2891 lines
128 KiB
JSON
2891 lines
128 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--56f4497b-6134-468e-807e-fc08950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:46.000Z",
|
||
|
"modified": "2016-03-24T20:20:46.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--56f4497b-6134-468e-807e-fc08950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:46.000Z",
|
||
|
"modified": "2016-03-24T20:20:46.000Z",
|
||
|
"name": "OSINT - Evolution of SamSa Malware Suggests New Ransomware Tactics In Play",
|
||
|
"published": "2016-03-24T20:47:07Z",
|
||
|
"object_refs": [
|
||
|
"x-misp-attribute--56f449bc-41d4-4643-800b-4722950d210f",
|
||
|
"observed-data--56f449d0-a374-4abb-a58d-4668950d210f",
|
||
|
"url--56f449d0-a374-4abb-a58d-4668950d210f",
|
||
|
"x-misp-attribute--56f44a81-2460-4719-ab16-47d9950d210f",
|
||
|
"x-misp-attribute--56f44a81-65c4-45bb-be49-4b78950d210f",
|
||
|
"x-misp-attribute--56f44a82-f890-4703-8d34-4ff3950d210f",
|
||
|
"x-misp-attribute--56f44a82-defc-4edc-968e-475e950d210f",
|
||
|
"x-misp-attribute--56f44a82-ee80-415b-8091-44bc950d210f",
|
||
|
"x-misp-attribute--56f44a83-5d6c-40b8-8785-459e950d210f",
|
||
|
"x-misp-attribute--56f44a83-a97c-497a-8292-4983950d210f",
|
||
|
"x-misp-attribute--56f44a83-7318-4439-8f24-41f5950d210f",
|
||
|
"x-misp-attribute--56f44a83-ad88-4eab-bce4-4939950d210f",
|
||
|
"x-misp-attribute--56f44a84-2a24-4375-8d54-4623950d210f",
|
||
|
"x-misp-attribute--56f44a84-0d70-4ca3-b2c8-4638950d210f",
|
||
|
"x-misp-attribute--56f44a84-8c44-44a7-9ce5-4070950d210f",
|
||
|
"x-misp-attribute--56f44a85-1374-4bf1-aa35-4637950d210f",
|
||
|
"x-misp-attribute--56f44a85-2fd4-4c49-8bde-4361950d210f",
|
||
|
"x-misp-attribute--56f44a85-0c9c-4953-b132-45b4950d210f",
|
||
|
"x-misp-attribute--56f44a85-42cc-4547-9cf9-4062950d210f",
|
||
|
"x-misp-attribute--56f44a86-4cfc-4b9c-bdc3-4581950d210f",
|
||
|
"x-misp-attribute--56f44a86-566c-4c88-ac6d-4b11950d210f",
|
||
|
"indicator--56f44aef-5d90-41b6-ad31-4c4c950d210f",
|
||
|
"indicator--56f44aef-7e58-4c79-99bb-4b81950d210f",
|
||
|
"indicator--56f44aef-dc20-4d01-9602-4380950d210f",
|
||
|
"indicator--56f44af0-2020-4c66-8360-4952950d210f",
|
||
|
"indicator--56f44af0-5a34-42a8-8426-47fa950d210f",
|
||
|
"indicator--56f44af0-f7d0-4823-a54b-43d3950d210f",
|
||
|
"indicator--56f44af1-8b80-4f88-9078-4bfe950d210f",
|
||
|
"indicator--56f44af1-ac98-463e-be8d-48ef950d210f",
|
||
|
"indicator--56f44af1-5d70-4317-8245-4eac950d210f",
|
||
|
"indicator--56f44af1-cf70-401f-9c80-4b6e950d210f",
|
||
|
"indicator--56f44bb9-d190-43a7-b1ca-44ac950d210f",
|
||
|
"indicator--56f44bb9-d964-4ea3-923d-4eb0950d210f",
|
||
|
"indicator--56f44bba-0ce4-4cc3-b768-41bc950d210f",
|
||
|
"indicator--56f44bba-edbc-4e74-a873-44d0950d210f",
|
||
|
"indicator--56f44bbb-0594-4fab-9152-4e76950d210f",
|
||
|
"indicator--56f44bbb-0f88-4d19-b8f6-40e8950d210f",
|
||
|
"indicator--56f44bbc-df7c-4168-9484-468a950d210f",
|
||
|
"indicator--56f44bbd-16ac-4e7a-a92f-4e1a950d210f",
|
||
|
"indicator--56f44bbd-b934-448f-9b5d-431f950d210f",
|
||
|
"indicator--56f44bbe-5330-40ba-892b-4f1c950d210f",
|
||
|
"indicator--56f44bbe-0ca4-41ae-85ce-4c93950d210f",
|
||
|
"indicator--56f44bbf-c4e4-4577-9a4c-480b950d210f",
|
||
|
"indicator--56f44bbf-5b84-4a45-a6dc-4ec4950d210f",
|
||
|
"indicator--56f44bc0-f12c-40c2-95d2-453f950d210f",
|
||
|
"indicator--56f44bc1-5800-4987-8925-4dd5950d210f",
|
||
|
"indicator--56f44bc1-661c-4e8f-b6ea-4e64950d210f",
|
||
|
"indicator--56f44bc2-e230-4088-84dd-4df1950d210f",
|
||
|
"indicator--56f44bc2-e850-4ff2-9a59-45f1950d210f",
|
||
|
"indicator--56f44bc3-9fc8-4f9f-801b-4165950d210f",
|
||
|
"indicator--56f44bc3-fb18-4ead-afc4-4aae950d210f",
|
||
|
"indicator--56f44bc4-7ff4-467e-8a64-413c950d210f",
|
||
|
"indicator--56f44bc5-0f24-4962-a871-4325950d210f",
|
||
|
"indicator--56f44bc5-1174-4f8b-b980-4b2d950d210f",
|
||
|
"indicator--56f44c1e-d71c-4d96-ab23-49d102de0b81",
|
||
|
"indicator--56f44c1f-15a4-4c7e-8931-438302de0b81",
|
||
|
"observed-data--56f44c1f-eb90-4e3c-a88f-43cb02de0b81",
|
||
|
"url--56f44c1f-eb90-4e3c-a88f-43cb02de0b81",
|
||
|
"indicator--56f44c1f-722c-43fb-8d5a-48b202de0b81",
|
||
|
"indicator--56f44c20-09c0-495a-96db-474102de0b81",
|
||
|
"observed-data--56f44c21-9038-46d6-bd51-40d902de0b81",
|
||
|
"url--56f44c21-9038-46d6-bd51-40d902de0b81",
|
||
|
"indicator--56f44c21-1bc0-4c6e-8399-456a02de0b81",
|
||
|
"indicator--56f44c22-4740-4b4d-a75a-47c702de0b81",
|
||
|
"observed-data--56f44c23-33bc-4b9d-b401-4ba402de0b81",
|
||
|
"url--56f44c23-33bc-4b9d-b401-4ba402de0b81",
|
||
|
"indicator--56f44c23-148c-4b85-8d9b-4c0402de0b81",
|
||
|
"indicator--56f44c24-1830-4d67-9aaa-4bc702de0b81",
|
||
|
"observed-data--56f44c24-745c-40b0-a32a-492a02de0b81",
|
||
|
"url--56f44c24-745c-40b0-a32a-492a02de0b81",
|
||
|
"indicator--56f44c25-9c20-4327-8035-423a02de0b81",
|
||
|
"indicator--56f44c26-e7d4-4011-b5fb-400002de0b81",
|
||
|
"observed-data--56f44c26-feb8-4df5-a874-470402de0b81",
|
||
|
"url--56f44c26-feb8-4df5-a874-470402de0b81",
|
||
|
"indicator--56f44c27-7360-419f-9e96-47c002de0b81",
|
||
|
"indicator--56f44c27-394c-4a27-96bd-4dd302de0b81",
|
||
|
"observed-data--56f44c28-f1a4-406e-8d17-422c02de0b81",
|
||
|
"url--56f44c28-f1a4-406e-8d17-422c02de0b81",
|
||
|
"indicator--56f44c29-05dc-41d8-a593-423502de0b81",
|
||
|
"indicator--56f44c29-011c-456d-9430-46e302de0b81",
|
||
|
"observed-data--56f44c2a-c550-4065-a87d-4a7002de0b81",
|
||
|
"url--56f44c2a-c550-4065-a87d-4a7002de0b81",
|
||
|
"indicator--56f44c2a-0658-4b2a-9e88-417102de0b81",
|
||
|
"indicator--56f44c2b-8ad4-497f-8d93-45bf02de0b81",
|
||
|
"observed-data--56f44c2c-9210-413a-8361-4f4a02de0b81",
|
||
|
"url--56f44c2c-9210-413a-8361-4f4a02de0b81",
|
||
|
"indicator--56f44c2c-2218-4f45-9ecf-4f2c02de0b81",
|
||
|
"indicator--56f44c2d-0700-4288-bacc-4d1102de0b81",
|
||
|
"observed-data--56f44c2d-81b0-4674-a438-4a8102de0b81",
|
||
|
"url--56f44c2d-81b0-4674-a438-4a8102de0b81",
|
||
|
"indicator--56f44c2e-f954-49f6-8f0f-49d502de0b81",
|
||
|
"indicator--56f44c2e-1198-4038-afcc-4cd902de0b81",
|
||
|
"observed-data--56f44c2f-9098-453a-b2e6-4de002de0b81",
|
||
|
"url--56f44c2f-9098-453a-b2e6-4de002de0b81",
|
||
|
"indicator--56f44c30-67c0-4aec-9eed-4ec002de0b81",
|
||
|
"indicator--56f44c30-18e4-425f-a63e-46eb02de0b81",
|
||
|
"observed-data--56f44c31-9734-4740-8c14-43f302de0b81",
|
||
|
"url--56f44c31-9734-4740-8c14-43f302de0b81",
|
||
|
"indicator--56f44c32-09cc-4450-8030-428a02de0b81",
|
||
|
"indicator--56f44c32-dab0-42c5-8481-4bb102de0b81",
|
||
|
"observed-data--56f44c33-e36c-45c3-bae5-490502de0b81",
|
||
|
"url--56f44c33-e36c-45c3-bae5-490502de0b81",
|
||
|
"indicator--56f44c34-7060-4402-9630-4bee02de0b81",
|
||
|
"indicator--56f44c34-f6b0-44a4-b4c8-4aec02de0b81",
|
||
|
"observed-data--56f44c35-cf80-4e3b-b4f8-43cf02de0b81",
|
