misp-circl-feed/feeds/circl/stix-2.1/570c9451-ec50-4ecc-b031-47b4950d210f.json

1124 lines
49 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--570c9451-ec50-4ecc-b031-47b4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:01.000Z",
"modified": "2016-04-12T07:02:01.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--570c9451-ec50-4ecc-b031-47b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:01.000Z",
"modified": "2016-04-12T07:02:01.000Z",
"name": "OSINT - New Locky Variant Implements Evasion Techniques",
"published": "2016-04-12T07:03:29Z",
"object_refs": [
"observed-data--570c9481-4494-46ca-8e1c-4786950d210f",
"url--570c9481-4494-46ca-8e1c-4786950d210f",
"x-misp-attribute--570c9491-25e4-444a-908a-4f6f950d210f",
"indicator--570c9d58-bdb8-44a3-bf86-430f950d210f",
"indicator--570c9d58-4dfc-4c71-adb5-4fd9950d210f",
"indicator--570c9d58-c0e8-4224-88f7-4b29950d210f",
"indicator--570c9d59-78b8-4656-b296-4ec1950d210f",
"indicator--570c9d59-401c-4127-9ce6-4bfb950d210f",
"indicator--570c9d5a-2f18-4044-93b5-4ad0950d210f",
"indicator--570c9d5a-4d48-46f5-81f3-484a950d210f",
"indicator--570c9d5a-b614-4327-b70d-4c76950d210f",
"indicator--570c9d5b-31d8-4216-ba1c-4782950d210f",
"indicator--570c9d5b-7114-42d6-b606-48b7950d210f",
"indicator--570c9d5b-4004-4d49-9ebe-4dd2950d210f",
"indicator--570c9d69-deac-40cc-a8ab-434502de0b81",
"indicator--570c9d69-413c-4c5c-a624-497f02de0b81",
"observed-data--570c9d69-599c-46bb-93ae-47a402de0b81",
"url--570c9d69-599c-46bb-93ae-47a402de0b81",
"indicator--570c9d6a-5670-4c74-a38f-4b9502de0b81",
"indicator--570c9d6a-0840-4603-8eb0-4ede02de0b81",
"observed-data--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
"url--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
"indicator--570c9d6b-07f8-4bfe-ab59-48d302de0b81",
"indicator--570c9d6b-d740-4b20-8476-40c202de0b81",
"observed-data--570c9d6b-7534-4119-88f2-40a102de0b81",
"url--570c9d6b-7534-4119-88f2-40a102de0b81",
"indicator--570c9d6b-8278-455e-ac9f-4a7a02de0b81",
"indicator--570c9d6c-464c-433a-909c-4f6d02de0b81",
"observed-data--570c9d6c-4eac-4223-83be-49c802de0b81",
"url--570c9d6c-4eac-4223-83be-49c802de0b81",
"indicator--570c9d6d-4c88-4759-b81c-433402de0b81",
"indicator--570c9d6d-22ac-402c-ab98-4a6602de0b81",
"observed-data--570c9d6d-0e78-423b-91eb-480302de0b81",
"url--570c9d6d-0e78-423b-91eb-480302de0b81",
"indicator--570c9d6e-f308-4bcc-98a8-47cf02de0b81",
"indicator--570c9d6e-db38-4f2f-aa28-46ba02de0b81",
"observed-data--570c9d6e-ac6c-4287-8f7a-474402de0b81",
"url--570c9d6e-ac6c-4287-8f7a-474402de0b81",
"indicator--570c9d6e-22e8-4fca-b406-48d602de0b81",
"indicator--570c9d6f-0410-4443-8036-48a802de0b81",
"observed-data--570c9d6f-cfa8-402c-a027-42c802de0b81",
"url--570c9d6f-cfa8-402c-a027-42c802de0b81",
"indicator--570c9d6f-ab88-4ce2-8f07-4c7702de0b81",
"indicator--570c9d70-3bd4-41c1-9e82-437f02de0b81",
"observed-data--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
"url--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
"indicator--570c9d70-d444-4f7a-8d3b-4c0a02de0b81",
"indicator--570c9d71-007c-4df4-a1db-47ba02de0b81",
"observed-data--570c9d71-864c-4ae7-af74-42a802de0b81",
"url--570c9d71-864c-4ae7-af74-42a802de0b81",
"indicator--570c9d71-1c64-46b8-be3e-4dc302de0b81",
"indicator--570c9d71-faa8-4253-95ce-4fa002de0b81",
"observed-data--570c9d72-7658-4ae1-a57c-4ce402de0b81",
"url--570c9d72-7658-4ae1-a57c-4ce402de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"malware_classification:malware-category=\"Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9481-4494-46ca-8e1c-4786950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T06:24:01.000Z",
"modified": "2016-04-12T06:24:01.000Z",
"first_observed": "2016-04-12T06:24:01Z",
"last_observed": "2016-04-12T06:24:01Z",
"number_observed": 1,
"object_refs": [
"url--570c9481-4494-46ca-8e1c-4786950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9481-4494-46ca-8e1c-4786950d210f",
"value": "http://blog.checkpoint.com/2016/04/11/new-locky-variant-implements-evasion-techniques/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--570c9491-25e4-444a-908a-4f6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T06:24:17.000Z",
"modified": "2016-04-12T06:24:17.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Following Check Point\u00e2\u20ac\u2122s recent discovery of a new communication scheme implemented by the Locky ransomware, our research teams decided to take a closer look at the inner workings of this new variant and map any new features it introduces.\r\n\r\nWhen Locky first appeared, we thoroughly analyzed its logic, like many other industry researchers. Our analysis showed that while not very sophisticated, Locky is a very efficient malware with a solid functionality and encryption algorithms. Judging by the amount of victim reports and detections generated by Locky in the past month alone, it is safe to say our observation was indeed correct.\r\n\r\nLocky\u00e2\u20ac\u2122s major drawback is not in its code, but rather in the quick and effective response by the security industry. Many successful security detections, on almost any possible security platform, caused the actors behind Locky to miss out on potential victims, as the malware was blocked from execution or even blocked altogether by internet gateways, not reaching the victim\u00e2\u20ac\u2122s computer at all. The changes we observed in this new Locky variant clearly show the Locky creators are very much aware of this fact, and therefore increased their efforts to evade security controls to gain a higher infection rate."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d58-bdb8-44a3-bf86-430f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:44.000Z",
