": "2016-03-16T14:02:27.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 131b4ed3df80e2f794a3e353e2c7f8fb",
"pattern": "[file:hashes.SHA1 = '340a13547cef341ee99e5d2bc49a0e850310b6e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96773-d5b4-42fa-a8d8-452602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:27.000Z",
"modified": "2016-03-16T14:02:27.000Z",
"first_observed": "2016-03-16T14:02:27Z",
"last_observed": "2016-03-16T14:02:27Z",
"number_observed": 1,
"object_refs": [
"url--56e96773-d5b4-42fa-a8d8-452602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96773-d5b4-42fa-a8d8-452602de0b81",
"value": "https://www.virustotal.com/file/7927fb4016f3e4bb4118e3eb0e58593b9642e5b709d7ce2936c719c4fe2f9a69/analysis/1457502369/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96774-1130-4736-b777-4f8d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:28.000Z",
"modified": "2016-03-16T14:02:28.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 010aa8d6e6f5346118546b1e4e414cb2",
"pattern": "[file:hashes.SHA256 = '81c0ddfe0e7cba1c5bdd875fe3a8c44fe3b07e6f1c743daf4860db96419b3cc2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96774-dff4-4bd2-ae58-46f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:28.000Z",
"modified": "2016-03-16T14:02:28.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 010aa8d6e6f5346118546b1e4e414cb2",
"pattern": "[file:hashes.SHA1 = 'b13ef475833b812f63f32c70718f9a5ac33a4243']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96774-99d8-4631-b7b4-499f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:28.000Z",
"modified": "2016-03-16T14:02:28.000Z",
"first_observed": "2016-03-16T14:02:28Z",
"last_observed": "2016-03-16T14:02:28Z",
"number_observed": 1,
"object_refs": [
"url--56e96774-99d8-4631-b7b4-499f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96774-99d8-4631-b7b4-499f02de0b81",
"value": "https://www.virustotal.com/file/81c0ddfe0e7cba1c5bdd875fe3a8c44fe3b07e6f1c743daf4860db96419b3cc2/analysis/1457023665/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96774-f22c-4520-8db7-4ca502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:28.000Z",
"modified": "2016-03-16T14:02:28.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 010a50145563a6c554de12b8770f16f7",
"pattern": "[file:hashes.SHA256 = 'f52e06b7a163f07b48f32e5f4420dc488f5a0452abcbed5fbf259af37c7989f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96775-8cc4-44df-bed4-469402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:29.000Z",
"modified": "2016-03-16T14:02:29.000Z",
"description": "Peppy RAT Samples - Xchecked via VT: 010a50145563a6c554de12b8770f16f7",
"pattern": "[file:hashes.SHA1 = 'b34255200abfdc0a329509650d13ef31541edda5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96775-33c4-48e8-8473-4b4f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:29.000Z",
"modified": "2016-03-16T14:02:29.000Z",
"first_observed": "2016-03-16T14:02:29Z",
"last_observed": "2016-03-16T14:02:29Z",
"number_observed": 1,
"object_refs": [
"url--56e96775-33c4-48e8-8473-4b4f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96775-33c4-48e8-8473-4b4f02de0b81",
"value": "https://www.virustotal.com/file/f52e06b7a163f07b48f32e5f4420dc488f5a0452abcbed5fbf259af37c7989f1/analysis/1457502260/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96776-f4e0-4d3c-ae11-430b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:30.000Z",
"modified": "2016-03-16T14:02:30.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: fe955b4bbe3b6aa2a1d8ebf6ee7c5c42",
"pattern": "[file:hashes.SHA256 = 'a7a642165c905652e45b473c59ad191624ba6726f092831bd21062fb4ae349ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96776-70dc-40b8-8895-460a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:30.000Z",
"modified": "2016-03-16T14:02:30.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: fe955b4bbe3b6aa2a1d8ebf6ee7c5c42",
"pattern": "[file:hashes.SHA1 = 'de5077d270f07daf818401d37409c3040493b5dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96776-a064-4711-8613-41f602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:30.000Z",
"modified": "2016-03-16T14:02:30.000Z",
"first_observed": "2016-03-16T14:02:30Z",
"last_observed": "2016-03-16T14:02:30Z",
"number_observed": 1,
"object_refs": [
"url--56e96776-a064-4711-8613-41f602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96776-a064-4711-8613-41f602de0b81",
"value": "https://www.virustotal.com/file/a7a642165c905652e45b473c59ad191624ba6726f092831bd21062fb4ae349ea/analysis/1457023664/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96777-7fb8-484e-a196-438e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:31.000Z",
"modified": "2016-03-16T14:02:31.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: f078b5aeaf73831361ecd96a069c9f50",
"pattern": "[file:hashes.SHA256 = '0638cdef52fd46ad9f6d9064be686e6aecf48b0ea26db6eb28c2954a510479c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96777-eef8-4c17-9d5f-4b3302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:31.000Z",
"modified": "2016-03-16T14:02:31.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: f078b5aeaf73831361ecd96a069c9f50",
"pattern": "[file:hashes.SHA1 = '18607b8eae4c762e30f743ffef000c717077ea5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96777-2948-494c-96d6-433a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:31.000Z",
"modified": "2016-03-16T14:02:31.000Z",
"first_observed": "2016-03-16T14:02:31Z",
"last_observed": "2016-03-16T14:02:31Z",
"number_observed": 1,
"object_refs": [
"url--56e96777-2948-494c-96d6-433a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96777-2948-494c-96d6-433a02de0b81",
"value": "https://www.virustotal.com/file/0638cdef52fd46ad9f6d9064be686e6aecf48b0ea26db6eb28c2954a510479c7/analysis/1455534561/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96778-254c-4256-80ba-473302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:32.000Z",
"modified": "2016-03-16T14:02:32.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: ed1daf18ef09fb2a5c58ab89824ecab0",
"pattern": "[file:hashes.SHA256 = '0ec8a952ab213091f04b02cc763ff13a3edb054dcdc33876c18e8b14b3570478']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96778-f52c-489b-ab0a-443802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:32.000Z",
"modified": "2016-03-16T14:02:32.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: ed1daf18ef09fb2a5c58ab89824ecab0",
"pattern": "[file:hashes.SHA1 = 'b97ae2f4f7c221586b0097afae8b3a7ded611180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96778-f700-42d4-8437-40e302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:32.000Z",
"modified": "2016-03-16T14:02:32.000Z",
"first_observed": "2016-03-16T14:02:32Z",
"last_observed": "2016-03-16T14:02:32Z",
"number_observed": 1,
"object_refs": [
"url--56e96778-f700-42d4-8437-40e302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96778-f700-42d4-8437-40e302de0b81",
"value": "https://www.virustotal.com/file/0ec8a952ab213091f04b02cc763ff13a3edb054dcdc33876c18e8b14b3570478/analysis/1457023663/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96779-78d0-45d3-8ee9-4e7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:33.000Z",
"modified": "2016-03-16T14:02:33.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: eaee83a376914616924eab9b4b96b050",
"pattern": "[file:hashes.SHA256 = 'cceef110cce627efc934e35638a0b2bc0aa7a8d3effa6bd2744d0e7be4ba9749']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96779-5b70-4413-83fa-44b802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:33.000Z",
"modified": "2016-03-16T14:02:33.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: eaee83a376914616924eab9b4b96b050",
"pattern": "[file:hashes.SHA1 = '9b9599ee504272c90d01c93225d999cdc8431795']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96779-05a0-45c5-913f-427302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:33.000Z",
"modified": "2016-03-16T14:02:33.000Z",
"first_observed": "2016-03-16T14:02:33Z",
"last_observed": "2016-03-16T14:02:33Z",
"number_observed": 1,
"object_refs": [
"url--56e96779-05a0-45c5-913f-427302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96779-05a0-45c5-913f-427302de0b81",
"value": "https://www.virustotal.com/file/cceef110cce627efc934e35638a0b2bc0aa7a8d3effa6bd2744d0e7be4ba9749/analysis/1457677654/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96779-78d0-4cbb-afed-47c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:33.000Z",
"modified": "2016-03-16T14:02:33.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: e7803020e9697d77f165babecf20ea82",
"pattern": "[file:hashes.SHA256 = 'ef97cb5e25f77ea34878cf6e9161d6065a14f0bacf28a815e3231da479838586']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677a-afe0-4bd4-8f90-4a3902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:34.000Z",
"modified": "2016-03-16T14:02:34.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: e7803020e9697d77f165babecf20ea82",
"pattern": "[file:hashes.SHA1 = '38cf626f08f23b9ede978832ecab98f7aea835cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9677a-8da0-4a2c-b9fe-42a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:34.000Z",
"modified": "2016-03-16T14:02:34.000Z",
"first_observed": "2016-03-16T14:02:34Z",
"last_observed": "2016-03-16T14:02:34Z",
"number_observed": 1,
"object_refs": [
"url--56e9677a-8da0-4a2c-b9fe-42a102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9677a-8da0-4a2c-b9fe-42a102de0b81",
"value": "https://www.virustotal.com/file/ef97cb5e25f77ea34878cf6e9161d6065a14f0bacf28a815e3231da479838586/analysis/1442671225/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677a-798c-4632-8f0f-4c2602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:34.000Z",
"modified": "2016-03-16T14:02:34.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: d53de7c980eb34f9369e342d5d235c9b",
"pattern": "[file:hashes.SHA256 = '1866f3ce039a8fda70bc2f906bd3e9e8479be85d5430373fd085e9ebca073b1c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677b-b50c-4207-84c7-4d0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:35.000Z",
"modified": "2016-03-16T14:02:35.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: d53de7c980eb34f9369e342d5d235c9b",
"pattern": "[file:hashes.SHA1 = 'c91df56b7d387d7ae8f207ecf84ef3c0674f8927']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9677b-0d88-461c-abf3-4c2802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:35.000Z",
"modified": "2016-03-16T14:02:35.000Z",
"first_observed": "2016-03-16T14:02:35Z",
"last_observed": "2016-03-16T14:02:35Z",
"number_observed": 1,
"object_refs": [
"url--56e9677b-0d88-461c-abf3-4c2802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9677b-0d88-461c-abf3-4c2802de0b81",
"value": "https://www.virustotal.com/file/1866f3ce039a8fda70bc2f906bd3e9e8479be85d5430373fd085e9ebca073b1c/analysis/1451206536/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677b-d834-4d58-a46a-48fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:35.000Z",
"modified": "2016-03-16T14:02:35.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: cb0768c89e83f2328952ba51e4d4b7f1",
"pattern": "[file:hashes.SHA256 = 'f23142e54092231ccc04960598d8d17f3a79a5bf0719a9a0cb73c588afae3808']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677b-3fd8-46fe-a55b-4d6502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:35.000Z",
"modified": "2016-03-16T14:02:35.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: cb0768c89e83f2328952ba51e4d4b7f1",
"pattern": "[file:hashes.SHA1 = 'dfff31642cddc28498df7e67682eef4a7647c61a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9677c-f530-46a0-b3cb-43e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:36.000Z",
"modified": "2016-03-16T14:02:36.000Z",
"first_observed": "2016-03-16T14:02:36Z",
"last_observed": "2016-03-16T14:02:36Z",
"number_observed": 1,
"object_refs": [
"url--56e9677c-f530-46a0-b3cb-43e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9677c-f530-46a0-b3cb-43e802de0b81",
"value": "https://www.virustotal.com/file/f23142e54092231ccc04960598d8d17f3a79a5bf0719a9a0cb73c588afae3808/analysis/1457677575/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677c-44e8-454f-9cd1-44d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:36.000Z",
"modified": "2016-03-16T14:02:36.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: c2bc8bc9ff7a34f14403222e58963507",
"pattern": "[file:hashes.SHA256 = '24c1b3bf391fa6f55fffa6dca01eae3e7c5bd0eb583d8ad16cff3d92cbd0687e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677c-22ec-4ad2-acfc-467f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:36.000Z",
"modified": "2016-03-16T14:02:36.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: c2bc8bc9ff7a34f14403222e58963507",
"pattern": "[file:hashes.SHA1 = 'ccf1321527a30c9567cb7aad4fa00d2c77538ed9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9677c-a484-4283-a1a7-41a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:36.000Z",
"modified": "2016-03-16T14:02:36.000Z",
"first_observed": "2016-03-16T14:02:36Z",
"last_observed": "2016-03-16T14:02:36Z",
"number_observed": 1,
"object_refs": [
"url--56e9677c-a484-4283-a1a7-41a102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9677c-a484-4283-a1a7-41a102de0b81",
"value": "https://www.virustotal.com/file/24c1b3bf391fa6f55fffa6dca01eae3e7c5bd0eb583d8ad16cff3d92cbd0687e/analysis/1457899672/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677d-e790-471a-b3aa-44de02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:37.000Z",
"modified": "2016-03-16T14:02:37.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: bcbac2241977c976aec01592fb514aa4",
"pattern": "[file:hashes.SHA256 = '61fec7d90f2313f1a0fe12453c0b41481ea6d327b5275b144d1938ba296a914d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677d-b2c8-4087-a0c0-46a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:37.000Z",
"modified": "2016-03-16T14:02:37.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: bcbac2241977c976aec01592fb514aa4",
"pattern": "[file:hashes.SHA1 = '79bbacbbe55c1065fe2e6a07aac852ef5c0c86ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9677d-e4fc-4263-aadf-4f4502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:37.000Z",
"modified": "2016-03-16T14:02:37.000Z",
"first_observed": "2016-03-16T14:02:37Z",
"last_observed": "2016-03-16T14:02:37Z",
"number_observed": 1,
"object_refs": [
"url--56e9677d-e4fc-4263-aadf-4f4502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9677d-e4fc-4263-aadf-4f4502de0b81",
"value": "https://www.virustotal.com/file/61fec7d90f2313f1a0fe12453c0b41481ea6d327b5275b144d1938ba296a914d/analysis/1454933097/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677e-9e80-4065-ac7a-4f7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:38.000Z",
"modified": "2016-03-16T14:02:38.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: a3aa3a12d81c9862b18f83a77d7215ca",
"pattern": "[file:hashes.SHA256 = '56ec7c81e26fbbab76fa82cce7b9efc16722bb0ff918cde091559b2d2dd7ee2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677e-fb58-4338-95ec-4b7f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:38.000Z",
"modified": "2016-03-16T14:02:38.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: a3aa3a12d81c9862b18f83a77d7215ca",
"pattern": "[file:hashes.SHA1 = '6e3e89e2f3d096ee09d4bf88410e80ef17536ab7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9677e-d584-413e-8731-492a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:38.000Z",
"modified": "2016-03-16T14:02:38.000Z",
"first_observed": "2016-03-16T14:02:38Z",
"last_observed": "2016-03-16T14:02:38Z",
"number_observed": 1,
"object_refs": [
"url--56e9677e-d584-413e-8731-492a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9677e-d584-413e-8731-492a02de0b81",
"value": "https://www.virustotal.com/file/56ec7c81e26fbbab76fa82cce7b9efc16722bb0ff918cde091559b2d2dd7ee2c/analysis/1457780863/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677e-daac-4407-ae4e-4f0f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:38.000Z",
"modified": "2016-03-16T14:02:38.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 94d29dded4dfd920fc4153f18e82fc6c",
"pattern": "[file:hashes.SHA256 = '004936678c928e5945abc599e913e96f663fb81eef6e5d6970feac378181cccf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677f-e510-44bf-9a7a-4c2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:39.000Z",
"modified": "2016-03-16T14:02:39.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 94d29dded4dfd920fc4153f18e82fc6c",
"pattern": "[file:hashes.SHA1 = '57a35e324d60336b4bbff644c754bcc0b173c19b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9677f-a0cc-4383-a4b2-4fde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:39.000Z",
"modified": "2016-03-16T14:02:39.000Z",
"first_observed": "2016-03-16T14:02:39Z",
"last_observed": "2016-03-16T14:02:39Z",
"number_observed": 1,
"object_refs": [
"url--56e9677f-a0cc-4383-a4b2-4fde02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9677f-a0cc-4383-a4b2-4fde02de0b81",
"value": "https://www.virustotal.com/file/004936678c928e5945abc599e913e96f663fb81eef6e5d6970feac378181cccf/analysis/1457023662/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9677f-71e4-4c4b-ac31-45e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:39.000Z",
"modified": "2016-03-16T14:02:39.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 943f35200dce22766d0c2906d25be187",
"pattern": "[file:hashes.SHA256 = '78175b44c1cbedb79c179c33c3def3ea140b209f15dde8fa3f8c45004394a76e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96780-355c-4373-8180-4cf902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:40.000Z",
"modified": "2016-03-16T14:02:40.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 943f35200dce22766d0c2906d25be187",
"pattern": "[file:hashes.SHA1 = '6e9f7890dbe523a5cadcb33e20a2e78a69936b01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96780-f660-4de0-bd50-4d3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:40.000Z",
"modified": "2016-03-16T14:02:40.000Z",
"first_observed": "2016-03-16T14:02:40Z",
"last_observed": "2016-03-16T14:02:40Z",
"number_observed": 1,
"object_refs": [
"url--56e96780-f660-4de0-bd50-4d3202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96780-f660-4de0-bd50-4d3202de0b81",
"value": "https://www.virustotal.com/file/78175b44c1cbedb79c179c33c3def3ea140b209f15dde8fa3f8c45004394a76e/analysis/1457677480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96780-e520-4f0b-8dc4-4fdc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:40.000Z",
"modified": "2016-03-16T14:02:40.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 92f78a182faf26550d6fab2d9ec0692d",
"pattern": "[file:hashes.SHA256 = '50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96780-bd44-4ccd-a3b3-4afd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:40.000Z",
"modified": "2016-03-16T14:02:40.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 92f78a182faf26550d6fab2d9ec0692d",