||
|
"url--56f44c35-cf80-4e3b-b4f8-43cf02de0b81",
|
||
|
"indicator--56f44c35-6200-4905-a3a9-418c02de0b81",
|
||
|
"indicator--56f44c36-1540-44b7-86fe-44a202de0b81",
|
||
|
"observed-data--56f44c36-55c0-43cf-8cf7-420602de0b81",
|
||
|
"url--56f44c36-55c0-43cf-8cf7-420602de0b81",
|
||
|
"indicator--56f44c37-5790-4434-a02f-4a8102de0b81",
|
||
|
"indicator--56f44c38-3518-4d93-81b8-4a2902de0b81",
|
||
|
"observed-data--56f44c38-f980-4027-81cf-4c6a02de0b81",
|
||
|
"url--56f44c38-f980-4027-81cf-4c6a02de0b81",
|
||
|
"indicator--56f44c39-6be0-4f6e-84b7-4e4302de0b81",
|
||
|
"indicator--56f44c39-4228-401e-90f3-440d02de0b81",
|
||
|
"observed-data--56f44c3a-b500-4d89-9cb0-46a702de0b81",
|
||
|
"url--56f44c3a-b500-4d89-9cb0-46a702de0b81",
|
||
|
"indicator--56f44c3a-45a0-46ae-bc56-414502de0b81",
|
||
|
"indicator--56f44c3b-527c-4326-9a6c-4b6d02de0b81",
|
||
|
"observed-data--56f44c3b-9024-4248-8dbc-45d802de0b81",
|
||
|
"url--56f44c3b-9024-4248-8dbc-45d802de0b81",
|
||
|
"indicator--56f44c3c-9e50-4722-b2a6-40c002de0b81",
|
||
|
"indicator--56f44c3d-d874-455f-b249-438902de0b81",
|
||
|
"observed-data--56f44c3d-a95c-4d96-8b1f-471c02de0b81",
|
||
|
"url--56f44c3d-a95c-4d96-8b1f-471c02de0b81",
|
||
|
"indicator--56f44c3e-ba80-4176-adf4-428102de0b81",
|
||
|
"indicator--56f44c3e-9128-4a0e-a62d-432c02de0b81",
|
||
|
"observed-data--56f44c3f-128c-4ace-9a11-402302de0b81",
|
||
|
"url--56f44c3f-128c-4ace-9a11-402302de0b81",
|
||
|
"indicator--56f44c3f-1f88-4dbf-9e55-46e502de0b81",
|
||
|
"indicator--56f44c40-8458-479b-b492-48d302de0b81",
|
||
|
"observed-data--56f44c40-7900-457a-9eec-494802de0b81",
|
||
|
"url--56f44c40-7900-457a-9eec-494802de0b81",
|
||
|
"indicator--56f44c41-ff10-4f6c-b70a-4ad602de0b81",
|
||
|
"indicator--56f44c42-a054-400e-a6c8-41c602de0b81",
|
||
|
"observed-data--56f44c42-0b74-4986-aa0b-417302de0b81",
|
||
|
"url--56f44c42-0b74-4986-aa0b-417302de0b81",
|
||
|
"indicator--56f44c43-bddc-4e59-9c6e-4ca202de0b81",
|
||
|
"indicator--56f44c43-86d8-4e38-b071-4b6802de0b81",
|
||
|
"observed-data--56f44c44-e5c0-4b16-8eff-44e202de0b81",
|
||
|
"url--56f44c44-e5c0-4b16-8eff-44e202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f449bc-41d4-4643-800b-4722950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:10:36.000Z",
|
||
|
"modified": "2016-03-24T20:10:36.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"comment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "comment",
|
||
|
"x_misp_value": "Ransomware is often in the headlines as new families are discovered on an almost weekly basis. Historically, these families have shared one similarity \u00e2\u20ac\u201c they have all been deployed by attackers casting a wide net and largely being victim-agnostic. In most cases, the adversaries have used phishing emails and exploit kits in a \u00e2\u20ac\u02dcspray and pray\u00e2\u20ac\u2122 style tactic.\r\n\r\nHowever, in recent months, a new trend seems to be emerging: targeted attacks where ransomware is deployed by threat actors after successfully gaining unauthorized access to an organization\u00e2\u20ac\u2122s network. One malware family seen in such attacks is known as \u00e2\u20ac\u02dcSamSa\u00e2\u20ac\u2122, \u00e2\u20ac\u02dcSamas\u00e2\u20ac\u2122, \u00e2\u20ac\u02dcsamsam\u00e2\u20ac\u2122, or most recently, \u00e2\u20ac\u02dcMOKOPONI\u00e2\u20ac\u2122. Reports on this malware family have previously been published by both Intel Security and Microsoft.\r\n\r\nPalo Alto Networks has collected over 20 samples of this particular malware family, and we have identified over $70,000 USD in Bitcoin payments to the attacker (Cisco Talos yesterday reported this figure to be closer to $115,000 USD). This blog details the evolution of this malware family, which was first witnessed in December 2015, as well as provides various indicators of compromise (IOCs) that can be used by the security community."
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f449d0-a374-4abb-a58d-4668950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:10:56.000Z",
|
||
|
"modified": "2016-03-24T20:10:56.000Z",
|
||
|
"first_observed": "2016-03-24T20:10:56Z",
|
||
|
"last_observed": "2016-03-24T20:10:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f449d0-a374-4abb-a58d-4668950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f449d0-a374-4abb-a58d-4668950d210f",
|
||
|
"value": "http://researchcenter.paloaltonetworks.com/2016/03/evolution-of-samsa-malware-suggests-new-ransomware-tactics-in-play/"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a81-2460-4719-ab16-47d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:53.000Z",
|
||
|
"modified": "2016-03-24T20:13:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1Gmjyb9wd6Ju9phn5tREmLYwPsPFusqEx6"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a81-65c4-45bb-be49-4b78950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:53.000Z",
|
||
|
"modified": "2016-03-24T20:13:53.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1FpZFUGqAkyjAGVgHXhaHrSmThJHxd2a7v"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a82-f890-4703-8d34-4ff3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:54.000Z",
|
||
|
"modified": "2016-03-24T20:13:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "19CbDoaZDLTzkkT1uQrMPM42AUvfQN4Kds"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a82-defc-4edc-968e-475e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:54.000Z",
|
||
|
"modified": "2016-03-24T20:13:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1FESb2caoXp27gEgVhyoCGHSkGhGwkzJbF"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a82-ee80-415b-8091-44bc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:54.000Z",
|
||
|
"modified": "2016-03-24T20:13:54.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1JnxLRQSHkCw5aEhu5VQptUq4XmxntAvL2"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a83-5d6c-40b8-8785-459e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:55.000Z",
|
||
|
"modified": "2016-03-24T20:13:55.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1KVvqPi5QivfH3SKFpFWbeRwjdKREPYoAv"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a83-a97c-497a-8292-4983950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:55.000Z",
|
||
|
"modified": "2016-03-24T20:13:55.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "175wjzT5M7XvYYW447ry4TQmHUfzTrBUcN"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a83-7318-4439-8f24-41f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:55.000Z",
|
||
|
"modified": "2016-03-24T20:13:55.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1Cn4YXWmjARbK459hGQz54g3KTQLB7XYZs"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a83-ad88-4eab-bce4-4939950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:55.000Z",
|
||
|