"modified": "2016-04-12T07:01:44.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = '8f708c299215e2d0e8ce557c96ec771acdbbfffa46a25330caa61fe841e23877']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d58-4dfc-4c71-adb5-4fd9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:44.000Z",
"modified": "2016-04-12T07:01:44.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = '003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d58-c0e8-4224-88f7-4b29950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:44.000Z",
"modified": "2016-04-12T07:01:44.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = '2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d59-78b8-4656-b296-4ec1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:45.000Z",
"modified": "2016-04-12T07:01:45.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = '5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d59-401c-4127-9ce6-4bfb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:45.000Z",
"modified": "2016-04-12T07:01:45.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = '588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d5a-2f18-4044-93b5-4ad0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:46.000Z",
"modified": "2016-04-12T07:01:46.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = '64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d5a-4d48-46f5-81f3-484a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:46.000Z",
"modified": "2016-04-12T07:01:46.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = 'a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d5a-b614-4327-b70d-4c76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:46.000Z",
"modified": "2016-04-12T07:01:46.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = 'a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d5b-31d8-4216-ba1c-4782950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:47.000Z",
"modified": "2016-04-12T07:01:47.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = 'abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d5b-7114-42d6-b606-48b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:47.000Z",
"modified": "2016-04-12T07:01:47.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = 'e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d5b-4004-4d49-9ebe-4dd2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:01:47.000Z",
"modified": "2016-04-12T07:01:47.000Z",
"description": "Sample",
"pattern": "[file:hashes.SHA256 = 'f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:01:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d69-deac-40cc-a8ab-434502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:01.000Z",
"modified": "2016-04-12T07:02:01.000Z",
"description": "Sample - Xchecked via VT: f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e",
"pattern": "[file:hashes.SHA1 = '16cc2d7f4892114c2d6c2a134e923e693868c711']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d69-413c-4c5c-a624-497f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:01.000Z",
"modified": "2016-04-12T07:02:01.000Z",
"description": "Sample - Xchecked via VT: f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e",
"pattern": "[file:hashes.MD5 = 'b686846507cfdbf480e8002ca12ad2f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d69-599c-46bb-93ae-47a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:01.000Z",
"modified": "2016-04-12T07:02:01.000Z",
"first_observed": "2016-04-12T07:02:01Z",
"last_observed": "2016-04-12T07:02:01Z",
"number_observed": 1,
"object_refs": [
"url--570c9d69-599c-46bb-93ae-47a402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d69-599c-46bb-93ae-47a402de0b81",
"value": "https://www.virustotal.com/file/f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e/analysis/1460375902/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6a-5670-4c74-a38f-4b9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:02.000Z",
"modified": "2016-04-12T07:02:02.000Z",
"description": "Sample - Xchecked via VT: e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691",
"pattern": "[file:hashes.SHA1 = '9d4f5902806c4030e6aa1f89f4a5b30f871b34d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6a-0840-4603-8eb0-4ede02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:02.000Z",
"modified": "2016-04-12T07:02:02.000Z",
"description": "Sample - Xchecked via VT: e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691",
"pattern": "[file:hashes.MD5 = '4baa17713e2937d31aaaa327ee4af83a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:02.000Z",
"modified": "2016-04-12T07:02:02.000Z",
"first_observed": "2016-04-12T07:02:02Z",