"pattern": "[file:hashes.SHA1 = '3abd37f20fa74462f4e49d24b38e33889da22a63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96781-b200-4724-bfcd-4cc502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:41.000Z",
"modified": "2016-03-16T14:02:41.000Z",
"first_observed": "2016-03-16T14:02:41Z",
"last_observed": "2016-03-16T14:02:41Z",
"number_observed": 1,
"object_refs": [
"url--56e96781-b200-4724-bfcd-4cc502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96781-b200-4724-bfcd-4cc502de0b81",
"value": "https://www.virustotal.com/file/50de9dfa7fda82584acafb9ef9ed816587316006865092a00c56b4b3177c2786/analysis/1457023661/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96781-5c4c-4313-a839-461102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:41.000Z",
"modified": "2016-03-16T14:02:41.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 8317bb3d192c4495507a5945f27705af",
"pattern": "[file:hashes.SHA256 = 'f847f12ac1196ea30fd0e9bba5e270853f10db21221a4e463a3050b1bdac653c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96781-f680-4243-80a9-44b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:41.000Z",
"modified": "2016-03-16T14:02:41.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 8317bb3d192c4495507a5945f27705af",
"pattern": "[file:hashes.SHA1 = '2eab604f0ff183191afbf37cd55de32542b15e47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96781-3dc8-4ee9-9d03-42d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:41.000Z",
"modified": "2016-03-16T14:02:41.000Z",
"first_observed": "2016-03-16T14:02:41Z",
"last_observed": "2016-03-16T14:02:41Z",
"number_observed": 1,
"object_refs": [
"url--56e96781-3dc8-4ee9-9d03-42d702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96781-3dc8-4ee9-9d03-42d702de0b81",
"value": "https://www.virustotal.com/file/f847f12ac1196ea30fd0e9bba5e270853f10db21221a4e463a3050b1bdac653c/analysis/1457023661/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96782-e794-4a36-adb1-499602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:42.000Z",
"modified": "2016-03-16T14:02:42.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 819715180810caaaa969c816eb2b7491",
"pattern": "[file:hashes.SHA256 = '22d41b74d2ec8028c4e7e7d60e59bbb209523a943ec50581a7b3ae4603c64fba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96782-f3c0-4b58-884d-49a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:42.000Z",
"modified": "2016-03-16T14:02:42.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 819715180810caaaa969c816eb2b7491",
"pattern": "[file:hashes.SHA1 = '5b29e5e7ee100af6cdb4269fc4cc174550c7c869']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96782-2b98-47e0-bcec-4e2702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:42.000Z",
"modified": "2016-03-16T14:02:42.000Z",
"first_observed": "2016-03-16T14:02:42Z",
"last_observed": "2016-03-16T14:02:42Z",
"number_observed": 1,
"object_refs": [
"url--56e96782-2b98-47e0-bcec-4e2702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96782-2b98-47e0-bcec-4e2702de0b81",
"value": "https://www.virustotal.com/file/22d41b74d2ec8028c4e7e7d60e59bbb209523a943ec50581a7b3ae4603c64fba/analysis/1457023661/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96783-2e8c-4cbb-8fe6-454402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:43.000Z",
"modified": "2016-03-16T14:02:43.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 811eb99fb1aca98052db4b78c288889c",
"pattern": "[file:hashes.SHA256 = '813f4d0dac6ee943f7583baaa1727a53927ec0fb11226663d04458181f4feb1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96783-67c8-4f67-9f73-4ab902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:43.000Z",
"modified": "2016-03-16T14:02:43.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 811eb99fb1aca98052db4b78c288889c",
"pattern": "[file:hashes.SHA1 = 'dc9a686a37ad0275f65f267a0c6b1ab7d35b35b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96783-4f44-4ae4-833e-40d102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:43.000Z",
"modified": "2016-03-16T14:02:43.000Z",
"first_observed": "2016-03-16T14:02:43Z",
"last_observed": "2016-03-16T14:02:43Z",
"number_observed": 1,
"object_refs": [
"url--56e96783-4f44-4ae4-833e-40d102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96783-4f44-4ae4-833e-40d102de0b81",
"value": "https://www.virustotal.com/file/813f4d0dac6ee943f7583baaa1727a53927ec0fb11226663d04458181f4feb1d/analysis/1457023661/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96783-38b8-4e06-adf2-429f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:43.000Z",
"modified": "2016-03-16T14:02:43.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 71b4bbddf46e1990210742a406c490bf",
"pattern": "[file:hashes.SHA256 = '140ba40d2a33c67b38a909ca076a0989632fbefc17da9574e727925f066d8e91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96784-6938-4aea-ae80-4d8702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:44.000Z",
"modified": "2016-03-16T14:02:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 71b4bbddf46e1990210742a406c490bf",
"pattern": "[file:hashes.SHA1 = '424234ca7a12d3b833cb372fa6bd4f1ee0697d54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96784-eafc-440f-96ce-4c2702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:44.000Z",
"modified": "2016-03-16T14:02:44.000Z",
"first_observed": "2016-03-16T14:02:44Z",
"last_observed": "2016-03-16T14:02:44Z",
"number_observed": 1,
"object_refs": [
"url--56e96784-eafc-440f-96ce-4c2702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96784-eafc-440f-96ce-4c2702de0b81",
"value": "https://www.virustotal.com/file/140ba40d2a33c67b38a909ca076a0989632fbefc17da9574e727925f066d8e91/analysis/1457023660/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96784-3130-4a00-b9b4-44d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:44.000Z",
"modified": "2016-03-16T14:02:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 6746c430f978d0bc9bbecff87c651fa2",
"pattern": "[file:hashes.SHA256 = '191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96784-c014-4b98-9d48-4e6402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:44.000Z",
"modified": "2016-03-16T14:02:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 6746c430f978d0bc9bbecff87c651fa2",
"pattern": "[file:hashes.SHA1 = '0edc71cc01ec8d16aeddf0c807bb696966c83266']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96785-1008-4f18-a38a-4df102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:45.000Z",
"modified": "2016-03-16T14:02:45.000Z",
"first_observed": "2016-03-16T14:02:45Z",
"last_observed": "2016-03-16T14:02:45Z",
"number_observed": 1,
"object_refs": [
"url--56e96785-1008-4f18-a38a-4df102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96785-1008-4f18-a38a-4df102de0b81",
"value": "https://www.virustotal.com/file/191be51494ba626d039470f78dc140b41c3d81ff71dd069ef118b5a8c76b0714/analysis/1456617341/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96785-dbc4-4b94-8ff2-423802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:45.000Z",
"modified": "2016-03-16T14:02:45.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 59e0fc469d1af7532507c19b47f19960",
"pattern": "[file:hashes.SHA256 = '9262613b8a407e538462aec5902d6e8d84ad9f1345e350be3ed45098fd9a8d1b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96785-0780-4ee3-b226-433c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:45.000Z",
"modified": "2016-03-16T14:02:45.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 59e0fc469d1af7532507c19b47f19960",
"pattern": "[file:hashes.SHA1 = '963d63b93f28f7077c77bdbdc2ec5dc39e909a3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96786-a5a8-4f22-b797-4aa602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:46.000Z",
"modified": "2016-03-16T14:02:46.000Z",
"first_observed": "2016-03-16T14:02:46Z",
"last_observed": "2016-03-16T14:02:46Z",
"number_observed": 1,
"object_refs": [
"url--56e96786-a5a8-4f22-b797-4aa602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96786-a5a8-4f22-b797-4aa602de0b81",
"value": "https://www.virustotal.com/file/9262613b8a407e538462aec5902d6e8d84ad9f1345e350be3ed45098fd9a8d1b/analysis/1457023659/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96786-1bf8-49ac-b978-4ef102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:46.000Z",
"modified": "2016-03-16T14:02:46.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 5371d2984cbd1ae8283f9ae9eeee718d",
"pattern": "[file:hashes.SHA256 = '06158ea9684f86faee3e0d09810f78f1c9be304f92a9d13cf908995dec12741c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96786-f034-4b88-89b2-45e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:46.000Z",
"modified": "2016-03-16T14:02:46.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 5371d2984cbd1ae8283f9ae9eeee718d",
"pattern": "[file:hashes.SHA1 = '7ddd331686d6b26dc779645a51c7f7eabb655a74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96786-d598-43be-b141-439802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:46.000Z",
"modified": "2016-03-16T14:02:46.000Z",
"first_observed": "2016-03-16T14:02:46Z",
"last_observed": "2016-03-16T14:02:46Z",
"number_observed": 1,
"object_refs": [
"url--56e96786-d598-43be-b141-439802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96786-d598-43be-b141-439802de0b81",
"value": "https://www.virustotal.com/file/06158ea9684f86faee3e0d09810f78f1c9be304f92a9d13cf908995dec12741c/analysis/1457023659/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96787-5d38-49b8-a7e2-409e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:47.000Z",
"modified": "2016-03-16T14:02:47.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 43f47d2045ca98265fd4bd4011a04932",
"pattern": "[file:hashes.SHA256 = 'c0e35d03b416060062a28c3c671378fb41f9ba9bb5b2805a9b452f001d07e043']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96787-ee10-4973-930f-426102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:47.000Z",
"modified": "2016-03-16T14:02:47.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 43f47d2045ca98265fd4bd4011a04932",
"pattern": "[file:hashes.SHA1 = '02090192243dbaa560310f10b27f817206cc02c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96787-bd80-43b3-a31f-49f302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:47.000Z",
"modified": "2016-03-16T14:02:47.000Z",
"first_observed": "2016-03-16T14:02:47Z",
"last_observed": "2016-03-16T14:02:47Z",
"number_observed": 1,
"object_refs": [
"url--56e96787-bd80-43b3-a31f-49f302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96787-bd80-43b3-a31f-49f302de0b81",
"value": "https://www.virustotal.com/file/c0e35d03b416060062a28c3c671378fb41f9ba9bb5b2805a9b452f001d07e043/analysis/1457023659/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96787-de70-4ff1-b284-4b6102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:47.000Z",
"modified": "2016-03-16T14:02:47.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 4297041e3a701ed8c01e40d6c54264a1",
"pattern": "[file:hashes.SHA256 = '02283ec4ecef511350c644689aadf37e5eaf1f4d0eac249e16baac0b1298ac8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96788-0b08-4624-a282-42a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:48.000Z",
"modified": "2016-03-16T14:02:48.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 4297041e3a701ed8c01e40d6c54264a1",
"pattern": "[file:hashes.SHA1 = '23dcec87435af17e695c8612f1453d38950bc61d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96788-7eb4-4b63-9460-427c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:48.000Z",
"modified": "2016-03-16T14:02:48.000Z",
"first_observed": "2016-03-16T14:02:48Z",
"last_observed": "2016-03-16T14:02:48Z",
"number_observed": 1,
"object_refs": [
"url--56e96788-7eb4-4b63-9460-427c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96788-7eb4-4b63-9460-427c02de0b81",
"value": "https://www.virustotal.com/file/02283ec4ecef511350c644689aadf37e5eaf1f4d0eac249e16baac0b1298ac8d/analysis/1457023658/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96788-c064-4b5a-baf8-4f4802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:48.000Z",
"modified": "2016-03-16T14:02:48.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 3ff165ee68d1bc03ae7d4d3baf99b963",
"pattern": "[file:hashes.SHA256 = 'a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96789-b8dc-4851-bb53-4af402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:49.000Z",
"modified": "2016-03-16T14:02:49.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 3ff165ee68d1bc03ae7d4d3baf99b963",
"pattern": "[file:hashes.SHA1 = '4ff623b234d7c72d3a8e12cdf90561bdd65be711']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96789-1018-4a50-ac45-447e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:49.000Z",
"modified": "2016-03-16T14:02:49.000Z",
"first_observed": "2016-03-16T14:02:49Z",
"last_observed": "2016-03-16T14:02:49Z",
"number_observed": 1,
"object_refs": [
"url--56e96789-1018-4a50-ac45-447e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96789-1018-4a50-ac45-447e02de0b81",
"value": "https://www.virustotal.com/file/a86e18190270888e9b8703a05c08588ab7fa841fea08ee667accc331c92e642f/analysis/1457023658/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96789-d124-4187-be6e-44c002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:49.000Z",
"modified": "2016-03-16T14:02:49.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 1a1426a94e37e5f3c14cd2b6740e27e1",
"pattern": "[file:hashes.SHA256 = '06f277d1d69550e345a08b34c034e257d5923b9d62a3cb00719aae96debd2332']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96789-d1e8-4f6d-9ffc-46b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:49.000Z",
"modified": "2016-03-16T14:02:49.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 1a1426a94e37e5f3c14cd2b6740e27e1",
"pattern": "[file:hashes.SHA1 = '8568bfddfdf948e15934363f891028f0f798ddb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9678a-8e64-4370-b138-4f5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:50.000Z",
"modified": "2016-03-16T14:02:50.000Z",
"first_observed": "2016-03-16T14:02:50Z",
"last_observed": "2016-03-16T14:02:50Z",
"number_observed": 1,
"object_refs": [
"url--56e9678a-8e64-4370-b138-4f5302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9678a-8e64-4370-b138-4f5302de0b81",
"value": "https://www.virustotal.com/file/06f277d1d69550e345a08b34c034e257d5923b9d62a3cb00719aae96debd2332/analysis/1444366851/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678a-be68-45d5-bc19-471902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:50.000Z",
"modified": "2016-03-16T14:02:50.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 19b9f62f29f3689b1db4c56deed7e162",
"pattern": "[file:hashes.SHA256 = 'ac9d6c79646a6603072e17e8514e70e416cff60abccc0ca45b61b8b8a69f6d20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678a-a02c-4f5b-9b58-491e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:50.000Z",
"modified": "2016-03-16T14:02:50.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 19b9f62f29f3689b1db4c56deed7e162",
"pattern": "[file:hashes.SHA1 = '72adf01044e7ceeefc7b50977b329a903cbcb6cb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9678b-c760-4857-bb3c-48d002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:51.000Z",
"modified": "2016-03-16T14:02:51.000Z",
"first_observed": "2016-03-16T14:02:51Z",
"last_observed": "2016-03-16T14:02:51Z",
"number_observed": 1,
"object_refs": [
"url--56e9678b-c760-4857-bb3c-48d002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9678b-c760-4857-bb3c-48d002de0b81",
"value": "https://www.virustotal.com/file/ac9d6c79646a6603072e17e8514e70e416cff60abccc0ca45b61b8b8a69f6d20/analysis/1457023657/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678b-bb1c-4dfb-a3c3-4b7202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:51.000Z",
"modified": "2016-03-16T14:02:51.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 14be26aa207cff81ff814c8a7a8e2f03",
"pattern": "[file:hashes.SHA256 = '3dd14366762547c4aa2307489c6248dec4a57bec2231433b58cdf8c5e830785a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678c-19fc-40fa-a448-4bbe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:52.000Z",
"modified": "2016-03-16T14:02:52.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 14be26aa207cff81ff814c8a7a8e2f03",
"pattern": "[file:hashes.SHA1 = '0cff5cc4c46e148d3d8c93d11c459f7ede3a854c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9678c-cde4-453a-91e1-4d5602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:52.000Z",
"modified": "2016-03-16T14:02:52.000Z",
"first_observed": "2016-03-16T14:02:52Z",
"last_observed": "2016-03-16T14:02:52Z",
"number_observed": 1,
"object_refs": [
"url--56e9678c-cde4-453a-91e1-4d5602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9678c-cde4-453a-91e1-4d5602de0b81",
"value": "https://www.virustotal.com/file/3dd14366762547c4aa2307489c6248dec4a57bec2231433b58cdf8c5e830785a/analysis/1457023657/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678d-5b54-4c75-98c4-45f302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:53.000Z",
"modified": "2016-03-16T14:02:53.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 0964887f6f709f9c3f11701412acb9c1",
"pattern": "[file:hashes.SHA256 = '901284810daf81a6130eda3d35878acbf84af10324bedc4e1ea8059f15cb665b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678d-30c4-4ab8-8dca-411b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:53.000Z",
"modified": "2016-03-16T14:02:53.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 0964887f6f709f9c3f11701412acb9c1",
"pattern": "[file:hashes.SHA1 = 'c9d3cd219021d0a64716c185ea38105d3f17e97e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9678e-87b0-4a21-9d69-495302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:54.000Z",
"modified": "2016-03-16T14:02:54.000Z",
"first_observed": "2016-03-16T14:02:54Z",
"last_observed": "2016-03-16T14:02:54Z",
"number_observed": 1,
"object_refs": [
"url--56e9678e-87b0-4a21-9d69-495302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9678e-87b0-4a21-9d69-495302de0b81",
"value": "https://www.virustotal.com/file/901284810daf81a6130eda3d35878acbf84af10324bedc4e1ea8059f15cb665b/analysis/1457023657/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678e-5a48-4905-8af9-4b7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:54.000Z",
"modified": "2016-03-16T14:02:54.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 073889fe855f401c3c4cc548bc08c502",
"pattern": "[file:hashes.SHA256 = '8afab5e9affcbee1249b40391bd1de97a27095637bf3a2951e72c710787c05c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9678f-00c8-4bf5-8404-4e1c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:55.000Z",
"modified": "2016-03-16T14:02:55.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 073889fe855f401c3c4cc548bc08c502",
"pattern": "[file:hashes.SHA1 = 'df53bf25693b02a5cfb26c7b3a81b1564d5aac8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9678f-7560-402f-88ca-45e002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:55.000Z",
"modified": "2016-03-16T14:02:55.000Z",