"modified": "2016-03-24T20:13:55.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1KwgwwWdoL9VFcg9VuCDGBiVZ2LNzGnrov"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a84-2a24-4375-8d54-4623950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:56.000Z",
|
||
|
"modified": "2016-03-24T20:13:56.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1ETLG9xnFwZ1H9xaHz6u4MX8KYvWJesMab"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a84-0d70-4ca3-b2c8-4638950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:56.000Z",
|
||
|
"modified": "2016-03-24T20:13:56.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1D6ScsG2BmZu3VFDEgfnMC6CzjnWtZi6Kj"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a84-8c44-44a7-9ce5-4070950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:56.000Z",
|
||
|
"modified": "2016-03-24T20:13:56.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1C9YUWk2iKAxjdvcysyA1C7xzR7evhr2qA"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a85-1374-4bf1-aa35-4637950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:57.000Z",
|
||
|
"modified": "2016-03-24T20:13:57.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1AFoh41i1s56Tc2cRnwvJv1Hx8YfvbWxbh"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a85-2fd4-4c49-8bde-4361950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:57.000Z",
|
||
|
"modified": "2016-03-24T20:13:57.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "136hcUpNwhpKQQL7iXXWmwUnikX7n98xsL"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a85-0c9c-4953-b132-45b4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:57.000Z",
|
||
|
"modified": "2016-03-24T20:13:57.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1KakTJ8dpYFSnBohLakqMHKonZ4HGo3ur5"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a85-42cc-4547-9cf9-4062950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:57.000Z",
|
||
|
"modified": "2016-03-24T20:13:57.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1FDj6HsedzPNgVKTAHznsHUg4pKnGRarH6"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a86-4cfc-4b9c-bdc3-4581950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:58.000Z",
|
||
|
"modified": "2016-03-24T20:13:58.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "15HUUDBjLD34XfCu6YtafT7ARSt2TBrLBe"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--56f44a86-566c-4c88-ac6d-4b11950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:13:58.000Z",
|
||
|
"modified": "2016-03-24T20:13:58.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"btc\"",
|
||
|
"misp:category=\"Financial fraud\""
|
||
|
],
|
||
|
"x_misp_category": "Financial fraud",
|
||
|
"x_misp_comment": "By tracking the unique BTC addresses found within all of the collected samples, we were able to determine when victims made specific payments. The following table shows payments made to the various BTC wallets:",
|
||
|
"x_misp_type": "btc",
|
||
|
"x_misp_value": "1EzpHEojHsLkHTExyz45Tw6L7FNiaeyZdm"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44aef-5d90-41b6-ad31-4c4c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:43.000Z",
|
||
|
"modified": "2016-03-24T20:15:43.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'zeushelpu.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44aef-7e58-4c79-99bb-4b81950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:43.000Z",
|
||
|
"modified": "2016-03-24T20:15:43.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'lordsecure4u.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44aef-dc20-4d01-9602-4380950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:43.000Z",
|
||
|
"modified": "2016-03-24T20:15:43.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'key88secu7.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44af0-2020-4c66-8360-4952950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:44.000Z",
|
||
|
"modified": "2016-03-24T20:15:44.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'helpbyangel0.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44af0-5a34-42a8-8426-47fa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:44.000Z",
|
||
|
"modified": "2016-03-24T20:15:44.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'payforsecure7.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44af0-f7d0-4823-a54b-43d3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:44.000Z",
|
||
|
"modified": "2016-03-24T20:15:44.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'followsec7.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44af1-8b80-4f88-9078-4bfe950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:45.000Z",
|
||
|
"modified": "2016-03-24T20:15:45.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'union83939k.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44af1-ac98-463e-be8d-48ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:45.000Z",
|
||
|
"modified": "2016-03-24T20:15:45.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'evilsecure9.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44af1-5d70-4317-8245-4eac950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:45.000Z",
|
||
|
"modified": "2016-03-24T20:15:45.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'keytwocode.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44af1-cf70-401f-9c80-4b6e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:15:45.000Z",
|
||
|
"modified": "2016-03-24T20:15:45.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[domain-name:value = 'secangel7d.wordpress.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:15:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bb9-d190-43a7-b1ca-44ac950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:05.000Z",
|
||
|
"modified": "2016-03-24T20:19:05.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'eafe6a35062cc12378c08f9dd10cd396']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bb9-d964-4ea3-923d-4eb0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:05.000Z",
|
||
|
"modified": "2016-03-24T20:19:05.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '2c49a8fdc32be8983c67ea4fd0faac4d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bba-0ce4-4cc3-b768-41bc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:06.000Z",
|
||
|
"modified": "2016-03-24T20:19:06.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '4851e63304b03dc8e941840186c11679']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bba-edbc-4e74-a873-44d0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:06.000Z",
|
||
|
"modified": "2016-03-24T20:19:06.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'be25dffca730684e4db0ed04f809f6c0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbb-0594-4fab-9152-4e76950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:07.000Z",
|
||
|