"last_observed": "2016-04-12T07:02:02Z",
"number_observed": 1,
"object_refs": [
"url--570c9d6a-f8dc-4480-a3e9-433b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
"value": "https://www.virustotal.com/file/e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691/analysis/1460405757/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6b-07f8-4bfe-ab59-48d302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:03.000Z",
"modified": "2016-04-12T07:02:03.000Z",
"description": "Sample - Xchecked via VT: abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5",
"pattern": "[file:hashes.SHA1 = 'f32cc53d6fd08efbe38530b5c32651a432380733']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6b-d740-4b20-8476-40c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:03.000Z",
"modified": "2016-04-12T07:02:03.000Z",
"description": "Sample - Xchecked via VT: abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5",
"pattern": "[file:hashes.MD5 = 'deaa2618c7c021fe99e742633768d7f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d6b-7534-4119-88f2-40a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:03.000Z",
"modified": "2016-04-12T07:02:03.000Z",
"first_observed": "2016-04-12T07:02:03Z",
"last_observed": "2016-04-12T07:02:03Z",
"number_observed": 1,
"object_refs": [
"url--570c9d6b-7534-4119-88f2-40a102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d6b-7534-4119-88f2-40a102de0b81",
"value": "https://www.virustotal.com/file/abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5/analysis/1460160638/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6b-8278-455e-ac9f-4a7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:03.000Z",
"modified": "2016-04-12T07:02:03.000Z",
"description": "Sample - Xchecked via VT: a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518",
"pattern": "[file:hashes.SHA1 = 'a8b628d6cd9da9c15fe257ad1c4df193f3e106ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6c-464c-433a-909c-4f6d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:04.000Z",
"modified": "2016-04-12T07:02:04.000Z",
"description": "Sample - Xchecked via VT: a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518",
"pattern": "[file:hashes.MD5 = '3bbe188f3cfe4a013a0c0050b1e500aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d6c-4eac-4223-83be-49c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:04.000Z",
"modified": "2016-04-12T07:02:04.000Z",
"first_observed": "2016-04-12T07:02:04Z",
"last_observed": "2016-04-12T07:02:04Z",
"number_observed": 1,
"object_refs": [
"url--570c9d6c-4eac-4223-83be-49c802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d6c-4eac-4223-83be-49c802de0b81",
"value": "https://www.virustotal.com/file/a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518/analysis/1460053639/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6d-4c88-4759-b81c-433402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:05.000Z",
"modified": "2016-04-12T07:02:05.000Z",
"description": "Sample - Xchecked via VT: a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c",
"pattern": "[file:hashes.SHA1 = '982a12e64a3ea4042a07727c767d137745b771a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6d-22ac-402c-ab98-4a6602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:05.000Z",
"modified": "2016-04-12T07:02:05.000Z",
"description": "Sample - Xchecked via VT: a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c",
"pattern": "[file:hashes.MD5 = '8f622a4e2bce80717c71ca255af04c51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d6d-0e78-423b-91eb-480302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:05.000Z",
"modified": "2016-04-12T07:02:05.000Z",
"first_observed": "2016-04-12T07:02:05Z",
"last_observed": "2016-04-12T07:02:05Z",
"number_observed": 1,
"object_refs": [
"url--570c9d6d-0e78-423b-91eb-480302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d6d-0e78-423b-91eb-480302de0b81",
"value": "https://www.virustotal.com/file/a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c/analysis/1459941472/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6e-f308-4bcc-98a8-47cf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:06.000Z",
"modified": "2016-04-12T07:02:06.000Z",
"description": "Sample - Xchecked via VT: 64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d",
"pattern": "[file:hashes.SHA1 = 'c869a3a1030f19a1cf5e1656e3d747eee51b2ba8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6e-db38-4f2f-aa28-46ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:06.000Z",
"modified": "2016-04-12T07:02:06.000Z",
"description": "Sample - Xchecked via VT: 64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d",
"pattern": "[file:hashes.MD5 = '3621540d2088c6b1215a4a965348a333']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d6e-ac6c-4287-8f7a-474402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:06.000Z",
"modified": "2016-04-12T07:02:06.000Z",
"first_observed": "2016-04-12T07:02:06Z",
"last_observed": "2016-04-12T07:02:06Z",
"number_observed": 1,
"object_refs": [
"url--570c9d6e-ac6c-4287-8f7a-474402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d6e-ac6c-4287-8f7a-474402de0b81",