"first_observed": "2016-03-16T14:02:55Z",
"last_observed": "2016-03-16T14:02:55Z",
"number_observed": 1,
"object_refs": [
"url--56e9678f-7560-402f-88ca-45e002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9678f-7560-402f-88ca-45e002de0b81",
"value": "https://www.virustotal.com/file/8afab5e9affcbee1249b40391bd1de97a27095637bf3a2951e72c710787c05c7/analysis/1457677149/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96790-182c-4db5-82bf-48bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:56.000Z",
"modified": "2016-03-16T14:02:56.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: df6be8accc487bf63260aacf5e582fe2",
"pattern": "[file:hashes.SHA256 = 'c254e35f28045b68249b57b5d09942fee823a3e459d7f47b0ccb1b3b3b9f419f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96791-f628-4086-900b-424f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:57.000Z",
"modified": "2016-03-16T14:02:57.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: df6be8accc487bf63260aacf5e582fe2",
"pattern": "[file:hashes.SHA1 = '4fe5eb02299fbbca4157e6e8b414f8a575a465d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96791-ac2c-437c-85bb-4c7f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:57.000Z",
"modified": "2016-03-16T14:02:57.000Z",
"first_observed": "2016-03-16T14:02:57Z",
"last_observed": "2016-03-16T14:02:57Z",
"number_observed": 1,
"object_refs": [
"url--56e96791-ac2c-437c-85bb-4c7f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96791-ac2c-437c-85bb-4c7f02de0b81",
"value": "https://www.virustotal.com/file/c254e35f28045b68249b57b5d09942fee823a3e459d7f47b0ccb1b3b3b9f419f/analysis/1457023656/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96792-527c-4c10-94ff-4d8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:58.000Z",
"modified": "2016-03-16T14:02:58.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 9fcc3e18b9c0bd7380325f24a4623439",
"pattern": "[file:hashes.SHA256 = '180925df10e301723d51700e3b62c28a323c6b25d1e62fd6ce3ee3a431b4401c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96792-368c-47ec-af50-4f4302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:58.000Z",
"modified": "2016-03-16T14:02:58.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 9fcc3e18b9c0bd7380325f24a4623439",
"pattern": "[file:hashes.SHA1 = '5ab950210e46a2aa600844e2168b8acb9c1a1780']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96792-9b9c-4de5-98a8-456502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:58.000Z",
"modified": "2016-03-16T14:02:58.000Z",
"first_observed": "2016-03-16T14:02:58Z",
"last_observed": "2016-03-16T14:02:58Z",
"number_observed": 1,
"object_refs": [
"url--56e96792-9b9c-4de5-98a8-456502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96792-9b9c-4de5-98a8-456502de0b81",
"value": "https://www.virustotal.com/file/180925df10e301723d51700e3b62c28a323c6b25d1e62fd6ce3ee3a431b4401c/analysis/1457502881/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96793-246c-4ff2-9236-46e502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:59.000Z",
"modified": "2016-03-16T14:02:59.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 9b3cb979b1397a4a13ea62dbf46510d8",
"pattern": "[file:hashes.SHA256 = 'ae8bc3e3663e8c17eae7cea68b4c1eede0fff2866b2f23b239c8f967c1e92974']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96793-d9dc-4fc8-aca5-4fb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:02:59.000Z",
"modified": "2016-03-16T14:02:59.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 9b3cb979b1397a4a13ea62dbf46510d8",
"pattern": "[file:hashes.SHA1 = '589c1709d8f72e2e07537cf3627313dc12b6a232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:02:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96794-ab00-4a10-a418-482b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:00.000Z",
"modified": "2016-03-16T14:03:00.000Z",
"first_observed": "2016-03-16T14:03:00Z",
"last_observed": "2016-03-16T14:03:00Z",
"number_observed": 1,
"object_refs": [
"url--56e96794-ab00-4a10-a418-482b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96794-ab00-4a10-a418-482b02de0b81",
"value": "https://www.virustotal.com/file/ae8bc3e3663e8c17eae7cea68b4c1eede0fff2866b2f23b239c8f967c1e92974/analysis/1450725551/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96794-c600-460b-a9ca-4d2702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:00.000Z",
"modified": "2016-03-16T14:03:00.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 723d85f905588f092edf8691c1095fdb",
"pattern": "[file:hashes.SHA256 = '1f8518dc6ff3544f02317f8c12ea8615dfbb74e13e48a2852bda317db34e701e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96795-cb0c-49b9-89b0-4a9902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:01.000Z",
"modified": "2016-03-16T14:03:01.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 723d85f905588f092edf8691c1095fdb",
"pattern": "[file:hashes.SHA1 = 'd2013963df9f1a7bef37e4bc0893819c0b875612']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96795-f988-4302-85ad-44c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:01.000Z",
"modified": "2016-03-16T14:03:01.000Z",
"first_observed": "2016-03-16T14:03:01Z",
"last_observed": "2016-03-16T14:03:01Z",
"number_observed": 1,
"object_refs": [
"url--56e96795-f988-4302-85ad-44c802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96795-f988-4302-85ad-44c802de0b81",
"value": "https://www.virustotal.com/file/1f8518dc6ff3544f02317f8c12ea8615dfbb74e13e48a2852bda317db34e701e/analysis/1453902580/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96796-55a4-4781-979e-4cd902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:02.000Z",
"modified": "2016-03-16T14:03:02.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 65f6143d69cb1246a117a704e9f07fdc",
"pattern": "[file:hashes.SHA256 = '82a82c5e89825d8c84216d579c9dde9e42a125a8394de60f682e4c2474498ba8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96796-6884-4d23-b091-4f6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:02.000Z",
"modified": "2016-03-16T14:03:02.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 65f6143d69cb1246a117a704e9f07fdc",
"pattern": "[file:hashes.SHA1 = 'c1740206e858bc8526553c7eab8fdf3ec4cfb92c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96797-2e20-41af-be60-480302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:03.000Z",
"modified": "2016-03-16T14:03:03.000Z",
"first_observed": "2016-03-16T14:03:03Z",
"last_observed": "2016-03-16T14:03:03Z",
"number_observed": 1,
"object_refs": [
"url--56e96797-2e20-41af-be60-480302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96797-2e20-41af-be60-480302de0b81",
"value": "https://www.virustotal.com/file/82a82c5e89825d8c84216d579c9dde9e42a125a8394de60f682e4c2474498ba8/analysis/1457677394/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96797-0214-4664-91e2-43bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:03.000Z",
"modified": "2016-03-16T14:03:03.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 43b39b40605afb9d2624f1cede6b48a8",
"pattern": "[file:hashes.SHA256 = 'd408c3394cd27d60a14aea5c008a88e83ba4f98a88e6ceda91476ef8385e02c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96797-a588-4916-81b1-459c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:03.000Z",
"modified": "2016-03-16T14:03:03.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 43b39b40605afb9d2624f1cede6b48a8",
"pattern": "[file:hashes.SHA1 = '0565cd40ef3c244001c6db1f2169257169486392']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96798-b534-4bd2-8275-456f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:04.000Z",
"modified": "2016-03-16T14:03:04.000Z",
"first_observed": "2016-03-16T14:03:04Z",
"last_observed": "2016-03-16T14:03:04Z",
"number_observed": 1,
"object_refs": [
"url--56e96798-b534-4bd2-8275-456f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96798-b534-4bd2-8275-456f02de0b81",
"value": "https://www.virustotal.com/file/d408c3394cd27d60a14aea5c008a88e83ba4f98a88e6ceda91476ef8385e02c2/analysis/1457023655/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96798-df58-4a27-befe-48c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:04.000Z",
"modified": "2016-03-16T14:03:04.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 2d6d0dbd8ac7c941d78ba14289a7ab9d",
"pattern": "[file:hashes.SHA256 = 'e75bfa3a577483ea019ee51a2650c532fd6f234ccc12e93e9512d24a0b094272']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96798-7b68-417b-b66f-47bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:04.000Z",
"modified": "2016-03-16T14:03:04.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 2d6d0dbd8ac7c941d78ba14289a7ab9d",
"pattern": "[file:hashes.SHA1 = 'aee445698df36b377b914912f5acd1c44b31aae2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96798-b6c4-4199-8c51-41c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:04.000Z",
"modified": "2016-03-16T14:03:04.000Z",
"first_observed": "2016-03-16T14:03:04Z",
"last_observed": "2016-03-16T14:03:04Z",
"number_observed": 1,
"object_refs": [
"url--56e96798-b6c4-4199-8c51-41c202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96798-b6c4-4199-8c51-41c202de0b81",
"value": "https://www.virustotal.com/file/e75bfa3a577483ea019ee51a2650c532fd6f234ccc12e93e9512d24a0b094272/analysis/1457023654/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96799-cadc-403f-96fa-4ebf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:05.000Z",
"modified": "2016-03-16T14:03:05.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 1911c1234cc2918273baeffd7d37392e",
"pattern": "[file:hashes.SHA256 = '6df82c49ba1f37d76a88e118d14c5ade2985df33c61203d0c41be100d686a0a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96799-cf6c-44a2-ae71-45a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:05.000Z",
"modified": "2016-03-16T14:03:05.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 1911c1234cc2918273baeffd7d37392e",
"pattern": "[file:hashes.SHA1 = '22d17d69947933c7b107aab19fa6575f78bb9bf0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e96799-4a2c-4824-9e47-4f5802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:05.000Z",
"modified": "2016-03-16T14:03:05.000Z",
"first_observed": "2016-03-16T14:03:05Z",
"last_observed": "2016-03-16T14:03:05Z",
"number_observed": 1,
"object_refs": [
"url--56e96799-4a2c-4824-9e47-4f5802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e96799-4a2c-4824-9e47-4f5802de0b81",
"value": "https://www.virustotal.com/file/6df82c49ba1f37d76a88e118d14c5ade2985df33c61203d0c41be100d686a0a2/analysis/1457288188/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e96799-f4bc-4cce-9472-435102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:05.000Z",
"modified": "2016-03-16T14:03:05.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0ad849121b4656a239e85379948e5f5d",
"pattern": "[file:hashes.SHA256 = 'd611e5fc28b7de9d560de544b14542ba667214d53d0969046872d9309f1d3325']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679a-52dc-4f6a-97c0-470302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:06.000Z",
"modified": "2016-03-16T14:03:06.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 0ad849121b4656a239e85379948e5f5d",
"pattern": "[file:hashes.SHA1 = '4382d38acfd62bddd6858393b3d47cecde7e3d6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9679a-8188-49f6-a2e7-449902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:06.000Z",
"modified": "2016-03-16T14:03:06.000Z",
"first_observed": "2016-03-16T14:03:06Z",
"last_observed": "2016-03-16T14:03:06Z",
"number_observed": 1,
"object_refs": [
"url--56e9679a-8188-49f6-a2e7-449902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9679a-8188-49f6-a2e7-449902de0b81",
"value": "https://www.virustotal.com/file/d611e5fc28b7de9d560de544b14542ba667214d53d0969046872d9309f1d3325/analysis/1456148017/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679a-88f4-4c2c-8d5c-4dcf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:06.000Z",
"modified": "2016-03-16T14:03:06.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 07defabf004c891ae836de91260e6c82",
"pattern": "[file:hashes.SHA256 = '7b3e71c2a0c0d725e13244e976a19a3661471ced667af58b22ad70671baea0fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679b-40a0-4d6c-85a3-434302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:07.000Z",
"modified": "2016-03-16T14:03:07.000Z",
"description": "Crimson SecApp Samples - Xchecked via VT: 07defabf004c891ae836de91260e6c82",
"pattern": "[file:hashes.SHA1 = 'fd9622452d02c6d84532b51b3599f2015301371d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9679b-2654-41d9-8f16-44c502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:07.000Z",
"modified": "2016-03-16T14:03:07.000Z",
"first_observed": "2016-03-16T14:03:07Z",
"last_observed": "2016-03-16T14:03:07Z",
"number_observed": 1,
"object_refs": [
"url--56e9679b-2654-41d9-8f16-44c502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9679b-2654-41d9-8f16-44c502de0b81",
"value": "https://www.virustotal.com/file/7b3e71c2a0c0d725e13244e976a19a3661471ced667af58b22ad70671baea0fe/analysis/1457502307/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679b-78dc-4365-ac70-4b0602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:07.000Z",
"modified": "2016-03-16T14:03:07.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: eee91d8de7ea7c0ac3372f65c43e916a",
"pattern": "[file:hashes.SHA256 = '42fd86674abbc793aa1baeae6bc67d6d565dd95f730e8ed7b4311603a9381c81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679b-cc5c-44fa-811d-41b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:07.000Z",
"modified": "2016-03-16T14:03:07.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: eee91d8de7ea7c0ac3372f65c43e916a",
"pattern": "[file:hashes.SHA1 = 'cacb10f08b6c3fa72a7cf03f163a4acde97f6eb0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9679c-4c5c-4aec-afb6-404802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:08.000Z",
"modified": "2016-03-16T14:03:08.000Z",
"first_observed": "2016-03-16T14:03:08Z",
"last_observed": "2016-03-16T14:03:08Z",
"number_observed": 1,
"object_refs": [
"url--56e9679c-4c5c-4aec-afb6-404802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9679c-4c5c-4aec-afb6-404802de0b81",
"value": "https://www.virustotal.com/file/42fd86674abbc793aa1baeae6bc67d6d565dd95f730e8ed7b4311603a9381c81/analysis/1455198981/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679c-f638-4994-bdfe-491602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:08.000Z",
"modified": "2016-03-16T14:03:08.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: e456d6035e41962a4e49345b00393dcd",
"pattern": "[file:hashes.SHA256 = '4fb7d5887a8305738abf81fd51d585cc0ab3816e7a54da57591797bbefab7509']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679c-0cec-45ca-ae68-4ba202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:08.000Z",
"modified": "2016-03-16T14:03:08.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: e456d6035e41962a4e49345b00393dcd",
"pattern": "[file:hashes.SHA1 = '281ebc259e96531d4512b5ee9c5d4dc646feda2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9679d-5fcc-4b83-8be7-451e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:09.000Z",
"modified": "2016-03-16T14:03:09.000Z",
"first_observed": "2016-03-16T14:03:09Z",
"last_observed": "2016-03-16T14:03:09Z",
"number_observed": 1,
"object_refs": [
"url--56e9679d-5fcc-4b83-8be7-451e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9679d-5fcc-4b83-8be7-451e02de0b81",
"value": "https://www.virustotal.com/file/4fb7d5887a8305738abf81fd51d585cc0ab3816e7a54da57591797bbefab7509/analysis/1457023644/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679d-be78-4048-944d-40a302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:09.000Z",
"modified": "2016-03-16T14:03:09.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: e3254ad0275370f92cffeacbf603a905",
"pattern": "[file:hashes.SHA256 = 'e118b8d19e37abe57ff37d7a0ec4124f278db1b7aba76ace721f05de0609df6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679d-71d0-4de2-98ce-45cc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:09.000Z",
"modified": "2016-03-16T14:03:09.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: e3254ad0275370f92cffeacbf603a905",
"pattern": "[file:hashes.SHA1 = 'f4a093e1f058f8baf721fbd38f072b9eb5d3257b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9679e-78e8-4225-b332-4b0d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:10.000Z",
"modified": "2016-03-16T14:03:10.000Z",
"first_observed": "2016-03-16T14:03:10Z",
"last_observed": "2016-03-16T14:03:10Z",
"number_observed": 1,
"object_refs": [
"url--56e9679e-78e8-4225-b332-4b0d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9679e-78e8-4225-b332-4b0d02de0b81",
"value": "https://www.virustotal.com/file/e118b8d19e37abe57ff37d7a0ec4124f278db1b7aba76ace721f05de0609df6e/analysis/1457503335/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679e-fa74-4749-b5e3-468a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:10.000Z",
"modified": "2016-03-16T14:03:10.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: df6b3946d1064f37d1b99f7bfae51203",
"pattern": "[file:hashes.SHA256 = '6a7ab6636f0fac6c917dbe8107615d5078b39b74a39f5139d41499d9cb1d46c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679e-9390-43c4-9d6c-4d9302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:10.000Z",
"modified": "2016-03-16T14:03:10.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: df6b3946d1064f37d1b99f7bfae51203",
"pattern": "[file:hashes.SHA1 = '2cbe876363fd55bc228fdafd96dd635e94d1cd04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9679e-25bc-43de-89f6-46dc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:10.000Z",
"modified": "2016-03-16T14:03:10.000Z",
"first_observed": "2016-03-16T14:03:10Z",
"last_observed": "2016-03-16T14:03:10Z",
"number_observed": 1,
"object_refs": [
"url--56e9679e-25bc-43de-89f6-46dc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9679e-25bc-43de-89f6-46dc02de0b81",
"value": "https://www.virustotal.com/file/6a7ab6636f0fac6c917dbe8107615d5078b39b74a39f5139d41499d9cb1d46c2/analysis/1451300361/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679f-d8c0-4e83-b17f-4dc202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:11.000Z",
"modified": "2016-03-16T14:03:11.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: dac4f8ba3190cfa1f813e79864a73fe1",
"pattern": "[file:hashes.SHA256 = 'c130b2c00964cbfc943c25fca131de6ba5885ff5d4d5c33ff1c3821cd0e7da8b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679f-0614-422f-b146-46ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:11.000Z",
"modified": "2016-03-16T14:03:11.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: dac4f8ba3190cfa1f813e79864a73fe1",
"pattern": "[file:hashes.SHA1 = '4a64a953fd1b6903b0550b76bf35316bf5d34c98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e9679f-a164-4ac9-a59b-4dfe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:11.000Z",
"modified": "2016-03-16T14:03:11.000Z",