"modified": "2016-03-24T20:19:07.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '555051b46fe667131d5e873e2e59f1b1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbb-0f88-4d19-b8f6-40e8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:07.000Z",
|
||
|
"modified": "2016-03-24T20:19:07.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '4bdab54848d8fcb10aa9daba62459334']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbc-df7c-4168-9484-468a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:08.000Z",
|
||
|
"modified": "2016-03-24T20:19:08.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'a14ea969014b1145382ffcd508d10156']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbd-16ac-4e7a-a92f-4e1a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:09.000Z",
|
||
|
"modified": "2016-03-24T20:19:09.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'fe998080463665412b65850828bce41f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbd-b934-448f-9b5d-431f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:09.000Z",
|
||
|
"modified": "2016-03-24T20:19:09.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'acaafbd881b130aba95ccbc2689f07db']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbe-5330-40ba-892b-4f1c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:10.000Z",
|
||
|
"modified": "2016-03-24T20:19:10.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '5fd2db03fffa15744274e61479cc7ce1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbe-0ca4-41ae-85ce-4c93950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:10.000Z",
|
||
|
"modified": "2016-03-24T20:19:10.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'e26c6a20139f7a45e94ce0b16e62bd03']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbf-c4e4-4577-9a4c-480b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:11.000Z",
|
||
|
"modified": "2016-03-24T20:19:11.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = 'def637beb3911dce96fda8cdd36c1985']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bbf-5b84-4a45-a6dc-4ec4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:11.000Z",
|
||
|
"modified": "2016-03-24T20:19:11.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '14721036e16587594ad950d4f2db5f27']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc0-f12c-40c2-95d2-453f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:12.000Z",
|
||
|
"modified": "2016-03-24T20:19:12.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '3e2642aa59753ecbe82514daf2ea4e88']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc1-5800-4987-8925-4dd5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:13.000Z",
|
||
|
"modified": "2016-03-24T20:19:13.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '64082dd282a8ca6b9b7c71de14a827c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc1-661c-4e8f-b6ea-4e64950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:13.000Z",
|
||
|
"modified": "2016-03-24T20:19:13.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '7eee34be62b3d03c8c9d697b1fe6d8a8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc2-e230-4088-84dd-4df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:14.000Z",
|
||
|
"modified": "2016-03-24T20:19:14.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '4c8fb28a68168430fd447ba1b92f4f42']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc2-e850-4ff2-9a59-45f1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:14.000Z",
|
||
|
"modified": "2016-03-24T20:19:14.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '1e22c58a8b677fac51cf6c1d2cd1a0e2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc3-9fc8-4f9f-801b-4165950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:15.000Z",
|
||
|
"modified": "2016-03-24T20:19:15.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '9585f0c7dc287d07755e6818e1fa204c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc3-fb18-4ead-afc4-4aae950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:15.000Z",
|
||
|
"modified": "2016-03-24T20:19:15.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '43049c582db85b94feed9afa7419d78c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc4-7ff4-467e-8a64-413c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:16.000Z",
|
||
|
"modified": "2016-03-24T20:19:16.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '02dce579d95a57f9e5ca0cde800dfb0f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc5-0f24-4962-a871-4325950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:17.000Z",
|
||
|
"modified": "2016-03-24T20:19:17.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '868c351e29be8c6c1edde315505d938b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44bc5-1174-4f8b-b980-4b2d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:19:17.000Z",
|
||
|
"modified": "2016-03-24T20:19:17.000Z",
|
||
|
"description": "Imported via the freetext import.",
|
||
|
"pattern": "[file:hashes.MD5 = '0d2505ce7838bb22fcd973bf3895fd27']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:19:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c1e-d71c-4d96-ab23-49d102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:46.000Z",
|
||
|
"modified": "2016-03-24T20:20:46.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 0d2505ce7838bb22fcd973bf3895fd27",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ffef0f1c2df157e9c2ee65a12d5b7b0f1301c4da22e7e7f3eac6b03c6487a626']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c1f-15a4-4c7e-8931-438302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:47.000Z",
|
||
|
"modified": "2016-03-24T20:20:47.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 0d2505ce7838bb22fcd973bf3895fd27",
|
||
|
"pattern": "[file:hashes.SHA1 = '98e3df3ec24b88bbec95af7472085088230dd70e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c1f-eb90-4e3c-a88f-43cb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:47.000Z",
|
||
|
"modified": "2016-03-24T20:20:47.000Z",
|
||
|
"first_observed": "2016-03-24T20:20:47Z",
|
||
|
"last_observed": "2016-03-24T20:20:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c1f-eb90-4e3c-a88f-43cb02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c1f-eb90-4e3c-a88f-43cb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ffef0f1c2df157e9c2ee65a12d5b7b0f1301c4da22e7e7f3eac6b03c6487a626/analysis/1457349371/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c1f-722c-43fb-8d5a-48b202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:47.000Z",
|
||
|
"modified": "2016-03-24T20:20:47.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 868c351e29be8c6c1edde315505d938b",
|
||
|
"pattern": "[file:hashes.SHA256 = '58ef87523184d5df3ed1568397cea65b3f44df06c73eadeb5d90faebe4390e3e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c20-09c0-495a-96db-474102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:48.000Z",