"value": "https://www.virustotal.com/file/64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d/analysis/1460251565/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6e-22e8-4fca-b406-48d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:06.000Z",
"modified": "2016-04-12T07:02:06.000Z",
"description": "Sample - Xchecked via VT: 588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4",
"pattern": "[file:hashes.SHA1 = '1048807f48dd1a8b72bb36903930a91014638afd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6f-0410-4443-8036-48a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:07.000Z",
"modified": "2016-04-12T07:02:07.000Z",
"description": "Sample - Xchecked via VT: 588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4",
"pattern": "[file:hashes.MD5 = 'f79c950fa3efc3bb29a4f15ae05448f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d6f-cfa8-402c-a027-42c802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:07.000Z",
"modified": "2016-04-12T07:02:07.000Z",
"first_observed": "2016-04-12T07:02:07Z",
"last_observed": "2016-04-12T07:02:07Z",
"number_observed": 1,
"object_refs": [
"url--570c9d6f-cfa8-402c-a027-42c802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d6f-cfa8-402c-a027-42c802de0b81",
"value": "https://www.virustotal.com/file/588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4/analysis/1459908170/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d6f-ab88-4ce2-8f07-4c7702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:07.000Z",
"modified": "2016-04-12T07:02:07.000Z",
"description": "Sample - Xchecked via VT: 5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051",
"pattern": "[file:hashes.SHA1 = '251b2892efb68540bfca93c092ac88c47f3f629e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d70-3bd4-41c1-9e82-437f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:08.000Z",
"modified": "2016-04-12T07:02:08.000Z",
"description": "Sample - Xchecked via VT: 5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051",
"pattern": "[file:hashes.MD5 = '8dacc97d71cefc25bad375a9b5bc67d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:08.000Z",
"modified": "2016-04-12T07:02:08.000Z",
"first_observed": "2016-04-12T07:02:08Z",
"last_observed": "2016-04-12T07:02:08Z",
"number_observed": 1,
"object_refs": [
"url--570c9d70-3e9c-46ae-8993-4d5d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
"value": "https://www.virustotal.com/file/5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051/analysis/1459958907/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d70-d444-4f7a-8d3b-4c0a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:08.000Z",
"modified": "2016-04-12T07:02:08.000Z",
"description": "Sample - Xchecked via VT: 2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d",
"pattern": "[file:hashes.SHA1 = '412eb41a02682d056c61cb03c30852d397c7132c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d71-007c-4df4-a1db-47ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:09.000Z",
"modified": "2016-04-12T07:02:09.000Z",
"description": "Sample - Xchecked via VT: 2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d",
"pattern": "[file:hashes.MD5 = 'd8771f8d6fc74f03c453dc06284e5f5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d71-864c-4ae7-af74-42a802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:09.000Z",
"modified": "2016-04-12T07:02:09.000Z",
"first_observed": "2016-04-12T07:02:09Z",
"last_observed": "2016-04-12T07:02:09Z",
"number_observed": 1,
"object_refs": [
"url--570c9d71-864c-4ae7-af74-42a802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d71-864c-4ae7-af74-42a802de0b81",
"value": "https://www.virustotal.com/file/2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d/analysis/1459872907/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d71-1c64-46b8-be3e-4dc302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:09.000Z",
"modified": "2016-04-12T07:02:09.000Z",
"description": "Sample - Xchecked via VT: 003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3",
"pattern": "[file:hashes.SHA1 = '456ca2c7c5b1fe65db7b26810cf2e2a89b8eb2c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--570c9d71-faa8-4253-95ce-4fa002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:09.000Z",
"modified": "2016-04-12T07:02:09.000Z",
"description": "Sample - Xchecked via VT: 003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3",
"pattern": "[file:hashes.MD5 = 'ec0fae82b75ee1d7ce72b49d97dec4a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-04-12T07:02:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--570c9d72-7658-4ae1-a57c-4ce402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-04-12T07:02:10.000Z",
"modified": "2016-04-12T07:02:10.000Z",
"first_observed": "2016-04-12T07:02:10Z",
"last_observed": "2016-04-12T07:02:10Z",
"number_observed": 1,
"object_refs": [
"url--570c9d72-7658-4ae1-a57c-4ce402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--570c9d72-7658-4ae1-a57c-4ce402de0b81",
"value": "https://www.virustotal.com/file/003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3/analysis/1460015668/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}