"first_observed": "2016-03-16T14:03:11Z",
"last_observed": "2016-03-16T14:03:11Z",
"number_observed": 1,
"object_refs": [
"url--56e9679f-a164-4ac9-a59b-4dfe02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e9679f-a164-4ac9-a59b-4dfe02de0b81",
"value": "https://www.virustotal.com/file/c130b2c00964cbfc943c25fca131de6ba5885ff5d4d5c33ff1c3821cd0e7da8b/analysis/1457955140/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e9679f-1680-43e7-8882-4b0802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:11.000Z",
"modified": "2016-03-16T14:03:11.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: ca27cefe404821ccd8dc695da55102e8",
"pattern": "[file:hashes.SHA256 = 'ca06db0d34fefb5c881fbd86ed30d1a4e3a8ba9c890551949eb748c1180a136e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a0-1ec8-4e26-b42d-4a4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:12.000Z",
"modified": "2016-03-16T14:03:12.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: ca27cefe404821ccd8dc695da55102e8",
"pattern": "[file:hashes.SHA1 = 'e446c0496acc5a3a0fafcced0f52850324023c38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a0-178c-4c89-812c-4eeb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:12.000Z",
"modified": "2016-03-16T14:03:12.000Z",
"first_observed": "2016-03-16T14:03:12Z",
"last_observed": "2016-03-16T14:03:12Z",
"number_observed": 1,
"object_refs": [
"url--56e967a0-178c-4c89-812c-4eeb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a0-178c-4c89-812c-4eeb02de0b81",
"value": "https://www.virustotal.com/file/ca06db0d34fefb5c881fbd86ed30d1a4e3a8ba9c890551949eb748c1180a136e/analysis/1457023653/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a0-4f8c-4356-adb7-444202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:12.000Z",
"modified": "2016-03-16T14:03:12.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: c61061a40dba411b839fe631299c267a",
"pattern": "[file:hashes.SHA256 = '0a7d73216cbbd156abb9b3a21a65b3070a21ffb643e220e7ca24c01e5e9c23dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a1-4c68-4777-95dd-467602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:13.000Z",
"modified": "2016-03-16T14:03:13.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: c61061a40dba411b839fe631299c267a",
"pattern": "[file:hashes.SHA1 = 'fd199ac1a097bb0e5efc67d7d80f18ffef9e488a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a1-5134-4eb5-a0b7-46e002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:13.000Z",
"modified": "2016-03-16T14:03:13.000Z",
"first_observed": "2016-03-16T14:03:13Z",
"last_observed": "2016-03-16T14:03:13Z",
"number_observed": 1,
"object_refs": [
"url--56e967a1-5134-4eb5-a0b7-46e002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a1-5134-4eb5-a0b7-46e002de0b81",
"value": "https://www.virustotal.com/file/0a7d73216cbbd156abb9b3a21a65b3070a21ffb643e220e7ca24c01e5e9c23dc/analysis/1444714358/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a1-db64-441f-94bc-49f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:13.000Z",
"modified": "2016-03-16T14:03:13.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: bf1400105c97a28fefd33d8c0df5d4c1",
"pattern": "[file:hashes.SHA256 = '5f688cf7b9b960d15f208ebd6af7614f2b7793cdb7f5766074f525d8ed007278']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a1-6c0c-499a-93e7-404202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:13.000Z",
"modified": "2016-03-16T14:03:13.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: bf1400105c97a28fefd33d8c0df5d4c1",
"pattern": "[file:hashes.SHA1 = '1ff42d996489812602d65f9eb7433c8018b17acc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a2-b9bc-40dc-a18a-401002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:14.000Z",
"modified": "2016-03-16T14:03:14.000Z",
"first_observed": "2016-03-16T14:03:14Z",
"last_observed": "2016-03-16T14:03:14Z",
"number_observed": 1,
"object_refs": [
"url--56e967a2-b9bc-40dc-a18a-401002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a2-b9bc-40dc-a18a-401002de0b81",
"value": "https://www.virustotal.com/file/5f688cf7b9b960d15f208ebd6af7614f2b7793cdb7f5766074f525d8ed007278/analysis/1453218333/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a2-2d8c-450f-a2b3-439602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:14.000Z",
"modified": "2016-03-16T14:03:14.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: b8098acf09d121ab298351f0c804ef8b",
"pattern": "[file:hashes.SHA256 = '9c9951f90355f7b9ddb7355fa9c813c326bf4ae4cc895d1c9eb31de48cb36417']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a2-b698-4b29-ae89-49e002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:14.000Z",
"modified": "2016-03-16T14:03:14.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: b8098acf09d121ab298351f0c804ef8b",
"pattern": "[file:hashes.SHA1 = 'b108de03dfc7568d090c4614d12636b53470ba51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a2-e010-4820-9d7d-4b0e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:14.000Z",
"modified": "2016-03-16T14:03:14.000Z",
"first_observed": "2016-03-16T14:03:14Z",
"last_observed": "2016-03-16T14:03:14Z",
"number_observed": 1,
"object_refs": [
"url--56e967a2-e010-4820-9d7d-4b0e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a2-e010-4820-9d7d-4b0e02de0b81",
"value": "https://www.virustotal.com/file/9c9951f90355f7b9ddb7355fa9c813c326bf4ae4cc895d1c9eb31de48cb36417/analysis/1457023653/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a3-6d78-414e-b438-411002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:15.000Z",
"modified": "2016-03-16T14:03:15.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: b67411da3ddfcae9f2a20935619e5c4a",
"pattern": "[file:hashes.SHA256 = '486c073aec65fc0d8db15e0695f1a88a0c852768884d6762b71feeb583222ab0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a3-0d5c-4ea3-bb2a-48bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:15.000Z",
"modified": "2016-03-16T14:03:15.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: b67411da3ddfcae9f2a20935619e5c4a",
"pattern": "[file:hashes.SHA1 = 'f65267bbe931af66e5f50d3df8383ac6614782ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a3-1e5c-460c-b616-4a3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:15.000Z",
"modified": "2016-03-16T14:03:15.000Z",
"first_observed": "2016-03-16T14:03:15Z",
"last_observed": "2016-03-16T14:03:15Z",
"number_observed": 1,
"object_refs": [
"url--56e967a3-1e5c-460c-b616-4a3c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a3-1e5c-460c-b616-4a3c02de0b81",
"value": "https://www.virustotal.com/file/486c073aec65fc0d8db15e0695f1a88a0c852768884d6762b71feeb583222ab0/analysis/1457503099/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a4-c3a0-48ef-940a-4cf002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:16.000Z",
"modified": "2016-03-16T14:03:16.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: ac637313520ca159a02d674474d341ef",
"pattern": "[file:hashes.SHA256 = '9c60ae5309f1f70035eea7446365d8ee678aad77ec47403ea1fb2471a606e28d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a4-c390-43d1-aa88-404d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:16.000Z",
"modified": "2016-03-16T14:03:16.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: ac637313520ca159a02d674474d341ef",
"pattern": "[file:hashes.SHA1 = 'd460fc473b334128b18d98e3c534ae7fef2114fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a4-c3cc-4b5c-be09-459602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:16.000Z",
"modified": "2016-03-16T14:03:16.000Z",
"first_observed": "2016-03-16T14:03:16Z",
"last_observed": "2016-03-16T14:03:16Z",
"number_observed": 1,
"object_refs": [
"url--56e967a4-c3cc-4b5c-be09-459602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a4-c3cc-4b5c-be09-459602de0b81",
"value": "https://www.virustotal.com/file/9c60ae5309f1f70035eea7446365d8ee678aad77ec47403ea1fb2471a606e28d/analysis/1441216198/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a4-1ef4-4ccc-a237-43b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:16.000Z",
"modified": "2016-03-16T14:03:16.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 94770186027a0ccdf733b72894a0c7d0",
"pattern": "[file:hashes.SHA256 = '088b89e6cc86ef074a3edacc6d47096137e88a6d8d69669e637f33abcc9d0a8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a5-2e18-4ab3-bec7-4fd202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:17.000Z",
"modified": "2016-03-16T14:03:17.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 94770186027a0ccdf733b72894a0c7d0",
"pattern": "[file:hashes.SHA1 = '61bde2a0796b74c8f4dc53f58d86c71f2bec92c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a5-9dc4-4c89-8f6a-4ffe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:17.000Z",
"modified": "2016-03-16T14:03:17.000Z",
"first_observed": "2016-03-16T14:03:17Z",
"last_observed": "2016-03-16T14:03:17Z",
"number_observed": 1,
"object_refs": [
"url--56e967a5-9dc4-4c89-8f6a-4ffe02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a5-9dc4-4c89-8f6a-4ffe02de0b81",
"value": "https://www.virustotal.com/file/088b89e6cc86ef074a3edacc6d47096137e88a6d8d69669e637f33abcc9d0a8c/analysis/1457677480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a5-b5d8-42eb-86ae-441102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:17.000Z",
"modified": "2016-03-16T14:03:17.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 85e2c950ddb18fe1dd18709cfbb9b203",
"pattern": "[file:hashes.SHA256 = 'f0e5e130852f91d815632d159ce1979ba997a14af9c26d164ead9f6c2bb71854']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a5-1828-4801-89c1-44d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:17.000Z",
"modified": "2016-03-16T14:03:17.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 85e2c950ddb18fe1dd18709cfbb9b203",
"pattern": "[file:hashes.SHA1 = '1d60df4bfc085d512307dcc81f95e9cb9d366708']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a6-f7b8-4879-989d-445102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:18.000Z",
"modified": "2016-03-16T14:03:18.000Z",
"first_observed": "2016-03-16T14:03:18Z",
"last_observed": "2016-03-16T14:03:18Z",
"number_observed": 1,
"object_refs": [
"url--56e967a6-f7b8-4879-989d-445102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a6-f7b8-4879-989d-445102de0b81",
"value": "https://www.virustotal.com/file/f0e5e130852f91d815632d159ce1979ba997a14af9c26d164ead9f6c2bb71854/analysis/1457023652/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a6-8de4-4ab3-8060-4d5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:18.000Z",
"modified": "2016-03-16T14:03:18.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 83a8ce707e625e977d54408ca747fa29",
"pattern": "[file:hashes.SHA256 = '3f3ce0a46fa764a24a196b8bc2e5df05824f15b7a9450acbd6f380aa6c5212da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a6-79f8-4bcd-98a1-442c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:18.000Z",
"modified": "2016-03-16T14:03:18.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 83a8ce707e625e977d54408ca747fa29",
"pattern": "[file:hashes.SHA1 = 'f64d2ece37e07a938741603207b3ef55db4ece58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a7-c598-4d14-a1bf-41a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:19.000Z",
"modified": "2016-03-16T14:03:19.000Z",
"first_observed": "2016-03-16T14:03:19Z",
"last_observed": "2016-03-16T14:03:19Z",
"number_observed": 1,
"object_refs": [
"url--56e967a7-c598-4d14-a1bf-41a802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a7-c598-4d14-a1bf-41a802de0b81",
"value": "https://www.virustotal.com/file/3f3ce0a46fa764a24a196b8bc2e5df05824f15b7a9450acbd6f380aa6c5212da/analysis/1458051382/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a7-67d0-45df-b84a-486f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:19.000Z",
"modified": "2016-03-16T14:03:19.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 803d2758c3b89882e2d41867768d7b15",
"pattern": "[file:hashes.SHA256 = 'fe515a4689e39592af94244c1a3a6e07d20b6d7b579afbe16899e1db0f6d4552']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a7-92c4-41e9-baf9-4ac202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:19.000Z",
"modified": "2016-03-16T14:03:19.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 803d2758c3b89882e2d41867768d7b15",
"pattern": "[file:hashes.SHA1 = '09677190e7b52c6ff5a81d164f9b806ac0d43d9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a7-95bc-4f46-b3f2-462c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:19.000Z",
"modified": "2016-03-16T14:03:19.000Z",
"first_observed": "2016-03-16T14:03:19Z",
"last_observed": "2016-03-16T14:03:19Z",
"number_observed": 1,
"object_refs": [
"url--56e967a7-95bc-4f46-b3f2-462c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a7-95bc-4f46-b3f2-462c02de0b81",
"value": "https://www.virustotal.com/file/fe515a4689e39592af94244c1a3a6e07d20b6d7b579afbe16899e1db0f6d4552/analysis/1457677443/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a8-6a60-4b33-b7d2-4c5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:20.000Z",
"modified": "2016-03-16T14:03:20.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 7a6b88e43cccc8133c066b87f72c53f7",
"pattern": "[file:hashes.SHA256 = '90c51f81c853a6433fbb400d17e64affc7cb3e7e79d0f7cd1ff3906c286dd30f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a8-b600-4450-af66-454d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:20.000Z",
"modified": "2016-03-16T14:03:20.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 7a6b88e43cccc8133c066b87f72c53f7",
"pattern": "[file:hashes.SHA1 = 'c4391a5f142e054456e20b71c0eb86709a905d5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a8-5d98-488b-b960-4b8002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:20.000Z",
"modified": "2016-03-16T14:03:20.000Z",
"first_observed": "2016-03-16T14:03:20Z",
"last_observed": "2016-03-16T14:03:20Z",
"number_observed": 1,
"object_refs": [
"url--56e967a8-5d98-488b-b960-4b8002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a8-5d98-488b-b960-4b8002de0b81",
"value": "https://www.virustotal.com/file/90c51f81c853a6433fbb400d17e64affc7cb3e7e79d0f7cd1ff3906c286dd30f/analysis/1447235762/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a9-9ed0-4b60-bdaf-4c5102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:20.000Z",
"modified": "2016-03-16T14:03:20.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 796ae0b75c0e0b08ea84668495df4070",
"pattern": "[file:hashes.SHA256 = 'dc7dfbdcbc85a53687aab5badf1ba72a3de0f4f408ee1d6a617e70f8a0366093']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a9-94ec-49f1-a691-4c8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:21.000Z",
"modified": "2016-03-16T14:03:21.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 796ae0b75c0e0b08ea84668495df4070",
"pattern": "[file:hashes.SHA1 = 'c38b85c1eac3beacd7cb7841202376b15ac90d8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967a9-b624-4ae5-bedb-436902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:21.000Z",
"modified": "2016-03-16T14:03:21.000Z",
"first_observed": "2016-03-16T14:03:21Z",
"last_observed": "2016-03-16T14:03:21Z",
"number_observed": 1,
"object_refs": [
"url--56e967a9-b624-4ae5-bedb-436902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967a9-b624-4ae5-bedb-436902de0b81",
"value": "https://www.virustotal.com/file/dc7dfbdcbc85a53687aab5badf1ba72a3de0f4f408ee1d6a617e70f8a0366093/analysis/1457677431/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967a9-7bb8-4c65-8221-4e2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:21.000Z",
"modified": "2016-03-16T14:03:21.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 75b390dc72751a062e8106328450ef87",
"pattern": "[file:hashes.SHA256 = 'bc91b92518ba7222a26f7df7cb2c79c89c7f3fa6476dfc4dae6863e09c67d75a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967aa-cd7c-45fd-8b7d-441e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:22.000Z",
"modified": "2016-03-16T14:03:22.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 75b390dc72751a062e8106328450ef87",
"pattern": "[file:hashes.SHA1 = 'b187ebd2d440f70ea24e6a3421ed4ca842caf362']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967aa-7808-407f-b1c3-4acd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:22.000Z",
"modified": "2016-03-16T14:03:22.000Z",
"first_observed": "2016-03-16T14:03:22Z",
"last_observed": "2016-03-16T14:03:22Z",
"number_observed": 1,
"object_refs": [
"url--56e967aa-7808-407f-b1c3-4acd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967aa-7808-407f-b1c3-4acd02de0b81",
"value": "https://www.virustotal.com/file/bc91b92518ba7222a26f7df7cb2c79c89c7f3fa6476dfc4dae6863e09c67d75a/analysis/1457023651/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967aa-f760-41dc-80f7-480002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:22.000Z",
"modified": "2016-03-16T14:03:22.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 7289c160582f010a3c7dbd512c5d8a09",
"pattern": "[file:hashes.SHA256 = 'bb646023c9b9b910d8f6ba267d920ecf68e1d328be209770af284441f5799577']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967aa-9b38-4f9c-88f8-44fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:22.000Z",
"modified": "2016-03-16T14:03:22.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 7289c160582f010a3c7dbd512c5d8a09",
"pattern": "[file:hashes.SHA1 = 'ab34d19ffc9e31ee44b66243256354f192dd0120']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ab-90e8-474b-bbaf-440202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:23.000Z",
"modified": "2016-03-16T14:03:23.000Z",
"first_observed": "2016-03-16T14:03:23Z",
"last_observed": "2016-03-16T14:03:23Z",
"number_observed": 1,
"object_refs": [
"url--56e967ab-90e8-474b-bbaf-440202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ab-90e8-474b-bbaf-440202de0b81",
"value": "https://www.virustotal.com/file/bb646023c9b9b910d8f6ba267d920ecf68e1d328be209770af284441f5799577/analysis/1457677410/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ab-7138-4217-8ef6-4ea402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:23.000Z",
"modified": "2016-03-16T14:03:23.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6eb40b2e6a67a785d5cc6e4ad9102b5d",
"pattern": "[file:hashes.SHA256 = '2cb1404a9a348363296112fb70dbfb884da8a0bf931f5c7eca4660e1a7a2a3d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ab-aa20-4adf-9bbd-45b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:23.000Z",
"modified": "2016-03-16T14:03:23.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6eb40b2e6a67a785d5cc6e4ad9102b5d",
"pattern": "[file:hashes.SHA1 = '827b5d3288135128bfd7ba89bbbe99398f297513']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ac-1628-442e-bc75-490502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:24.000Z",
"modified": "2016-03-16T14:03:24.000Z",
"first_observed": "2016-03-16T14:03:24Z",
"last_observed": "2016-03-16T14:03:24Z",
"number_observed": 1,
"object_refs": [
"url--56e967ac-1628-442e-bc75-490502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ac-1628-442e-bc75-490502de0b81",