|
||
|
"modified": "2016-03-24T20:20:48.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 868c351e29be8c6c1edde315505d938b",
|
||
|
"pattern": "[file:hashes.SHA1 = '8fb40188f21eb689deffb36438fac45bfed5c2ca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c21-9038-46d6-bd51-40d902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:49.000Z",
|
||
|
"modified": "2016-03-24T20:20:49.000Z",
|
||
|
"first_observed": "2016-03-24T20:20:49Z",
|
||
|
"last_observed": "2016-03-24T20:20:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c21-9038-46d6-bd51-40d902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c21-9038-46d6-bd51-40d902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/58ef87523184d5df3ed1568397cea65b3f44df06c73eadeb5d90faebe4390e3e/analysis/1457349903/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c21-1bc0-4c6e-8399-456a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:49.000Z",
|
||
|
"modified": "2016-03-24T20:20:49.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 02dce579d95a57f9e5ca0cde800dfb0f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e682ac6b874e0a6cfc5ff88798315b2cb822d165a7e6f72a5eb74e6da451e155']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c22-4740-4b4d-a75a-47c702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:50.000Z",
|
||
|
"modified": "2016-03-24T20:20:50.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 02dce579d95a57f9e5ca0cde800dfb0f",
|
||
|
"pattern": "[file:hashes.SHA1 = '26d53045468df4f8238306f9e68e7a4283249e40']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c23-33bc-4b9d-b401-4ba402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:51.000Z",
|
||
|
"modified": "2016-03-24T20:20:51.000Z",
|
||
|
"first_observed": "2016-03-24T20:20:51Z",
|
||
|
"last_observed": "2016-03-24T20:20:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c23-33bc-4b9d-b401-4ba402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c23-33bc-4b9d-b401-4ba402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e682ac6b874e0a6cfc5ff88798315b2cb822d165a7e6f72a5eb74e6da451e155/analysis/1456877831/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c23-148c-4b85-8d9b-4c0402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:51.000Z",
|
||
|
"modified": "2016-03-24T20:20:51.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 43049c582db85b94feed9afa7419d78c",
|
||
|
"pattern": "[file:hashes.SHA256 = '946dd4c4f3c78e7e4819a712c7fd6497722a3d616d33e3306a556a9dc99656f4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c24-1830-4d67-9aaa-4bc702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:52.000Z",
|
||
|
"modified": "2016-03-24T20:20:52.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 43049c582db85b94feed9afa7419d78c",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ab94ea814ca7cedc4e43d0ff3c646b762f527b13']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c24-745c-40b0-a32a-492a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:52.000Z",
|
||
|
"modified": "2016-03-24T20:20:52.000Z",
|
||
|
"first_observed": "2016-03-24T20:20:52Z",
|
||
|
"last_observed": "2016-03-24T20:20:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c24-745c-40b0-a32a-492a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c24-745c-40b0-a32a-492a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/946dd4c4f3c78e7e4819a712c7fd6497722a3d616d33e3306a556a9dc99656f4/analysis/1457349598/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c25-9c20-4327-8035-423a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:53.000Z",
|
||
|
"modified": "2016-03-24T20:20:53.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 9585f0c7dc287d07755e6818e1fa204c",
|
||
|
"pattern": "[file:hashes.SHA256 = '45e00fe90c8aa8578fce2b305840e368d62578c77e352974da6b8f8bc895d75b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c26-e7d4-4011-b5fb-400002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:54.000Z",
|
||
|
"modified": "2016-03-24T20:20:54.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 9585f0c7dc287d07755e6818e1fa204c",
|
||
|
"pattern": "[file:hashes.SHA1 = '3a4f16238ec07b39873f3ca26a0d9e94fa8835fa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c26-feb8-4df5-a874-470402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:54.000Z",
|
||
|
"modified": "2016-03-24T20:20:54.000Z",
|
||
|
"first_observed": "2016-03-24T20:20:54Z",
|
||
|
"last_observed": "2016-03-24T20:20:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c26-feb8-4df5-a874-470402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c26-feb8-4df5-a874-470402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/45e00fe90c8aa8578fce2b305840e368d62578c77e352974da6b8f8bc895d75b/analysis/1456847427/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c27-7360-419f-9e96-47c002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:55.000Z",
|
||
|
"modified": "2016-03-24T20:20:55.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 1e22c58a8b677fac51cf6c1d2cd1a0e2",
|
||
|
"pattern": "[file:hashes.SHA256 = '939efdc272e8636fd63c1b58c2eec94cf10299cd2de30c329bd5378b6bbbd1c8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c27-394c-4a27-96bd-4dd302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:55.000Z",
|
||
|
"modified": "2016-03-24T20:20:55.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 1e22c58a8b677fac51cf6c1d2cd1a0e2",
|
||
|
"pattern": "[file:hashes.SHA1 = '32a2d1a9d91ce7d9c130a9b0616c40ac4003355d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c28-f1a4-406e-8d17-422c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:56.000Z",
|
||
|
"modified": "2016-03-24T20:20:56.000Z",
|
||
|
"first_observed": "2016-03-24T20:20:56Z",
|
||
|
"last_observed": "2016-03-24T20:20:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c28-f1a4-406e-8d17-422c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c28-f1a4-406e-8d17-422c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/939efdc272e8636fd63c1b58c2eec94cf10299cd2de30c329bd5378b6bbbd1c8/analysis/1457349437/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c29-05dc-41d8-a593-423502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:57.000Z",
|
||
|
"modified": "2016-03-24T20:20:57.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4c8fb28a68168430fd447ba1b92f4f42",
|
||
|
"pattern": "[file:hashes.SHA256 = '6bc2aa391b8ef260e79b99409e44011874630c2631e4487e82b76e5cb0a49307']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c29-011c-456d-9430-46e302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:57.000Z",
|
||
|
"modified": "2016-03-24T20:20:57.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4c8fb28a68168430fd447ba1b92f4f42",
|
||
|
"pattern": "[file:hashes.SHA1 = 'dfa673bfbf644eaef6dc6c70ff8db4ceed2db8f1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c2a-c550-4065-a87d-4a7002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:58.000Z",
|
||
|
"modified": "2016-03-24T20:20:58.000Z",
|
||
|
"first_observed": "2016-03-24T20:20:58Z",
|
||
|
"last_observed": "2016-03-24T20:20:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c2a-c550-4065-a87d-4a7002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c2a-c550-4065-a87d-4a7002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6bc2aa391b8ef260e79b99409e44011874630c2631e4487e82b76e5cb0a49307/analysis/1457349654/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c2a-0658-4b2a-9e88-417102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:58.000Z",
|
||
|
"modified": "2016-03-24T20:20:58.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 64082dd282a8ca6b9b7c71de14a827c4",
|
||
|
"pattern": "[file:hashes.SHA256 = '76dec6a3719af5265d35e3fa9793972b96ca25a1d70a82a4ca0c28619051f48b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c2b-8ad4-497f-8d93-45bf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:20:59.000Z",
|
||
|
"modified": "2016-03-24T20:20:59.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 64082dd282a8ca6b9b7c71de14a827c4",
|
||
|
"pattern": "[file:hashes.SHA1 = '0897ff3bdddacf825eb5643a2a43e7172b955445']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:20:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c2c-9210-413a-8361-4f4a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:00.000Z",
|
||
|
"modified": "2016-03-24T20:21:00.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:00Z",
|
||
|
"last_observed": "2016-03-24T20:21:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c2c-9210-413a-8361-4f4a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c2c-9210-413a-8361-4f4a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/76dec6a3719af5265d35e3fa9793972b96ca25a1d70a82a4ca0c28619051f48b/analysis/1458403242/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c2c-2218-4f45-9ecf-4f2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:00.000Z",
|
||
|
"modified": "2016-03-24T20:21:00.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 3e2642aa59753ecbe82514daf2ea4e88",
|
||
|
"pattern": "[file:hashes.SHA256 = '979692a34201f9fc1e1c44654dc8074a82000946deedfdf6b8985827da992868']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c2d-0700-4288-bacc-4d1102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:01.000Z",
|
||
|
"modified": "2016-03-24T20:21:01.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 3e2642aa59753ecbe82514daf2ea4e88",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ac82585db4e6c30cc66d94b5a4aa94f7ab52acf0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c2d-81b0-4674-a438-4a8102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:01.000Z",
|
||
|
"modified": "2016-03-24T20:21:01.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:01Z",
|
||
|
"last_observed": "2016-03-24T20:21:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c2d-81b0-4674-a438-4a8102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c2d-81b0-4674-a438-4a8102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/979692a34201f9fc1e1c44654dc8074a82000946deedfdf6b8985827da992868/analysis/1457349565/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c2e-f954-49f6-8f0f-49d502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:02.000Z",
|
||
|
"modified": "2016-03-24T20:21:02.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 14721036e16587594ad950d4f2db5f27",
|
||
|
"pattern": "[file:hashes.SHA256 = '7aa585e6fd0a895c295c4bea2ddb071eed1e5775f437602b577a54eef7f61044']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c2e-1198-4038-afcc-4cd902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:02.000Z",
|
||
|
"modified": "2016-03-24T20:21:02.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 14721036e16587594ad950d4f2db5f27",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ed1797c282f0817d2ad8f878f8dd50ab062501ac']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c2f-9098-453a-b2e6-4de002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:03.000Z",
|
||
|
"modified": "2016-03-24T20:21:03.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:03Z",
|
||
|
"last_observed": "2016-03-24T20:21:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c2f-9098-453a-b2e6-4de002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c2f-9098-453a-b2e6-4de002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7aa585e6fd0a895c295c4bea2ddb071eed1e5775f437602b577a54eef7f61044/analysis/1458831084/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c30-67c0-4aec-9eed-4ec002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:04.000Z",
|
||
|
"modified": "2016-03-24T20:21:04.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: def637beb3911dce96fda8cdd36c1985",
|
||
|
"pattern": "[file:hashes.SHA256 = '5e7ab76187c73780cd53a6e2b9d0c9b4767172543ee56e7dc8cf4e8093fc6729']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c30-18e4-425f-a63e-46eb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:04.000Z",
|
||
|
"modified": "2016-03-24T20:21:04.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: def637beb3911dce96fda8cdd36c1985",
|
||
|
"pattern": "[file:hashes.SHA1 = '9511c013de60e29c770f997d58f96bcee9d1dca8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c31-9734-4740-8c14-43f302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:05.000Z",
|
||
|
"modified": "2016-03-24T20:21:05.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:05Z",
|
||
|
"last_observed": "2016-03-24T20:21:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c31-9734-4740-8c14-43f302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c31-9734-4740-8c14-43f302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5e7ab76187c73780cd53a6e2b9d0c9b4767172543ee56e7dc8cf4e8093fc6729/analysis/1458404392/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c32-09cc-4450-8030-428a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:06.000Z",
|
||
|
"modified": "2016-03-24T20:21:06.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: e26c6a20139f7a45e94ce0b16e62bd03",
|
||
|
"pattern": "[file:hashes.SHA256 = '89b4abb78970cd524dd887053d5bcd982534558efdf25c83f96e13b56b4ee805']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c32-dab0-42c5-8481-4bb102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:06.000Z",
|
||
|
"modified": "2016-03-24T20:21:06.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: e26c6a20139f7a45e94ce0b16e62bd03",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c6d7c27070a3838e2b6ac7e97e996b0fe6560fe2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c33-e36c-45c3-bae5-490502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:07.000Z",
|
||
|
"modified": "2016-03-24T20:21:07.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:07Z",