"value": "https://www.virustotal.com/file/2cb1404a9a348363296112fb70dbfb884da8a0bf931f5c7eca4660e1a7a2a3d3/analysis/1440765759/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ac-6a24-4260-8050-40ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:24.000Z",
"modified": "2016-03-16T14:03:24.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6d2442494c3019f1597256cbeb45e5f6",
"pattern": "[file:hashes.SHA256 = 'dc8bd60695070152c94cbeb5f61eca6e4309b8966f1aa9fdc2dd0ab754ad3e4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ac-7b80-417a-b3aa-40fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:24.000Z",
"modified": "2016-03-16T14:03:24.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6d2442494c3019f1597256cbeb45e5f6",
"pattern": "[file:hashes.SHA1 = '8b8541552023a6a43a7abfb10555eeeba6eb5962']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ac-fa28-4926-9360-4a8202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:24.000Z",
"modified": "2016-03-16T14:03:24.000Z",
"first_observed": "2016-03-16T14:03:24Z",
"last_observed": "2016-03-16T14:03:24Z",
"number_observed": 1,
"object_refs": [
"url--56e967ac-fa28-4926-9360-4a8202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ac-fa28-4926-9360-4a8202de0b81",
"value": "https://www.virustotal.com/file/dc8bd60695070152c94cbeb5f61eca6e4309b8966f1aa9fdc2dd0ab754ad3e4c/analysis/1457023650/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ad-7878-4a0d-861d-40a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:25.000Z",
"modified": "2016-03-16T14:03:25.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6c3b38bf90a203b2f7542d0359b8e60e",
"pattern": "[file:hashes.SHA256 = '1a87713da4005f37c669d7a6d78417634b06352b1aba6d9237a8afaf22e6b09f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ad-c59c-4483-8c38-461c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:25.000Z",
"modified": "2016-03-16T14:03:25.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 6c3b38bf90a203b2f7542d0359b8e60e",
"pattern": "[file:hashes.SHA1 = '08a93ca86a8770f5d971e78d018628428052292a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ad-1378-480f-ac91-486402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:25.000Z",
"modified": "2016-03-16T14:03:25.000Z",
"first_observed": "2016-03-16T14:03:25Z",
"last_observed": "2016-03-16T14:03:25Z",
"number_observed": 1,
"object_refs": [
"url--56e967ad-1378-480f-ac91-486402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ad-1378-480f-ac91-486402de0b81",
"value": "https://www.virustotal.com/file/1a87713da4005f37c669d7a6d78417634b06352b1aba6d9237a8afaf22e6b09f/analysis/1453359184/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ad-0c28-4c7e-a54c-46b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:25.000Z",
"modified": "2016-03-16T14:03:25.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5ff65fdefe144800e43a2f6cc6244c75",
"pattern": "[file:hashes.SHA256 = 'b0024a265d442cf070cbdf59d57c6ceda11a6341b593be12b240d36a8579a250']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ae-aafc-4066-9a91-42e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:26.000Z",
"modified": "2016-03-16T14:03:26.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5ff65fdefe144800e43a2f6cc6244c75",
"pattern": "[file:hashes.SHA1 = '989d5a345fa9ac97cc9ed50b40312c332a9c6511']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ae-f6a4-435a-8521-458002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:26.000Z",
"modified": "2016-03-16T14:03:26.000Z",
"first_observed": "2016-03-16T14:03:26Z",
"last_observed": "2016-03-16T14:03:26Z",
"number_observed": 1,
"object_refs": [
"url--56e967ae-f6a4-435a-8521-458002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ae-f6a4-435a-8521-458002de0b81",
"value": "https://www.virustotal.com/file/b0024a265d442cf070cbdf59d57c6ceda11a6341b593be12b240d36a8579a250/analysis/1457677381/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ae-4da8-4bd0-b01d-4bf802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:26.000Z",
"modified": "2016-03-16T14:03:26.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5d038817ffeab7715415d68d438af345",
"pattern": "[file:hashes.SHA256 = 'd541c249a98d852905273efeaa046db4dbc70ca0151fc70f1a8abd298191cb6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967af-aab8-4d51-a1ff-468602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:27.000Z",
"modified": "2016-03-16T14:03:27.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5d038817ffeab7715415d68d438af345",
"pattern": "[file:hashes.SHA1 = '05c654eb49c328f2e18ac9885cfc873c79121f26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967af-051c-4d5b-b329-453a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:27.000Z",
"modified": "2016-03-16T14:03:27.000Z",
"first_observed": "2016-03-16T14:03:27Z",
"last_observed": "2016-03-16T14:03:27Z",
"number_observed": 1,
"object_refs": [
"url--56e967af-051c-4d5b-b329-453a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967af-051c-4d5b-b329-453a02de0b81",
"value": "https://www.virustotal.com/file/d541c249a98d852905273efeaa046db4dbc70ca0151fc70f1a8abd298191cb6a/analysis/1457023650/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967af-1560-4859-8410-4e4d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:27.000Z",
"modified": "2016-03-16T14:03:27.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5c6b401979469040b39babb0469fc0c8",
"pattern": "[file:hashes.SHA256 = '4831a31eee39f94f1a7761ee09c9b994f01fe0912e7bc9945b1eec7c13e97528']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967af-4f98-4b92-a605-40cf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:27.000Z",
"modified": "2016-03-16T14:03:27.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5c6b401979469040b39babb0469fc0c8",
"pattern": "[file:hashes.SHA1 = '03045809cadd2c7dcac21b70728448a4a581712c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b0-04dc-4ecd-a612-4e7902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:28.000Z",
"modified": "2016-03-16T14:03:28.000Z",
"first_observed": "2016-03-16T14:03:28Z",
"last_observed": "2016-03-16T14:03:28Z",
"number_observed": 1,
"object_refs": [
"url--56e967b0-04dc-4ecd-a612-4e7902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b0-04dc-4ecd-a612-4e7902de0b81",
"value": "https://www.virustotal.com/file/4831a31eee39f94f1a7761ee09c9b994f01fe0912e7bc9945b1eec7c13e97528/analysis/1457023649/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b0-03f0-49e2-9f6a-491402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:28.000Z",
"modified": "2016-03-16T14:03:28.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5b6beb9ee6e604f4e474b8129e6135f4",
"pattern": "[file:hashes.SHA256 = '582ec7ab3f31b9d5ad45bc792e4097e6b4377cceabc7b626a548491b9ff8b406']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b0-6920-4c18-a6c8-438e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:28.000Z",
"modified": "2016-03-16T14:03:28.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 5b6beb9ee6e604f4e474b8129e6135f4",
"pattern": "[file:hashes.SHA1 = '40fd6d368bce6dcf6a933c6494d74f01a07587af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b0-da5c-4768-9983-450502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:28.000Z",
"modified": "2016-03-16T14:03:28.000Z",
"first_observed": "2016-03-16T14:03:28Z",
"last_observed": "2016-03-16T14:03:28Z",
"number_observed": 1,
"object_refs": [
"url--56e967b0-da5c-4768-9983-450502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b0-da5c-4768-9983-450502de0b81",
"value": "https://www.virustotal.com/file/582ec7ab3f31b9d5ad45bc792e4097e6b4377cceabc7b626a548491b9ff8b406/analysis/1457023649/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b1-50b8-49ee-9445-428002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:29.000Z",
"modified": "2016-03-16T14:03:29.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 535888163707b60c1a8dfefffad70635",
"pattern": "[file:hashes.SHA256 = '60b85eb25885b36cb8082259126c87e3bd48c2e1984ad1a70e2eeea6154c4da1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b1-bc58-4917-9a73-451f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:29.000Z",
"modified": "2016-03-16T14:03:29.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 535888163707b60c1a8dfefffad70635",
"pattern": "[file:hashes.SHA1 = '8e0a52600b925bcae62f273ff42b0518951184e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b1-f3b0-4a34-a868-476802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:29.000Z",
"modified": "2016-03-16T14:03:29.000Z",
"first_observed": "2016-03-16T14:03:29Z",
"last_observed": "2016-03-16T14:03:29Z",
"number_observed": 1,
"object_refs": [
"url--56e967b1-f3b0-4a34-a868-476802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b1-f3b0-4a34-a868-476802de0b81",
"value": "https://www.virustotal.com/file/60b85eb25885b36cb8082259126c87e3bd48c2e1984ad1a70e2eeea6154c4da1/analysis/1457677345/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b2-31f8-4a45-afce-4db602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:30.000Z",
"modified": "2016-03-16T14:03:30.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 41a0e4f9745e4bd5ad7b9d500deb76fa",
"pattern": "[file:hashes.SHA256 = '6ebce511f734ef292f88889c599b391ecbf5992eabc76a4c429270e98af4b299']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b2-b8b8-42b6-aeda-4a8d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:30.000Z",
"modified": "2016-03-16T14:03:30.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 41a0e4f9745e4bd5ad7b9d500deb76fa",
"pattern": "[file:hashes.SHA1 = 'df42097d95236bbad6d05839aa55a8bac68d26cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b2-760c-40f2-88e7-478102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:30.000Z",
"modified": "2016-03-16T14:03:30.000Z",
"first_observed": "2016-03-16T14:03:30Z",
"last_observed": "2016-03-16T14:03:30Z",
"number_observed": 1,
"object_refs": [
"url--56e967b2-760c-40f2-88e7-478102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b2-760c-40f2-88e7-478102de0b81",
"value": "https://www.virustotal.com/file/6ebce511f734ef292f88889c599b391ecbf5992eabc76a4c429270e98af4b299/analysis/1457023648/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b2-dad4-4c9c-b4aa-40a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:30.000Z",
"modified": "2016-03-16T14:03:30.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 3b08095786731c522f5649081f8dbb7e",
"pattern": "[file:hashes.SHA256 = '40945842f4cb5844b7b8aba26d30c7ed5b95f483b6df66ec4bb6e10f37092303']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b3-734c-4402-bcaf-495a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:31.000Z",
"modified": "2016-03-16T14:03:31.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 3b08095786731c522f5649081f8dbb7e",
"pattern": "[file:hashes.SHA1 = 'af076cb297b7ffc4c7a71b645e0584fe4a6a9712']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b3-7c84-4b4a-b6b7-4d6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:31.000Z",
"modified": "2016-03-16T14:03:31.000Z",
"first_observed": "2016-03-16T14:03:31Z",
"last_observed": "2016-03-16T14:03:31Z",
"number_observed": 1,
"object_refs": [
"url--56e967b3-7c84-4b4a-b6b7-4d6202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b3-7c84-4b4a-b6b7-4d6202de0b81",
"value": "https://www.virustotal.com/file/40945842f4cb5844b7b8aba26d30c7ed5b95f483b6df66ec4bb6e10f37092303/analysis/1457023649/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b3-b504-4891-bc47-43ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:31.000Z",
"modified": "2016-03-16T14:03:31.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 3a67ebcab5dc3563dc161fdc3c7fb161",
"pattern": "[file:hashes.SHA256 = '6a69cd7a2cb993994fccec7b7e99c5daa5ec8083ba887142cb0242031d7d4966']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b3-ae80-4cb3-801a-4e7802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:31.000Z",
"modified": "2016-03-16T14:03:31.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 3a67ebcab5dc3563dc161fdc3c7fb161",
"pattern": "[file:hashes.SHA1 = '58b7cdbf101fe762d34fa21a61b5896e6eb15b6f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b4-9300-473b-b297-407902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:32.000Z",
"modified": "2016-03-16T14:03:32.000Z",
"first_observed": "2016-03-16T14:03:32Z",
"last_observed": "2016-03-16T14:03:32Z",
"number_observed": 1,
"object_refs": [
"url--56e967b4-9300-473b-b297-407902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b4-9300-473b-b297-407902de0b81",
"value": "https://www.virustotal.com/file/6a69cd7a2cb993994fccec7b7e99c5daa5ec8083ba887142cb0242031d7d4966/analysis/1457677274/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b4-1914-4b21-b825-465602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:32.000Z",
"modified": "2016-03-16T14:03:32.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 34ad98510d4d6e24b7e38f27a24ad9f6",
"pattern": "[file:hashes.SHA256 = 'bd4e0a30d74f4537f29a6a603427489e1d3f7d6da030afc5c199fe6b1a4d271f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b4-4c90-4694-8751-412002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:32.000Z",
"modified": "2016-03-16T14:03:32.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 34ad98510d4d6e24b7e38f27a24ad9f6",
"pattern": "[file:hashes.SHA1 = '4aae973372d5eeaff5b1b1b9f53ed5cd2d3ea15e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b5-2924-4279-8263-45d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:33.000Z",
"modified": "2016-03-16T14:03:33.000Z",
"first_observed": "2016-03-16T14:03:33Z",
"last_observed": "2016-03-16T14:03:33Z",
"number_observed": 1,
"object_refs": [
"url--56e967b5-2924-4279-8263-45d602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b5-2924-4279-8263-45d602de0b81",
"value": "https://www.virustotal.com/file/bd4e0a30d74f4537f29a6a603427489e1d3f7d6da030afc5c199fe6b1a4d271f/analysis/1455193335/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b5-7e28-46f4-9619-406f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:33.000Z",
"modified": "2016-03-16T14:03:33.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 340f31a36e159e58595a375b8b0b37b2",
"pattern": "[file:hashes.SHA256 = 'c38f6542a2680afa1063a1c4ab2d4556a4d716ca4711d1565c02b3ba149fba2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b5-60fc-43cb-961c-431e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:33.000Z",
"modified": "2016-03-16T14:03:33.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 340f31a36e159e58595a375b8b0b37b2",
"pattern": "[file:hashes.SHA1 = '8a11fc94231f730d9a45a8a746069672d6beb138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b5-0ba4-46cc-9624-4f8702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:33.000Z",
"modified": "2016-03-16T14:03:33.000Z",
"first_observed": "2016-03-16T14:03:33Z",
"last_observed": "2016-03-16T14:03:33Z",
"number_observed": 1,
"object_refs": [
"url--56e967b5-0ba4-46cc-9624-4f8702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b5-0ba4-46cc-9624-4f8702de0b81",
"value": "https://www.virustotal.com/file/c38f6542a2680afa1063a1c4ab2d4556a4d716ca4711d1565c02b3ba149fba2c/analysis/1457023647/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b6-2db8-45a2-b237-42e202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:34.000Z",
"modified": "2016-03-16T14:03:34.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2c9cc5a8569ab7d06bb8f8d7cf7dc03a",
"pattern": "[file:hashes.SHA256 = 'ce8aa33c042ed777ab66721d9d387aefdfe7dd918f5100db67134acdc835952d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b6-067c-4655-a973-409b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:34.000Z",
"modified": "2016-03-16T14:03:34.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 2c9cc5a8569ab7d06bb8f8d7cf7dc03a",
"pattern": "[file:hashes.SHA1 = '7bb1f9eebc866752436af5ff0187194521e566a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b6-5f88-48b1-99c6-419402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:34.000Z",
"modified": "2016-03-16T14:03:34.000Z",
"first_observed": "2016-03-16T14:03:34Z",
"last_observed": "2016-03-16T14:03:34Z",
"number_observed": 1,
"object_refs": [
"url--56e967b6-5f88-48b1-99c6-419402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b6-5f88-48b1-99c6-419402de0b81",
"value": "https://www.virustotal.com/file/ce8aa33c042ed777ab66721d9d387aefdfe7dd918f5100db67134acdc835952d/analysis/1457600661/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b6-86d8-41e3-9313-44bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:34.000Z",
"modified": "2016-03-16T14:03:34.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 21fc043b31d22b5c3f5529db83e90422",
"pattern": "[file:hashes.SHA256 = '05aacd2eb90c77fd747e32148b4cc34dc9b0c1ee061cc6fd972428569285d546']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b7-e1f0-4bac-9202-46e502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:35.000Z",
"modified": "2016-03-16T14:03:35.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 21fc043b31d22b5c3f5529db83e90422",
"pattern": "[file:hashes.SHA1 = 'd2ea65b065a73cfacafc18ea293833318b9f2f25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b7-7750-443b-93c8-405402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:35.000Z",
"modified": "2016-03-16T14:03:35.000Z",
"first_observed": "2016-03-16T14:03:35Z",
"last_observed": "2016-03-16T14:03:35Z",
"number_observed": 1,
"object_refs": [
"url--56e967b7-7750-443b-93c8-405402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b7-7750-443b-93c8-405402de0b81",
"value": "https://www.virustotal.com/file/05aacd2eb90c77fd747e32148b4cc34dc9b0c1ee061cc6fd972428569285d546/analysis/1457677216/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b7-ae24-4e98-8196-477d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:35.000Z",
"modified": "2016-03-16T14:03:35.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 1af4df1382c04677050379ccdafcafd2",
"pattern": "[file:hashes.SHA256 = '934b8ba0d1adbc33f453dcfb9f469dd984387efcef06b03c2c4ce7e83485abf8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b8-55fc-4483-a2f7-403702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:36.000Z",
"modified": "2016-03-16T14:03:36.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 1af4df1382c04677050379ccdafcafd2",
"pattern": "[file:hashes.SHA1 = '9b70256ac43604d7f98319a4fb0cdf1f2414ff3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b8-d3bc-4e9c-9c97-4f9702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:36.000Z",
"modified": "2016-03-16T14:03:36.000Z",
"first_observed": "2016-03-16T14:03:36Z",
"last_observed": "2016-03-16T14:03:36Z",
"number_observed": 1,
"object_refs": [
"url--56e967b8-d3bc-4e9c-9c97-4f9702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b8-d3bc-4e9c-9c97-4f9702de0b81",
"value": "https://www.virustotal.com/file/934b8ba0d1adbc33f453dcfb9f469dd984387efcef06b03c2c4ce7e83485abf8/analysis/1454321269/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b8-f764-4020-92e8-487b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:36.000Z",