|
||
|
"last_observed": "2016-03-24T20:21:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c33-e36c-45c3-bae5-490502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c33-e36c-45c3-bae5-490502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/89b4abb78970cd524dd887053d5bcd982534558efdf25c83f96e13b56b4ee805/analysis/1456523852/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c34-7060-4402-9630-4bee02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:08.000Z",
|
||
|
"modified": "2016-03-24T20:21:08.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 5fd2db03fffa15744274e61479cc7ce1",
|
||
|
"pattern": "[file:hashes.SHA256 = '47f9d6aa6e14e20efa8732ed9228e1806316c31a2fa5a359f30693c3ccbf0340']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c34-f6b0-44a4-b4c8-4aec02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:08.000Z",
|
||
|
"modified": "2016-03-24T20:21:08.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 5fd2db03fffa15744274e61479cc7ce1",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c9ff43b7c169d6a1dd0a59aef4c2a532594ecffa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c35-cf80-4e3b-b4f8-43cf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:09.000Z",
|
||
|
"modified": "2016-03-24T20:21:09.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:09Z",
|
||
|
"last_observed": "2016-03-24T20:21:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c35-cf80-4e3b-b4f8-43cf02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c35-cf80-4e3b-b4f8-43cf02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/47f9d6aa6e14e20efa8732ed9228e1806316c31a2fa5a359f30693c3ccbf0340/analysis/1458713622/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c35-6200-4905-a3a9-418c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:09.000Z",
|
||
|
"modified": "2016-03-24T20:21:09.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: acaafbd881b130aba95ccbc2689f07db",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f92bf62e6ab099fb2817e0c598b8fdf2882de464205da09fcd2937691a160f0c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c36-1540-44b7-86fe-44a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:10.000Z",
|
||
|
"modified": "2016-03-24T20:21:10.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: acaafbd881b130aba95ccbc2689f07db",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cab95f6889b75e2e564e7f225fbd577d23acb1cc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c36-55c0-43cf-8cf7-420602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:10.000Z",
|
||
|
"modified": "2016-03-24T20:21:10.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:10Z",
|
||
|
"last_observed": "2016-03-24T20:21:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c36-55c0-43cf-8cf7-420602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c36-55c0-43cf-8cf7-420602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f92bf62e6ab099fb2817e0c598b8fdf2882de464205da09fcd2937691a160f0c/analysis/1456864210/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c37-5790-4434-a02f-4a8102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:11.000Z",
|
||
|
"modified": "2016-03-24T20:21:11.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: fe998080463665412b65850828bce41f",
|
||
|
"pattern": "[file:hashes.SHA256 = '036071786d7db553e2415ec2e71f3967baf51bdc31d0a640aa4afb87d3ce3050']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c38-3518-4d93-81b8-4a2902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:12.000Z",
|
||
|
"modified": "2016-03-24T20:21:12.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: fe998080463665412b65850828bce41f",
|
||
|
"pattern": "[file:hashes.SHA1 = '203bb8ec1da6b237a092bab71fa090849c7db9bd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c38-f980-4027-81cf-4c6a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:12.000Z",
|
||
|
"modified": "2016-03-24T20:21:12.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:12Z",
|
||
|
"last_observed": "2016-03-24T20:21:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c38-f980-4027-81cf-4c6a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c38-f980-4027-81cf-4c6a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/036071786d7db553e2415ec2e71f3967baf51bdc31d0a640aa4afb87d3ce3050/analysis/1458770621/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c39-6be0-4f6e-84b7-4e4302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:13.000Z",
|
||
|
"modified": "2016-03-24T20:21:13.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: a14ea969014b1145382ffcd508d10156",
|
||
|
"pattern": "[file:hashes.SHA256 = '0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c39-4228-401e-90f3-440d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:13.000Z",
|
||
|
"modified": "2016-03-24T20:21:13.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: a14ea969014b1145382ffcd508d10156",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ff6aa732320d21697024994944cf66f7c553c9cd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c3a-b500-4d89-9cb0-46a702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:14.000Z",
|
||
|
"modified": "2016-03-24T20:21:14.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:14Z",
|
||
|
"last_observed": "2016-03-24T20:21:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c3a-b500-4d89-9cb0-46a702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c3a-b500-4d89-9cb0-46a702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac/analysis/1458163392/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c3a-45a0-46ae-bc56-414502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:14.000Z",
|
||
|
"modified": "2016-03-24T20:21:14.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4bdab54848d8fcb10aa9daba62459334",
|
||
|
"pattern": "[file:hashes.SHA256 = '362b1db3a7a36cbcf73554f0dbf63450d99e7f1e2b58b6d9bc375da080bdde30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c3b-527c-4326-9a6c-4b6d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:15.000Z",
|
||
|
"modified": "2016-03-24T20:21:15.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4bdab54848d8fcb10aa9daba62459334",
|
||
|
"pattern": "[file:hashes.SHA1 = '0fa77687cb28a5c2397ee453c2c817f5978750ae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c3b-9024-4248-8dbc-45d802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:15.000Z",
|
||
|
"modified": "2016-03-24T20:21:15.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:15Z",
|
||
|
"last_observed": "2016-03-24T20:21:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c3b-9024-4248-8dbc-45d802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c3b-9024-4248-8dbc-45d802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/362b1db3a7a36cbcf73554f0dbf63450d99e7f1e2b58b6d9bc375da080bdde30/analysis/1458656397/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c3c-9e50-4722-b2a6-40c002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:16.000Z",