"modified": "2016-03-16T14:03:36.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 17dbd878985b78848d4a3a758a3ef89c",
"pattern": "[file:hashes.SHA256 = 'f4fe3854a8d06be608e46d3a13ce13cbbaf078959a6973673139ad2b686e2577']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b8-08ec-48f0-a11f-4cd702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:36.000Z",
"modified": "2016-03-16T14:03:36.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 17dbd878985b78848d4a3a758a3ef89c",
"pattern": "[file:hashes.SHA1 = 'f7944f404f5f29873c852d54d12acdfdb21ff6e5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b9-5494-4685-a41c-4a1902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:37.000Z",
"modified": "2016-03-16T14:03:37.000Z",
"first_observed": "2016-03-16T14:03:37Z",
"last_observed": "2016-03-16T14:03:37Z",
"number_observed": 1,
"object_refs": [
"url--56e967b9-5494-4685-a41c-4a1902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b9-5494-4685-a41c-4a1902de0b81",
"value": "https://www.virustotal.com/file/f4fe3854a8d06be608e46d3a13ce13cbbaf078959a6973673139ad2b686e2577/analysis/1457677191/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b9-0cf4-4aef-99dc-4b6f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:37.000Z",
"modified": "2016-03-16T14:03:37.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0ed7f485166796e10bcb9123de24d211",
"pattern": "[file:hashes.SHA256 = '4a9224b07d715556e1089fcaed3166b66269217780d6cdca74507f1b956b6b36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967b9-35b4-48ff-9ba3-45ad02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:37.000Z",
"modified": "2016-03-16T14:03:37.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0ed7f485166796e10bcb9123de24d211",
"pattern": "[file:hashes.SHA1 = 'f1697f5c53a682e10c99ec124a98cd609fb4215d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967b9-8334-4021-a66b-461402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:37.000Z",
"modified": "2016-03-16T14:03:37.000Z",
"first_observed": "2016-03-16T14:03:37Z",
"last_observed": "2016-03-16T14:03:37Z",
"number_observed": 1,
"object_refs": [
"url--56e967b9-8334-4021-a66b-461402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967b9-8334-4021-a66b-461402de0b81",
"value": "https://www.virustotal.com/file/4a9224b07d715556e1089fcaed3166b66269217780d6cdca74507f1b956b6b36/analysis/1457677161/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ba-07cc-4125-b0d7-44b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:38.000Z",
"modified": "2016-03-16T14:03:38.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0b651ef0eb7b919e91a2c5c5dbccd27e",
"pattern": "[file:hashes.SHA256 = '95a9643bbedc2145c9c8b60e36796dc4ebfeecd1bad00edd07c8fc720894bc7b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ba-b5fc-4020-bbd3-42d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:38.000Z",
"modified": "2016-03-16T14:03:38.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0b651ef0eb7b919e91a2c5c5dbccd27e",
"pattern": "[file:hashes.SHA1 = 'ce429271292095ca04f6231e1f403ad914db81b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ba-0f60-4abf-a6d9-4dea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:38.000Z",
"modified": "2016-03-16T14:03:38.000Z",
"first_observed": "2016-03-16T14:03:38Z",
"last_observed": "2016-03-16T14:03:38Z",
"number_observed": 1,
"object_refs": [
"url--56e967ba-0f60-4abf-a6d9-4dea02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ba-0f60-4abf-a6d9-4dea02de0b81",
"value": "https://www.virustotal.com/file/95a9643bbedc2145c9c8b60e36796dc4ebfeecd1bad00edd07c8fc720894bc7b/analysis/1453901915/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bb-8254-414a-95b1-4ce802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:39.000Z",
"modified": "2016-03-16T14:03:39.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0a8d414eb910eb4caeb96a648b70eef3",
"pattern": "[file:hashes.SHA256 = '29a5b5cce3804e231654d7c3d2007590c59e8ff5633593d767cef09f16457fe8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bb-00fc-4d46-a4b2-4d0802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:39.000Z",
"modified": "2016-03-16T14:03:39.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 0a8d414eb910eb4caeb96a648b70eef3",
"pattern": "[file:hashes.SHA1 = '800f620bc26ab12e8687e635186b35594137a9a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967bb-15ac-4023-ba80-4af002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:39.000Z",
"modified": "2016-03-16T14:03:39.000Z",
"first_observed": "2016-03-16T14:03:39Z",
"last_observed": "2016-03-16T14:03:39Z",
"number_observed": 1,
"object_refs": [
"url--56e967bb-15ac-4023-ba80-4af002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967bb-15ac-4023-ba80-4af002de0b81",
"value": "https://www.virustotal.com/file/29a5b5cce3804e231654d7c3d2007590c59e8ff5633593d767cef09f16457fe8/analysis/1442407995/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bb-6d94-4946-a7ba-493202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:39.000Z",
"modified": "2016-03-16T14:03:39.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 06c18c72f9f136bacc5c9b0d8fa93195",
"pattern": "[file:hashes.SHA256 = 'f972091af73ef029b1ea53c6dfad96dbe61c66fbd869b213644750ce9ffaf86b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bc-5d0c-4e38-88df-494002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:40.000Z",
"modified": "2016-03-16T14:03:40.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 06c18c72f9f136bacc5c9b0d8fa93195",
"pattern": "[file:hashes.SHA1 = '61c1f54434e373df9be0426dce5cabae4d46612f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967bc-35c0-46df-b209-46c102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:40.000Z",
"modified": "2016-03-16T14:03:40.000Z",
"first_observed": "2016-03-16T14:03:40Z",
"last_observed": "2016-03-16T14:03:40Z",
"number_observed": 1,
"object_refs": [
"url--56e967bc-35c0-46df-b209-46c102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967bc-35c0-46df-b209-46c102de0b81",
"value": "https://www.virustotal.com/file/f972091af73ef029b1ea53c6dfad96dbe61c66fbd869b213644750ce9ffaf86b/analysis/1456464580/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bc-1cf8-44df-9063-489a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:40.000Z",
"modified": "2016-03-16T14:03:40.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 052eb62056794a08a04f4cd61455602c",
"pattern": "[file:hashes.SHA256 = 'ab57298c39d88cb1296f53509214872bfb810317238b77aa8e5d8820f32c28cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bd-b3c4-4cfd-b962-4a4902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:41.000Z",
"modified": "2016-03-16T14:03:41.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 052eb62056794a08a04f4cd61455602c",
"pattern": "[file:hashes.SHA1 = 'f7b4ff00e35463fbe6ec23ebe702c12685f8eb8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967bd-df24-48c3-80fe-4fda02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:41.000Z",
"modified": "2016-03-16T14:03:41.000Z",
"first_observed": "2016-03-16T14:03:41Z",
"last_observed": "2016-03-16T14:03:41Z",
"number_observed": 1,
"object_refs": [
"url--56e967bd-df24-48c3-80fe-4fda02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967bd-df24-48c3-80fe-4fda02de0b81",
"value": "https://www.virustotal.com/file/ab57298c39d88cb1296f53509214872bfb810317238b77aa8e5d8820f32c28cf/analysis/1457023645/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bd-727c-48b2-80ad-491302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:41.000Z",
"modified": "2016-03-16T14:03:41.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 032bacaea0d335daec271f228db6bc88",
"pattern": "[file:hashes.SHA256 = 'e147645b3216c02d1bdd6f99292cf6efbfe447430c3a3ec2d48cc99722cd4b4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bd-e74c-4d85-94cb-45b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:41.000Z",
"modified": "2016-03-16T14:03:41.000Z",
"description": "Crimson Downloader Samples - Xchecked via VT: 032bacaea0d335daec271f228db6bc88",
"pattern": "[file:hashes.SHA1 = '038f970e9292c921c2a97fe4f80a2213b7b624d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967be-8660-417d-9840-4bca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:42.000Z",
"modified": "2016-03-16T14:03:42.000Z",
"first_observed": "2016-03-16T14:03:42Z",
"last_observed": "2016-03-16T14:03:42Z",
"number_observed": 1,
"object_refs": [
"url--56e967be-8660-417d-9840-4bca02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967be-8660-417d-9840-4bca02de0b81",
"value": "https://www.virustotal.com/file/e147645b3216c02d1bdd6f99292cf6efbfe447430c3a3ec2d48cc99722cd4b4a/analysis/1457502273/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967be-0884-48bf-a6af-467b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:42.000Z",
"modified": "2016-03-16T14:03:42.000Z",
"description": "Crimson Downloader Sample - Xchecked via VT: 5d9b42853ecf3ff28d4e4313276b21ed",
"pattern": "[file:hashes.SHA256 = '1c5c4aff54a1ed64e92827063608e7d07302740a209e4461897a1772683a2a6e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967be-6fb4-40f2-ad26-4bdc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:42.000Z",
"modified": "2016-03-16T14:03:42.000Z",
"description": "Crimson Downloader Sample - Xchecked via VT: 5d9b42853ecf3ff28d4e4313276b21ed",
"pattern": "[file:hashes.SHA1 = '7e51cf014b0abd10a96739f3e3da21c4f0e9da4a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967be-655c-4375-9bfe-48b002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:42.000Z",
"modified": "2016-03-16T14:03:42.000Z",
"first_observed": "2016-03-16T14:03:42Z",
"last_observed": "2016-03-16T14:03:42Z",
"number_observed": 1,
"object_refs": [
"url--56e967be-655c-4375-9bfe-48b002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967be-655c-4375-9bfe-48b002de0b81",
"value": "https://www.virustotal.com/file/1c5c4aff54a1ed64e92827063608e7d07302740a209e4461897a1772683a2a6e/analysis/1442092488/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bf-95dc-463f-992e-48bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:43.000Z",
"modified": "2016-03-16T14:03:43.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 2dfe4468a052a07cab117a20e182adc9",
"pattern": "[file:hashes.SHA256 = 'a74d8d6ecf4f1fd66fcc83fd76125296ea9cdffbfbacd10b04fba4dbfe9aa2f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967bf-8f58-4df1-8d9f-49a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:43.000Z",
"modified": "2016-03-16T14:03:43.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 2dfe4468a052a07cab117a20e182adc9",
"pattern": "[file:hashes.SHA1 = 'afdf942dab44e9523af001271d951a69287c6843']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967bf-4f20-4345-bdcd-44db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:43.000Z",
"modified": "2016-03-16T14:03:43.000Z",
"first_observed": "2016-03-16T14:03:43Z",
"last_observed": "2016-03-16T14:03:43Z",
"number_observed": 1,
"object_refs": [
"url--56e967bf-4f20-4345-bdcd-44db02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967bf-4f20-4345-bdcd-44db02de0b81",
"value": "https://www.virustotal.com/file/a74d8d6ecf4f1fd66fcc83fd76125296ea9cdffbfbacd10b04fba4dbfe9aa2f2/analysis/1457023688/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c0-1d84-449f-9cff-428702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:44.000Z",
"modified": "2016-03-16T14:03:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 8336d9aeccee3408a4f9fbf4b1a42bac",
"pattern": "[file:hashes.SHA256 = 'f9b4f7954f8d3b96b49b79ac3dd8e4489d23eab0cf8e6ee27cfdab1fa54e0233']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c0-cb54-4f47-8cda-46da02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:44.000Z",
"modified": "2016-03-16T14:03:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 8336d9aeccee3408a4f9fbf4b1a42bac",
"pattern": "[file:hashes.SHA1 = '48c1f1155872b108aa4cd6f84340b8e9e55f3c6b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c0-8d90-4e79-91f0-42fa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:44.000Z",
"modified": "2016-03-16T14:03:44.000Z",
"first_observed": "2016-03-16T14:03:44Z",
"last_observed": "2016-03-16T14:03:44Z",
"number_observed": 1,
"object_refs": [
"url--56e967c0-8d90-4e79-91f0-42fa02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c0-8d90-4e79-91f0-42fa02de0b81",
"value": "https://www.virustotal.com/file/f9b4f7954f8d3b96b49b79ac3dd8e4489d23eab0cf8e6ee27cfdab1fa54e0233/analysis/1457023688/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c0-55c4-4ce7-b251-444902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:44.000Z",
"modified": "2016-03-16T14:03:44.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: a74165ec1d55b682ed232ffde62b3b11",
"pattern": "[file:hashes.SHA256 = '819a689239d1354c4cc4fadb398d42fee4a066af0235c7d2af997a4d1617e3d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c1-2780-4793-bf0d-486102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:45.000Z",
"modified": "2016-03-16T14:03:45.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: a74165ec1d55b682ed232ffde62b3b11",
"pattern": "[file:hashes.SHA1 = 'df8822b47f7bea4a8b21a0708dd48b1cbced8e90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c1-6070-411a-95dd-45e802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:45.000Z",
"modified": "2016-03-16T14:03:45.000Z",
"first_observed": "2016-03-16T14:03:45Z",
"last_observed": "2016-03-16T14:03:45Z",
"number_observed": 1,
"object_refs": [
"url--56e967c1-6070-411a-95dd-45e802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c1-6070-411a-95dd-45e802de0b81",
"value": "https://www.virustotal.com/file/819a689239d1354c4cc4fadb398d42fee4a066af0235c7d2af997a4d1617e3d7/analysis/1457023689/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c1-1874-4a3a-a134-447102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:45.000Z",
"modified": "2016-03-16T14:03:45.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 870c0312cea7b3b6b82be01633b071cd",
"pattern": "[file:hashes.SHA256 = 'fee91b1424ddd161cd089a71a86649c83284ec2eac793b3666ce31e524dd7412']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c1-cb74-48d8-b248-405a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:45.000Z",
"modified": "2016-03-16T14:03:45.000Z",
"description": "Crimson RAT Samples - Xchecked via VT: 870c0312cea7b3b6b82be01633b071cd",
"pattern": "[file:hashes.SHA1 = 'bcca68cc9af142fefb70a3721a2e87973e0c988e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c2-a0b8-480e-a554-436902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:46.000Z",
"modified": "2016-03-16T14:03:46.000Z",
"first_observed": "2016-03-16T14:03:46Z",
"last_observed": "2016-03-16T14:03:46Z",
"number_observed": 1,
"object_refs": [
"url--56e967c2-a0b8-480e-a554-436902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c2-a0b8-480e-a554-436902de0b81",
"value": "https://www.virustotal.com/file/fee91b1424ddd161cd089a71a86649c83284ec2eac793b3666ce31e524dd7412/analysis/1457677452/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c2-7f80-4541-bf61-460c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:46.000Z",
"modified": "2016-03-16T14:03:46.000Z",
"description": "DarkComet Samples - Xchecked via VT: fd5a419924a0816c6357b47f4e375732",
"pattern": "[file:hashes.SHA256 = '9cccd499953a753ef1cc064bd0be4178a2c027c58319d95da43e9f298e1c1929']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c2-dfec-41a9-8c3f-470a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:46.000Z",
"modified": "2016-03-16T14:03:46.000Z",
"description": "DarkComet Samples - Xchecked via VT: fd5a419924a0816c6357b47f4e375732",
"pattern": "[file:hashes.SHA1 = '2114d6763cb93ac34d6bd773c2ab261e2510deba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c3-6664-4ff1-ac69-479002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:47.000Z",
"modified": "2016-03-16T14:03:47.000Z",
"first_observed": "2016-03-16T14:03:47Z",
"last_observed": "2016-03-16T14:03:47Z",
"number_observed": 1,
"object_refs": [
"url--56e967c3-6664-4ff1-ac69-479002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c3-6664-4ff1-ac69-479002de0b81",
"value": "https://www.virustotal.com/file/9cccd499953a753ef1cc064bd0be4178a2c027c58319d95da43e9f298e1c1929/analysis/1408177767/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c3-5f2c-4217-8e5b-485d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:47.000Z",
"modified": "2016-03-16T14:03:47.000Z",
"description": "DarkComet Samples - Xchecked via VT: 278f889f494d62e214406c4fcfa6f9a3",
"pattern": "[file:hashes.SHA256 = 'b75b227458b2cd9c68321fe42f9d1a50898b7805150240e51a6b247f7222b19b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c3-cf28-4958-9f45-4ad702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:47.000Z",
"modified": "2016-03-16T14:03:47.000Z",
"description": "DarkComet Samples - Xchecked via VT: 278f889f494d62e214406c4fcfa6f9a3",
"pattern": "[file:hashes.SHA1 = '122e2717a646af43ce1b22fae9f82850af668ff7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c3-bdbc-4b68-afc7-4dd802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:47.000Z",
"modified": "2016-03-16T14:03:47.000Z",
"first_observed": "2016-03-16T14:03:47Z",
"last_observed": "2016-03-16T14:03:47Z",
"number_observed": 1,
"object_refs": [
"url--56e967c3-bdbc-4b68-afc7-4dd802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c3-bdbc-4b68-afc7-4dd802de0b81",
"value": "https://www.virustotal.com/file/b75b227458b2cd9c68321fe42f9d1a50898b7805150240e51a6b247f7222b19b/analysis/1457023686/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c4-8254-4d89-bb52-41d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:48.000Z",
"modified": "2016-03-16T14:03:48.000Z",
"description": "DarkComet Samples - Xchecked via VT: 0aecd3b79d72cbfa8f5dce2a12e76053",
"pattern": "[file:hashes.SHA256 = '159f66960010b415cd7105984a2d6b4d40f83d4add4ca84428640f32d2b76efe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c4-de5c-4f8c-8d5e-4d5202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:48.000Z",
"modified": "2016-03-16T14:03:48.000Z",
"description": "DarkComet Samples - Xchecked via VT: 0aecd3b79d72cbfa8f5dce2a12e76053",
"pattern": "[file:hashes.SHA1 = '0a6b93707564be77d738f2c530134724042e23a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c4-84a8-4255-ba4a-4ffe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:48.000Z",
"modified": "2016-03-16T14:03:48.000Z",
"first_observed": "2016-03-16T14:03:48Z",
"last_observed": "2016-03-16T14:03:48Z",
"number_observed": 1,
"object_refs": [
"url--56e967c4-84a8-4255-ba4a-4ffe02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c4-84a8-4255-ba4a-4ffe02de0b81",
"value": "https://www.virustotal.com/file/159f66960010b415cd7105984a2d6b4d40f83d4add4ca84428640f32d2b76efe/analysis/1457023685/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c4-e5e0-483c-b5c2-43a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:48.000Z",
"modified": "2016-03-16T14:03:48.000Z",
"description": "Bezigate Samples - Xchecked via VT: e49edc719eaab11a40158c15c9dd9b7b",
"pattern": "[file:hashes.SHA256 = '5f5ff374738b97ab0b644e803d4125e28de8c08d43276769a4262948db52ac91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c5-38ec-4d8e-be4c-49a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:49.000Z",
"modified": "2016-03-16T14:03:49.000Z",
"description": "Bezigate Samples - Xchecked via VT: e49edc719eaab11a40158c15c9dd9b7b",
"pattern": "[file:hashes.SHA1 = '98afd9d5cd9a651c346441e8ab01ec080b3d2bee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c5-b0b0-4f16-a77c-4ec902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:49.000Z",
"modified": "2016-03-16T14:03:49.000Z",
"first_observed": "2016-03-16T14:03:49Z",
"last_observed": "2016-03-16T14:03:49Z",
"number_observed": 1,
"object_refs": [
"url--56e967c5-b0b0-4f16-a77c-4ec902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c5-b0b0-4f16-a77c-4ec902de0b81",
"value": "https://www.virustotal.com/file/5f5ff374738b97ab0b644e803d4125e28de8c08d43276769a4262948db52ac91/analysis/1457503342/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c5-662c-4a11-a163-40f702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:49.000Z",
"modified": "2016-03-16T14:03:49.000Z",
"description": "Bezigate Samples - Xchecked via VT: 96dbed32a59b50e6100f1ca35ef5a698",
"pattern": "[file:hashes.SHA256 = 'f1d9abcc7a9aa4b5982eee5101fe702ecfcb05f03192d0591822b712cd4aaa5a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c6-89ac-4c1c-a07a-416302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:50.000Z",
"modified": "2016-03-16T14:03:50.000Z",
"description": "Bezigate Samples - Xchecked via VT: 96dbed32a59b50e6100f1ca35ef5a698",
"pattern": "[file:hashes.SHA1 = '3e9d40fd3d037f7ece5e9cda129327eaac799cac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c6-96b0-4b1f-a616-4f3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:50.000Z",
"modified": "2016-03-16T14:03:50.000Z",
"first_observed": "2016-03-16T14:03:50Z",
"last_observed": "2016-03-16T14:03:50Z",
"number_observed": 1,
"object_refs": [
"url--56e967c6-96b0-4b1f-a616-4f3102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c6-96b0-4b1f-a616-4f3102de0b81",
"value": "https://www.virustotal.com/file/f1d9abcc7a9aa4b5982eee5101fe702ecfcb05f03192d0591822b712cd4aaa5a/analysis/1457023684/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c6-89e8-4a4a-a20a-42f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:50.000Z",
"modified": "2016-03-16T14:03:50.000Z",
"description": "Bezigate Samples - Xchecked via VT: 85d182f7a0e049169a7bd0aa796fba96",
"pattern": "[file:hashes.SHA256 = '805d356745cb242419de83f20f5c2e15864a078bed4d9ddc781b5c749914c7f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c6-6b08-420d-8168-4df302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:50.000Z",
"modified": "2016-03-16T14:03:50.000Z",
"description": "Bezigate Samples - Xchecked via VT: 85d182f7a0e049169a7bd0aa796fba96",
"pattern": "[file:hashes.SHA1 = 'd118251e3bfa2a7bfa8ff4d2e0b0b7b69c96086c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c7-e944-428e-be38-40b602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:51.000Z",
"modified": "2016-03-16T14:03:51.000Z",
"first_observed": "2016-03-16T14:03:51Z",
"last_observed": "2016-03-16T14:03:51Z",
"number_observed": 1,
"object_refs": [
"url--56e967c7-e944-428e-be38-40b602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c7-e944-428e-be38-40b602de0b81",
"value": "https://www.virustotal.com/file/805d356745cb242419de83f20f5c2e15864a078bed4d9ddc781b5c749914c7f8/analysis/1457023684/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c7-f300-48c8-93a3-498a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:51.000Z",
"modified": "2016-03-16T14:03:51.000Z",
"description": "Bezigate Samples - Xchecked via VT: 44db769fb1f29a32d5c1998e29b4b7c4",
"pattern": "[file:hashes.SHA256 = '70228e18bdd79a8dca8d5d518cf50c29ee6e8286e1a2fb67a41cf18f6eda49e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c7-7f00-49ca-9984-412a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:51.000Z",
"modified": "2016-03-16T14:03:51.000Z",
"description": "Bezigate Samples - Xchecked via VT: 44db769fb1f29a32d5c1998e29b4b7c4",
"pattern": "[file:hashes.SHA1 = 'd8546cf005a6278a84d744f819762e6e487ece04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c7-4b88-4332-8f5f-434202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:51.000Z",
"modified": "2016-03-16T14:03:51.000Z",
"first_observed": "2016-03-16T14:03:51Z",
"last_observed": "2016-03-16T14:03:51Z",
"number_observed": 1,
"object_refs": [
"url--56e967c7-4b88-4332-8f5f-434202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c7-4b88-4332-8f5f-434202de0b81",
"value": "https://www.virustotal.com/file/70228e18bdd79a8dca8d5d518cf50c29ee6e8286e1a2fb67a41cf18f6eda49e9/analysis/1457023683/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c8-663c-46c3-a712-477002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:52.000Z",
"modified": "2016-03-16T14:03:52.000Z",
"description": "Bezigate Samples - Xchecked via VT: 236e7451cbce959ca0f62fb3b499b54e",
"pattern": "[file:hashes.SHA256 = 'c2064e96a39d269820e50ff0df63aa4791141bc1a6d145846694e8cd11e715cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c8-9170-4680-8443-452902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:52.000Z",
"modified": "2016-03-16T14:03:52.000Z",
"description": "Bezigate Samples - Xchecked via VT: 236e7451cbce959ca0f62fb3b499b54e",
"pattern": "[file:hashes.SHA1 = '57c102662172332ffcdb7d99e236cc866805dfb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c8-c0e0-4157-bd2d-4ed002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:52.000Z",
"modified": "2016-03-16T14:03:52.000Z",
"first_observed": "2016-03-16T14:03:52Z",
"last_observed": "2016-03-16T14:03:52Z",
"number_observed": 1,
"object_refs": [
"url--56e967c8-c0e0-4157-bd2d-4ed002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c8-c0e0-4157-bd2d-4ed002de0b81",
"value": "https://www.virustotal.com/file/c2064e96a39d269820e50ff0df63aa4791141bc1a6d145846694e8cd11e715cf/analysis/1457677218/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c9-5220-4f10-b232-4db602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:53.000Z",
"modified": "2016-03-16T14:03:53.000Z",
"description": "Luminosity Link Sample - Xchecked via VT: 708a1af68d532df35c34f7088b8e798f",
"pattern": "[file:hashes.SHA256 = '5c1f7c4ebf49ebcc1e07309d90049ffcc47a83318ae041330e777ad9a3befc52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c9-bb84-4820-b921-4eb702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:53.000Z",
"modified": "2016-03-16T14:03:53.000Z",
"description": "Luminosity Link Sample - Xchecked via VT: 708a1af68d532df35c34f7088b8e798f",
"pattern": "[file:hashes.SHA1 = 'd140c6cc6929db8666f4b6b2c8734c013755a514']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967c9-60ac-4ace-be37-403c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:53.000Z",
"modified": "2016-03-16T14:03:53.000Z",
"first_observed": "2016-03-16T14:03:53Z",
"last_observed": "2016-03-16T14:03:53Z",
"number_observed": 1,
"object_refs": [
"url--56e967c9-60ac-4ace-be37-403c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967c9-60ac-4ace-be37-403c02de0b81",
"value": "https://www.virustotal.com/file/5c1f7c4ebf49ebcc1e07309d90049ffcc47a83318ae041330e777ad9a3befc52/analysis/1456619231/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967c9-2c54-4693-b398-461402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:53.000Z",
"modified": "2016-03-16T14:03:53.000Z",
"description": "Unknown, likely related - Xchecked via VT: c0ff05a6bf05465adfc9a1dfd5305bde",
"pattern": "[file:hashes.SHA256 = '07239cd6b23b16164251ca229d4f9ce15248d45a13642ada6aa5936ccd0228f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ca-cc94-45c2-bd90-42a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:54.000Z",
"modified": "2016-03-16T14:03:54.000Z",
"description": "Unknown, likely related - Xchecked via VT: c0ff05a6bf05465adfc9a1dfd5305bde",
"pattern": "[file:hashes.SHA1 = '32a0618dde949902a02cf39c59b609c31d976ffe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ca-8bb0-4efd-a157-464302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:54.000Z",
"modified": "2016-03-16T14:03:54.000Z",
"first_observed": "2016-03-16T14:03:54Z",
"last_observed": "2016-03-16T14:03:54Z",
"number_observed": 1,
"object_refs": [
"url--56e967ca-8bb0-4efd-a157-464302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ca-8bb0-4efd-a157-464302de0b81",
"value": "https://www.virustotal.com/file/07239cd6b23b16164251ca229d4f9ce15248d45a13642ada6aa5936ccd0228f3/analysis/1450593452/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ca-4fa4-42b9-aaa2-477702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:54.000Z",
"modified": "2016-03-16T14:03:54.000Z",
"description": "Unknown, likely related - Xchecked via VT: 0437655995f4d3104989fb963aa41339",
"pattern": "[file:hashes.SHA256 = 'd1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ca-c938-4ecd-b4ce-487f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:54.000Z",
"modified": "2016-03-16T14:03:54.000Z",
"description": "Unknown, likely related - Xchecked via VT: 0437655995f4d3104989fb963aa41339",
"pattern": "[file:hashes.SHA1 = '0007a5cbdfcda9175635bd1b30e5d3a8683bdcb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967cb-cae8-440a-9a70-4b6802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:55.000Z",
"modified": "2016-03-16T14:03:55.000Z",
"first_observed": "2016-03-16T14:03:55Z",
"last_observed": "2016-03-16T14:03:55Z",
"number_observed": 1,
"object_refs": [
"url--56e967cb-cae8-440a-9a70-4b6802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967cb-cae8-440a-9a70-4b6802de0b81",
"value": "https://www.virustotal.com/file/d1b45a3651bfa2af1186894fc579784a5b92997d8124a1bbde8725fe259f19bf/analysis/1457502278/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cb-50dc-4687-be3f-456802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:55.000Z",
"modified": "2016-03-16T14:03:55.000Z",
"description": "Malicious Documents - Xchecked via VT: 98bdcd97cd536ff6bcb2d39d9a097319",
"pattern": "[file:hashes.SHA256 = 'ca21481a6d7c16ad87efaf83604da8e9b51ff783d8f123cdb8aa3a17bfbb5d23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cb-d00c-4e3d-b49d-4c1502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:55.000Z",
"modified": "2016-03-16T14:03:55.000Z",
"description": "Malicious Documents - Xchecked via VT: 98bdcd97cd536ff6bcb2d39d9a097319",
"pattern": "[file:hashes.SHA1 = 'd4d68ec24deedbd526d8b153be9d5370aed02618']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967cc-cbfc-4d57-9482-4d1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:56.000Z",
"modified": "2016-03-16T14:03:56.000Z",
"first_observed": "2016-03-16T14:03:56Z",
"last_observed": "2016-03-16T14:03:56Z",
"number_observed": 1,
"object_refs": [
"url--56e967cc-cbfc-4d57-9482-4d1a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967cc-cbfc-4d57-9482-4d1a02de0b81",
"value": "https://www.virustotal.com/file/ca21481a6d7c16ad87efaf83604da8e9b51ff783d8f123cdb8aa3a17bfbb5d23/analysis/1457518988/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cc-88f4-4a71-9412-411d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:56.000Z",
"modified": "2016-03-16T14:03:56.000Z",
"description": "Malicious Documents - Xchecked via VT: 76f410c27d97e6c0403df274bebd5f6e",
"pattern": "[file:hashes.SHA256 = '986854540603b2a47d4498f9f384827f8452cd738b4abd4c4e6222ea541df177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cc-c388-425f-b9a9-484e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:56.000Z",
"modified": "2016-03-16T14:03:56.000Z",
"description": "Malicious Documents - Xchecked via VT: 76f410c27d97e6c0403df274bebd5f6e",
"pattern": "[file:hashes.SHA1 = '9e3ae65961e0d5373755cf36d54caaa7ecdaa06d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967cc-f248-49d8-a6c0-497902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:56.000Z",
"modified": "2016-03-16T14:03:56.000Z",
"first_observed": "2016-03-16T14:03:56Z",
"last_observed": "2016-03-16T14:03:56Z",
"number_observed": 1,
"object_refs": [
"url--56e967cc-f248-49d8-a6c0-497902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967cc-f248-49d8-a6c0-497902de0b81",
"value": "https://www.virustotal.com/file/986854540603b2a47d4498f9f384827f8452cd738b4abd4c4e6222ea541df177/analysis/1457023683/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cd-4278-4c14-9764-477c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:57.000Z",
"modified": "2016-03-16T14:03:57.000Z",
"description": "Malicious Documents - Xchecked via VT: 68773f362d5ab4897d4ca217a9f53975",
"pattern": "[file:hashes.SHA256 = '86390160b1e83c37a1707cce4c854e743254e1d32028a44010285ab379fa633e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cd-9ec8-4b2b-8895-420102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:57.000Z",
"modified": "2016-03-16T14:03:57.000Z",
"description": "Malicious Documents - Xchecked via VT: 68773f362d5ab4897d4ca217a9f53975",
"pattern": "[file:hashes.SHA1 = '836109e392d14af113bf14aa70bcb3d660f80640']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967cd-cdc0-4af8-9342-4a3e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:57.000Z",
"modified": "2016-03-16T14:03:57.000Z",
"first_observed": "2016-03-16T14:03:57Z",
"last_observed": "2016-03-16T14:03:57Z",
"number_observed": 1,
"object_refs": [
"url--56e967cd-cdc0-4af8-9342-4a3e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967cd-cdc0-4af8-9342-4a3e02de0b81",
"value": "https://www.virustotal.com/file/86390160b1e83c37a1707cce4c854e743254e1d32028a44010285ab379fa633e/analysis/1457950531/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ce-c9bc-4b28-846d-4ba902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:58.000Z",
"modified": "2016-03-16T14:03:58.000Z",
"description": "Malicious Documents - Xchecked via VT: 3966f669a6af4278869b9cce0f2d9279",
"pattern": "[file:hashes.SHA256 = '2f9d44ea900adc43863608810f77b53d4fea7a3ad6d06dc7be81d837271b309f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ce-c2a8-4e5e-a96a-44fd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:58.000Z",
"modified": "2016-03-16T14:03:58.000Z",
"description": "Malicious Documents - Xchecked via VT: 3966f669a6af4278869b9cce0f2d9279",
"pattern": "[file:hashes.SHA1 = '02268ea3028e7f1c689c785646ffd446eed14a78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967ce-ed0c-49ab-9a4e-4e9002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:58.000Z",
"modified": "2016-03-16T14:03:58.000Z",
"first_observed": "2016-03-16T14:03:58Z",
"last_observed": "2016-03-16T14:03:58Z",
"number_observed": 1,
"object_refs": [
"url--56e967ce-ed0c-49ab-9a4e-4e9002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967ce-ed0c-49ab-9a4e-4e9002de0b81",
"value": "https://www.virustotal.com/file/2f9d44ea900adc43863608810f77b53d4fea7a3ad6d06dc7be81d837271b309f/analysis/1457349729/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967ce-c254-4af1-92bc-4b3502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:58.000Z",
"modified": "2016-03-16T14:03:58.000Z",
"description": "Malicious Documents - Xchecked via VT: 278fd26be39a06d5e19c5e7fd7d3dcc2",
"pattern": "[file:hashes.SHA256 = '9556f9f6ba102b92d7c63f128251777a35c8d286bfd6ec49a96730a74dc3d921']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cf-c9e8-4fa4-90cf-4ea802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:59.000Z",
"modified": "2016-03-16T14:03:59.000Z",
"description": "Malicious Documents - Xchecked via VT: 278fd26be39a06d5e19c5e7fd7d3dcc2",
"pattern": "[file:hashes.SHA1 = 'a46f62aebb86a36c75df681b4eac1a44be4f563f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967cf-682c-4192-8676-497d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:59.000Z",
"modified": "2016-03-16T14:03:59.000Z",
"first_observed": "2016-03-16T14:03:59Z",
"last_observed": "2016-03-16T14:03:59Z",
"number_observed": 1,
"object_refs": [
"url--56e967cf-682c-4192-8676-497d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967cf-682c-4192-8676-497d02de0b81",
"value": "https://www.virustotal.com/file/9556f9f6ba102b92d7c63f128251777a35c8d286bfd6ec49a96730a74dc3d921/analysis/1457023683/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cf-7390-4c59-b438-4a6802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:59.000Z",
"modified": "2016-03-16T14:03:59.000Z",
"description": "Malicious Documents - Xchecked via VT: 18711f1db99f6a6f73f8ab64f563accc",
"pattern": "[file:hashes.SHA256 = '6c36554956617d2996a89a0ff7f867ee9b70769e4f1b70943fbf2babb8d97bfd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967cf-1754-4331-9215-4da402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:03:59.000Z",
"modified": "2016-03-16T14:03:59.000Z",
"description": "Malicious Documents - Xchecked via VT: 18711f1db99f6a6f73f8ab64f563accc",
"pattern": "[file:hashes.SHA1 = '1bf850ec4dacd43323e75be040ee6bc7a3d05fe9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:03:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d0-5998-4dd1-96bc-4a1e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:00.000Z",
"modified": "2016-03-16T14:04:00.000Z",
"first_observed": "2016-03-16T14:04:00Z",
"last_observed": "2016-03-16T14:04:00Z",
"number_observed": 1,
"object_refs": [
"url--56e967d0-5998-4dd1-96bc-4a1e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d0-5998-4dd1-96bc-4a1e02de0b81",
"value": "https://www.virustotal.com/file/6c36554956617d2996a89a0ff7f867ee9b70769e4f1b70943fbf2babb8d97bfd/analysis/1457023638/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d0-0e10-4413-a51e-470e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:00.000Z",
"modified": "2016-03-16T14:04:00.000Z",
"description": "Malicious Documents - Xchecked via VT: 0197ff119e1724a1ffbf33df14411001",
"pattern": "[file:hashes.SHA256 = '4ed6ed9736c0213e175761a058716a9c700b83a48a8ce58e144b7efb1c8f7a4e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d0-6714-40ce-a3c1-424f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:00.000Z",
"modified": "2016-03-16T14:04:00.000Z",
"description": "Malicious Documents - Xchecked via VT: 0197ff119e1724a1ffbf33df14411001",
"pattern": "[file:hashes.SHA1 = '85a5aad2e617162cfeef52855a57d5010a72e203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d1-064c-49bf-94e5-476902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:01.000Z",
"modified": "2016-03-16T14:04:01.000Z",
"first_observed": "2016-03-16T14:04:01Z",
"last_observed": "2016-03-16T14:04:01Z",
"number_observed": 1,
"object_refs": [
"url--56e967d1-064c-49bf-94e5-476902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d1-064c-49bf-94e5-476902de0b81",
"value": "https://www.virustotal.com/file/4ed6ed9736c0213e175761a058716a9c700b83a48a8ce58e144b7efb1c8f7a4e/analysis/1455066016/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d1-f638-4031-abf3-433202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:01.000Z",
"modified": "2016-03-16T14:04:01.000Z",