|
||
|
"modified": "2016-03-24T20:21:16.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 555051b46fe667131d5e873e2e59f1b1",
|
||
|
"pattern": "[file:hashes.SHA256 = 'de5f8d5ce7b5d86bf0207bfe085535352690fc17a156e46950891ef906f2742e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c3d-d874-455f-b249-438902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:17.000Z",
|
||
|
"modified": "2016-03-24T20:21:17.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 555051b46fe667131d5e873e2e59f1b1",
|
||
|
"pattern": "[file:hashes.SHA1 = '11fab48b4da27c19fcef67de98c3d1ea187d7f27']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c3d-a95c-4d96-8b1f-471c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:17.000Z",
|
||
|
"modified": "2016-03-24T20:21:17.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:17Z",
|
||
|
"last_observed": "2016-03-24T20:21:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c3d-a95c-4d96-8b1f-471c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c3d-a95c-4d96-8b1f-471c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/de5f8d5ce7b5d86bf0207bfe085535352690fc17a156e46950891ef906f2742e/analysis/1457813529/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c3e-ba80-4176-adf4-428102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:18.000Z",
|
||
|
"modified": "2016-03-24T20:21:18.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: be25dffca730684e4db0ed04f809f6c0",
|
||
|
"pattern": "[file:hashes.SHA256 = '337b0532c035d5ff7575d749742029a1f86461d2391a324194086be1558f0413']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c3e-9128-4a0e-a62d-432c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:18.000Z",
|
||
|
"modified": "2016-03-24T20:21:18.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: be25dffca730684e4db0ed04f809f6c0",
|
||
|
"pattern": "[file:hashes.SHA1 = '4476e9dc1b397f89fa2e1ec5256fced6dcaff686']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c3f-128c-4ace-9a11-402302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:19.000Z",
|
||
|
"modified": "2016-03-24T20:21:19.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:19Z",
|
||
|
"last_observed": "2016-03-24T20:21:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c3f-128c-4ace-9a11-402302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c3f-128c-4ace-9a11-402302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/337b0532c035d5ff7575d749742029a1f86461d2391a324194086be1558f0413/analysis/1457427358/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c3f-1f88-4dbf-9e55-46e502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:19.000Z",
|
||
|
"modified": "2016-03-24T20:21:19.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4851e63304b03dc8e941840186c11679",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a763ed678a52f77a7b75d55010124a8fccf1628eb4f7a815c6d635034227177e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c40-8458-479b-b492-48d302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:20.000Z",
|
||
|
"modified": "2016-03-24T20:21:20.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 4851e63304b03dc8e941840186c11679",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bedde43e8c9dc1efbd4171b071cc7697dd25ea7f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c40-7900-457a-9eec-494802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:20.000Z",
|
||
|
"modified": "2016-03-24T20:21:20.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:20Z",
|
||
|
"last_observed": "2016-03-24T20:21:20Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c40-7900-457a-9eec-494802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c40-7900-457a-9eec-494802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a763ed678a52f77a7b75d55010124a8fccf1628eb4f7a815c6d635034227177e/analysis/1457349629/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c41-ff10-4f6c-b70a-4ad602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:21.000Z",
|
||
|
"modified": "2016-03-24T20:21:21.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 2c49a8fdc32be8983c67ea4fd0faac4d",
|
||
|
"pattern": "[file:hashes.SHA256 = '7e69b0c6b97c2e116e492f641c836d9d36093cefa3ed7ee53fcaa052bedcde53']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c42-a054-400e-a6c8-41c602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:22.000Z",
|
||
|
"modified": "2016-03-24T20:21:22.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: 2c49a8fdc32be8983c67ea4fd0faac4d",
|
||
|
"pattern": "[file:hashes.SHA1 = '3112e834d6c0b099e13d03bcec60dc154a84154f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c42-0b74-4986-aa0b-417302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:22.000Z",
|
||
|
"modified": "2016-03-24T20:21:22.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:22Z",
|
||
|
"last_observed": "2016-03-24T20:21:22Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c42-0b74-4986-aa0b-417302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c42-0b74-4986-aa0b-417302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7e69b0c6b97c2e116e492f641c836d9d36093cefa3ed7ee53fcaa052bedcde53/analysis/1458412977/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c43-bddc-4e59-9c6e-4ca202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:23.000Z",
|
||
|
"modified": "2016-03-24T20:21:23.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: eafe6a35062cc12378c08f9dd10cd396",
|
||
|
"pattern": "[file:hashes.SHA256 = '428f90a146c739f331669cae258a806622679ba1f1403df076ccaed025d8d60f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56f44c43-86d8-4e38-b071-4b6802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:23.000Z",
|
||
|
"modified": "2016-03-24T20:21:23.000Z",
|
||
|
"description": "Imported via the freetext import. - Xchecked via VT: eafe6a35062cc12378c08f9dd10cd396",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd8ca16075767e5c2347cfbe62cf96c6d75df84de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-03-24T20:21:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--56f44c44-e5c0-4b16-8eff-44e202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-03-24T20:21:24.000Z",
|
||
|
"modified": "2016-03-24T20:21:24.000Z",
|
||
|
"first_observed": "2016-03-24T20:21:24Z",
|
||
|
"last_observed": "2016-03-24T20:21:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--56f44c44-e5c0-4b16-8eff-44e202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--56f44c44-e5c0-4b16-8eff-44e202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/428f90a146c739f331669cae258a806622679ba1f1403df076ccaed025d8d60f/analysis/1457813540/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|