"description": "Python Downloader Sample - Xchecked via VT: 82719f0f6237d3efb9dd67d95f842013",
"pattern": "[file:hashes.SHA256 = 'ff8bfd57726d6138f4e15ee87a4f2670745f52d57b23252bb41f7dbf97c7e9b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d1-e4c4-4825-b725-492902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:01.000Z",
"modified": "2016-03-16T14:04:01.000Z",
"description": "Python Downloader Sample - Xchecked via VT: 82719f0f6237d3efb9dd67d95f842013",
"pattern": "[file:hashes.SHA1 = '080a05242d29420755789a2109768c455a3284c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d1-95c4-4f6c-b7e8-4c8d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:01.000Z",
"modified": "2016-03-16T14:04:01.000Z",
"first_observed": "2016-03-16T14:04:01Z",
"last_observed": "2016-03-16T14:04:01Z",
"number_observed": 1,
"object_refs": [
"url--56e967d1-95c4-4f6c-b7e8-4c8d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d1-95c4-4f6c-b7e8-4c8d02de0b81",
"value": "https://www.virustotal.com/file/ff8bfd57726d6138f4e15ee87a4f2670745f52d57b23252bb41f7dbf97c7e9b7/analysis/1457023645/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d2-7a90-4e0f-8d76-482c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:02.000Z",
"modified": "2016-03-16T14:04:02.000Z",
"description": "Various Downloader Samples - Xchecked via VT: e26150f5186bb7230d85f4cf3aa45d17",
"pattern": "[file:hashes.SHA256 = '1d0914df98b13d3f7fbdcb493b2dfa624c80d511f6029171097187868d732d3c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d2-72e0-4c6b-be8d-497a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:02.000Z",
"modified": "2016-03-16T14:04:02.000Z",
"description": "Various Downloader Samples - Xchecked via VT: e26150f5186bb7230d85f4cf3aa45d17",
"pattern": "[file:hashes.SHA1 = '1153882413a26ec8b9043b12727773e1d29561de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d2-60ac-4043-b61f-430302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:02.000Z",
"modified": "2016-03-16T14:04:02.000Z",
"first_observed": "2016-03-16T14:04:02Z",
"last_observed": "2016-03-16T14:04:02Z",
"number_observed": 1,
"object_refs": [
"url--56e967d2-60ac-4043-b61f-430302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d2-60ac-4043-b61f-430302de0b81",
"value": "https://www.virustotal.com/file/1d0914df98b13d3f7fbdcb493b2dfa624c80d511f6029171097187868d732d3c/analysis/1457023681/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d2-1424-4c15-928f-438702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:02.000Z",
"modified": "2016-03-16T14:04:02.000Z",
"description": "Various Downloader Samples - Xchecked via VT: dbd5c44e6c189f289e0eea1454897b26",
"pattern": "[file:hashes.SHA256 = '852b7f7e4dd82c9b6a57b66f52c3839fa590e3979a53a37642acb57975cabc0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d3-9790-42fc-838a-44ef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:03.000Z",
"modified": "2016-03-16T14:04:03.000Z",
"description": "Various Downloader Samples - Xchecked via VT: dbd5c44e6c189f289e0eea1454897b26",
"pattern": "[file:hashes.SHA1 = '45cc5c72308b2d5ab021d5cfd72b3a7060df962b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d3-19b4-4bf9-bdc6-4fd702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:03.000Z",
"modified": "2016-03-16T14:04:03.000Z",
"first_observed": "2016-03-16T14:04:03Z",
"last_observed": "2016-03-16T14:04:03Z",
"number_observed": 1,
"object_refs": [
"url--56e967d3-19b4-4bf9-bdc6-4fd702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d3-19b4-4bf9-bdc6-4fd702de0b81",
"value": "https://www.virustotal.com/file/852b7f7e4dd82c9b6a57b66f52c3839fa590e3979a53a37642acb57975cabc0b/analysis/1457677622/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d3-6eec-4b1f-9fd3-44bc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:03.000Z",
"modified": "2016-03-16T14:04:03.000Z",
"description": "Various Downloader Samples - Xchecked via VT: c16b43a5897861fbe023e4b7d340f2e8",
"pattern": "[file:hashes.SHA256 = '97ec77e95b984282d925275b2da7a355887926727fe05834cb67f4085a538d8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d4-6968-434a-8174-4a3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:04.000Z",
"modified": "2016-03-16T14:04:04.000Z",
"description": "Various Downloader Samples - Xchecked via VT: c16b43a5897861fbe023e4b7d340f2e8",
"pattern": "[file:hashes.SHA1 = 'c4713b21e94ae293b202d9f51310e1b658306851']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d4-1bc4-4521-a677-48a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:04.000Z",
"modified": "2016-03-16T14:04:04.000Z",
"first_observed": "2016-03-16T14:04:04Z",
"last_observed": "2016-03-16T14:04:04Z",
"number_observed": 1,
"object_refs": [
"url--56e967d4-1bc4-4521-a677-48a402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d4-1bc4-4521-a677-48a402de0b81",
"value": "https://www.virustotal.com/file/97ec77e95b984282d925275b2da7a355887926727fe05834cb67f4085a538d8c/analysis/1457023681/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d4-d588-4662-8384-45a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:04.000Z",
"modified": "2016-03-16T14:04:04.000Z",
"description": "Various Downloader Samples - Xchecked via VT: a957e3a7aed4efd1b214d3c3b79f5874",
"pattern": "[file:hashes.SHA256 = '89b7defaf72e59480ddf76d6f5a8e9f3ba2ef4664da763c9fb8314ee88b9619c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d4-453c-458c-a46e-473402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:04.000Z",
"modified": "2016-03-16T14:04:04.000Z",
"description": "Various Downloader Samples - Xchecked via VT: a957e3a7aed4efd1b214d3c3b79f5874",
"pattern": "[file:hashes.SHA1 = '01fb3a2cadb4dd537db3117a253473815cc27ff2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d5-2ee8-4234-bd68-464402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:05.000Z",
"modified": "2016-03-16T14:04:05.000Z",
"first_observed": "2016-03-16T14:04:05Z",
"last_observed": "2016-03-16T14:04:05Z",
"number_observed": 1,
"object_refs": [
"url--56e967d5-2ee8-4234-bd68-464402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d5-2ee8-4234-bd68-464402de0b81",
"value": "https://www.virustotal.com/file/89b7defaf72e59480ddf76d6f5a8e9f3ba2ef4664da763c9fb8314ee88b9619c/analysis/1457023680/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d5-1674-4810-9216-485402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:05.000Z",
"modified": "2016-03-16T14:04:05.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 861f621fdf2d3e760df50009fe2824ae",
"pattern": "[file:hashes.SHA256 = '0c3f9586b682b2e0ec74438474ca182f28062c86f09049c086a1e2f9e206d66a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d5-1e6c-43ca-ad05-473a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:05.000Z",
"modified": "2016-03-16T14:04:05.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 861f621fdf2d3e760df50009fe2824ae",
"pattern": "[file:hashes.SHA1 = 'e92d2100944b485e3dc739f9495b7b17fc3b8882']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d6-4418-4212-b6ef-46f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:06.000Z",
"modified": "2016-03-16T14:04:06.000Z",
"first_observed": "2016-03-16T14:04:06Z",
"last_observed": "2016-03-16T14:04:06Z",
"number_observed": 1,
"object_refs": [
"url--56e967d6-4418-4212-b6ef-46f102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d6-4418-4212-b6ef-46f102de0b81",
"value": "https://www.virustotal.com/file/0c3f9586b682b2e0ec74438474ca182f28062c86f09049c086a1e2f9e206d66a/analysis/1457023680/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d6-6244-4449-bd6f-40b502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:06.000Z",
"modified": "2016-03-16T14:04:06.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 7e97efc85be451432388b9f1ce623400",
"pattern": "[file:hashes.SHA256 = 'c331e243a557258aa8f6d3f248bb2c12df855ef664512bfec9468c549e5dba5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d6-8fac-41d6-babe-427802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:06.000Z",
"modified": "2016-03-16T14:04:06.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 7e97efc85be451432388b9f1ce623400",
"pattern": "[file:hashes.SHA1 = '1a8df414d60782f78cb2caf6b8b53eefc3174db5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d6-f19c-4fbc-bb61-489602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:06.000Z",
"modified": "2016-03-16T14:04:06.000Z",
"first_observed": "2016-03-16T14:04:06Z",
"last_observed": "2016-03-16T14:04:06Z",
"number_observed": 1,
"object_refs": [
"url--56e967d6-f19c-4fbc-bb61-489602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d6-f19c-4fbc-bb61-489602de0b81",
"value": "https://www.virustotal.com/file/c331e243a557258aa8f6d3f248bb2c12df855ef664512bfec9468c549e5dba5d/analysis/1387065283/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d7-a17c-45f8-ae68-4e6e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:07.000Z",
"modified": "2016-03-16T14:04:07.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 67bad4ad3d9a06fc20bea8c3ebb7ad01",
"pattern": "[file:hashes.SHA256 = 'b8173915d86ac9712895f10b9be95b5987fe49c5d0971e34c4405bd40e8cdb32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d7-2478-449a-bad5-493b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:07.000Z",
"modified": "2016-03-16T14:04:07.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 67bad4ad3d9a06fc20bea8c3ebb7ad01",
"pattern": "[file:hashes.SHA1 = '5072b281100a1253a80caf4991ed32626861d8c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d7-5558-41cf-b825-445302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:07.000Z",
"modified": "2016-03-16T14:04:07.000Z",
"first_observed": "2016-03-16T14:04:07Z",
"last_observed": "2016-03-16T14:04:07Z",
"number_observed": 1,
"object_refs": [
"url--56e967d7-5558-41cf-b825-445302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d7-5558-41cf-b825-445302de0b81",
"value": "https://www.virustotal.com/file/b8173915d86ac9712895f10b9be95b5987fe49c5d0971e34c4405bd40e8cdb32/analysis/1457023679/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d8-b99c-45a9-abcc-412e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:08.000Z",
"modified": "2016-03-16T14:04:08.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 643e30e665124eea94a22641f79a9c91",
"pattern": "[file:hashes.SHA256 = 'ba8a8105e2b4438d41315e57f19c73fc1c9cb3920d94175d136b39dc813b4f45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d8-ed20-4c09-9b1a-481602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:08.000Z",
"modified": "2016-03-16T14:04:08.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 643e30e665124eea94a22641f79a9c91",
"pattern": "[file:hashes.SHA1 = 'bd345423d3e5b12283e33ebea86b308409692410']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d8-c3f4-46a9-9c36-43e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:08.000Z",
"modified": "2016-03-16T14:04:08.000Z",
"first_observed": "2016-03-16T14:04:08Z",
"last_observed": "2016-03-16T14:04:08Z",
"number_observed": 1,
"object_refs": [
"url--56e967d8-c3f4-46a9-9c36-43e102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d8-c3f4-46a9-9c36-43e102de0b81",
"value": "https://www.virustotal.com/file/ba8a8105e2b4438d41315e57f19c73fc1c9cb3920d94175d136b39dc813b4f45/analysis/1457023679/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d8-7760-44dc-b85e-420402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:08.000Z",
"modified": "2016-03-16T14:04:08.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 63ee06dae035981c5aea04f5a52879c1",
"pattern": "[file:hashes.SHA256 = 'ed5d951ab1dc4aac6e675d5b54fd52b8f3078040b145954cd84aa1903b3ce36c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d9-2e08-4870-bab6-489402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:09.000Z",
"modified": "2016-03-16T14:04:09.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 63ee06dae035981c5aea04f5a52879c1",
"pattern": "[file:hashes.SHA1 = '65972f1e30df37d7ef5ea20db33828f96479b6d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967d9-e378-4c11-b00b-4ccd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:09.000Z",
"modified": "2016-03-16T14:04:09.000Z",
"first_observed": "2016-03-16T14:04:09Z",
"last_observed": "2016-03-16T14:04:09Z",
"number_observed": 1,
"object_refs": [
"url--56e967d9-e378-4c11-b00b-4ccd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967d9-e378-4c11-b00b-4ccd02de0b81",
"value": "https://www.virustotal.com/file/ed5d951ab1dc4aac6e675d5b54fd52b8f3078040b145954cd84aa1903b3ce36c/analysis/1457023680/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967d9-5ac8-44a4-99b3-4b2a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:09.000Z",
"modified": "2016-03-16T14:04:09.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 44fe2f4dd8b001bbcc4de737128095ca",
"pattern": "[file:hashes.SHA256 = '4c5a58925d5138d9228c598690e5d082afd0929786808810ae5a60bca915356c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967da-7bd8-46b4-a7f4-454202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:10.000Z",
"modified": "2016-03-16T14:04:10.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 44fe2f4dd8b001bbcc4de737128095ca",
"pattern": "[file:hashes.SHA1 = '95fabef9d4baebd04eb0c5b84a17169ca7071818']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967da-a148-49e3-8dd6-42e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:10.000Z",
"modified": "2016-03-16T14:04:10.000Z",
"first_observed": "2016-03-16T14:04:10Z",
"last_observed": "2016-03-16T14:04:10Z",
"number_observed": 1,
"object_refs": [
"url--56e967da-a148-49e3-8dd6-42e402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967da-a148-49e3-8dd6-42e402de0b81",
"value": "https://www.virustotal.com/file/4c5a58925d5138d9228c598690e5d082afd0929786808810ae5a60bca915356c/analysis/1457023679/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967da-b854-4a53-a645-4b0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:10.000Z",
"modified": "2016-03-16T14:04:10.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 4131776ae573bdb25009a343cf1541f5",
"pattern": "[file:hashes.SHA256 = '83ec2f75a8209636e68dba62c46d6a818fe5da8a4edb50c2703dac9b04dba897']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967da-a41c-4372-9676-448702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:10.000Z",
"modified": "2016-03-16T14:04:10.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 4131776ae573bdb25009a343cf1541f5",
"pattern": "[file:hashes.SHA1 = '4940e63bf9a3d14fe5efa0a02772384ddffba9ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967db-4524-49ee-bafa-41da02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:11.000Z",
"modified": "2016-03-16T14:04:11.000Z",
"first_observed": "2016-03-16T14:04:11Z",
"last_observed": "2016-03-16T14:04:11Z",
"number_observed": 1,
"object_refs": [
"url--56e967db-4524-49ee-bafa-41da02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967db-4524-49ee-bafa-41da02de0b81",
"value": "https://www.virustotal.com/file/83ec2f75a8209636e68dba62c46d6a818fe5da8a4edb50c2703dac9b04dba897/analysis/1397117428/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967db-3024-401b-9926-455302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:11.000Z",
"modified": "2016-03-16T14:04:11.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 2ba1e2a63129517055ab3a63cb089e33",
"pattern": "[file:hashes.SHA256 = '60b2526b2dbe7c5b0d7b9f43d3dabf52042b5c6567fa042c7e4cc2cddc154faf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967db-27bc-43af-a2d7-454702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:11.000Z",
"modified": "2016-03-16T14:04:11.000Z",
"description": "Various Downloader Samples - Xchecked via VT: 2ba1e2a63129517055ab3a63cb089e33",
"pattern": "[file:hashes.SHA1 = '00d5eb5652968679c24fe40e486e739b688add15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967db-2644-4597-a6e4-428d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:11.000Z",
"modified": "2016-03-16T14:04:11.000Z",
"first_observed": "2016-03-16T14:04:11Z",
"last_observed": "2016-03-16T14:04:11Z",
"number_observed": 1,
"object_refs": [
"url--56e967db-2644-4597-a6e4-428d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967db-2644-4597-a6e4-428d02de0b81",
"value": "https://www.virustotal.com/file/60b2526b2dbe7c5b0d7b9f43d3dabf52042b5c6567fa042c7e4cc2cddc154faf/analysis/1457023678/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967dc-0f1c-46a6-b11c-452402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:12.000Z",
"modified": "2016-03-16T14:04:12.000Z",
"description": "Crimson Downloader Droppers - Xchecked via VT: 7470757050f584101a851d7ba105db31",
"pattern": "[file:hashes.SHA256 = 'a84e601a20980bd8605eb1fce0f4f14b9d5408a9bfa2465bcff31ae254e44c1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967dc-3bc4-4175-8f1f-47e902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:12.000Z",
"modified": "2016-03-16T14:04:12.000Z",
"description": "Crimson Downloader Droppers - Xchecked via VT: 7470757050f584101a851d7ba105db31",
"pattern": "[file:hashes.SHA1 = '1194f30945199cd43c63009151985e9a139cae9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967dc-f360-4f16-8f69-474e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:12.000Z",
"modified": "2016-03-16T14:04:12.000Z",
"first_observed": "2016-03-16T14:04:12Z",
"last_observed": "2016-03-16T14:04:12Z",
"number_observed": 1,
"object_refs": [
"url--56e967dc-f360-4f16-8f69-474e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967dc-f360-4f16-8f69-474e02de0b81",
"value": "https://www.virustotal.com/file/a84e601a20980bd8605eb1fce0f4f14b9d5408a9bfa2465bcff31ae254e44c1a/analysis/1457023654/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967dd-94a0-4215-8f8f-4bde02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:13.000Z",
"modified": "2016-03-16T14:04:13.000Z",
"description": "Crimson Downloader Droppers - Xchecked via VT: 9e0fef5552100a7e0a2d044b63736fb2",
"pattern": "[file:hashes.SHA256 = '03a7db447d1aee326293ab9e122573a37aa73e7de1464a821eb462657e9a5924']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e967dd-f08c-4025-bf8f-400602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:13.000Z",
"modified": "2016-03-16T14:04:13.000Z",
"description": "Crimson Downloader Droppers - Xchecked via VT: 9e0fef5552100a7e0a2d044b63736fb2",
"pattern": "[file:hashes.SHA1 = 'b0927fc863c0d23920e3c4331ceff0a85b80eb37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-16T14:04:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e967dd-6088-4961-b835-4dab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-16T14:04:13.000Z",
"modified": "2016-03-16T14:04:13.000Z",
"first_observed": "2016-03-16T14:04:13Z",
"last_observed": "2016-03-16T14:04:13Z",
"number_observed": 1,
"object_refs": [
"url--56e967dd-6088-4961-b835-4dab02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e967dd-6088-4961-b835-4dab02de0b81",
"value": "https://www.virustotal.com/file/03a7db447d1aee326293ab9e122573a37aa73e7de1464a821eb462657e9a5924/analysis/1457677491/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink