adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/57608399-aa20-4d2c-b03d-4a69950d210f.json

4551 lines
201 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--57608399-aa20-4d2c-b03d-4a69950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-07-19T08:59:34.000Z",
"modified": "2016-07-19T08:59:34.000Z",
"name": "FOXIT-CERT",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57608399-aa20-4d2c-b03d-4a69950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-07-19T08:59:34.000Z",
"modified": "2016-07-19T08:59:34.000Z",
"name": "OSINT - Mofang: A politically motivated information stealing adversary",
"published": "2016-07-23T07:56:35Z",
"object_refs": [
"indicator--57608499-087c-41b0-84e3-4445950d210f",
"indicator--57608499-1ddc-41b9-8ad2-43e4950d210f",
"indicator--57608499-69c0-4efa-94b0-4ece950d210f",
"indicator--57608499-14e0-442e-8035-4e65950d210f",
"indicator--5760849a-fc9c-41d7-95e4-4afc950d210f",
"indicator--5760849a-c8cc-42e7-bbfa-4b1d950d210f",
"indicator--5760849a-92cc-43ea-b582-4d34950d210f",
"indicator--5760849a-5748-4ec6-99f6-4ec7950d210f",
"indicator--5760849a-dbe0-4f97-8f2b-4fff950d210f",
"indicator--5760849a-b468-4cd7-9f26-4d39950d210f",
"indicator--5760849b-0008-44e3-904a-4906950d210f",
"indicator--5760849b-b0a0-425d-a0ca-49ec950d210f",
"indicator--5760849b-dba0-446e-b855-40d7950d210f",
"indicator--5760849b-9c20-4d7f-9c8a-4920950d210f",
"indicator--5760849b-3e08-4fb0-b077-486e950d210f",
"indicator--5760849c-5844-4822-b388-4e11950d210f",
"indicator--5760849c-d3f4-488b-a5e6-47ee950d210f",
"indicator--5760849c-43c4-4e67-a8d7-45db950d210f",
"indicator--576084e2-fdd8-498d-b142-41f8950d210f",
"indicator--576084e2-f5c4-4aee-9f0b-4629950d210f",
"indicator--576084e2-2ff0-46c2-95e9-46ae950d210f",
"indicator--576084e2-fe04-4c77-9bda-4de3950d210f",
"indicator--576084e3-1ea8-4035-ae99-4947950d210f",
"indicator--576084e3-bcd4-4a2c-9765-4c90950d210f",
"indicator--576084e3-e7c4-46d1-a92d-4be3950d210f",
"indicator--576084e3-d87c-46db-b60f-40a8950d210f",
"indicator--576084e3-eee0-4c0d-b5ea-476f950d210f",
"indicator--576084e4-ed54-41fb-aee6-4d16950d210f",
"indicator--576084e4-6bf8-4688-97aa-47a5950d210f",
"indicator--576084e4-1d08-4aae-9e66-4704950d210f",
"indicator--576084e4-59cc-411b-b6b5-41df950d210f",
"indicator--576084e4-346c-4225-8e53-4ad3950d210f",
"indicator--576084e4-f424-424a-8fc7-48b6950d210f",
"indicator--576084e5-15d8-48bb-8c34-4e05950d210f",
"indicator--576084e5-8548-42ea-8d8a-43c4950d210f",
"indicator--576084e5-ad58-49f0-83bd-4366950d210f",
"indicator--576084e5-c128-4139-a50b-4ada950d210f",
"indicator--576084e5-1758-48c2-a388-4762950d210f",
"indicator--576084e5-a53c-4e0c-86ff-45e1950d210f",
"indicator--576084e6-c3e8-48c9-a854-46bc950d210f",
"indicator--576084e6-75f4-444b-a32d-46c7950d210f",
"indicator--576084e6-d0a4-4ae3-b588-4fa2950d210f",
"indicator--576084e6-acdc-4c09-97ff-4a36950d210f",
"indicator--576084e6-d71c-4624-803a-4374950d210f",
"indicator--576084e7-859c-43fd-b12b-4869950d210f",
"indicator--576084e7-7ffc-410e-925c-4049950d210f",
"indicator--576084e7-b3ac-4d51-a9bb-4902950d210f",
"indicator--576084e7-29f8-47d8-9d97-4dd4950d210f",
"indicator--576084e7-dc2c-4716-9556-4eff950d210f",
"indicator--576084e7-9d40-4dde-b74e-4538950d210f",
"indicator--576084e8-7c04-42d0-ab53-4ea9950d210f",
"indicator--576084e8-f4b8-47b6-bb66-41c0950d210f",
"indicator--576084e8-94b4-4162-9a17-4a2e950d210f",
"indicator--576084e8-1d18-4dd0-a026-49e5950d210f",
"indicator--576084e8-0c18-46d3-bff0-47d1950d210f",
"indicator--576084e9-f660-478c-9961-4ca9950d210f",
"indicator--576084e9-bf88-48ab-bb04-4b48950d210f",
"indicator--576084e9-db04-41cf-81a3-4698950d210f",
"indicator--57608528-91e4-4666-b514-42ef950d210f",
"indicator--57608570-b360-43b8-99cd-4833950d210f",
"observed-data--576085d3-b7f8-4625-9080-4a2d950d210f",
"url--576085d3-b7f8-4625-9080-4a2d950d210f",
"observed-data--5760866b-5714-4531-acd7-4eca950d210f",
"url--5760866b-5714-4531-acd7-4eca950d210f",
"indicator--5760b597-6b90-490c-bedb-4da102de0b81",
"indicator--5760b597-6ff8-4d33-be86-496b02de0b81",
"observed-data--5760b597-396c-4496-b182-4c8602de0b81",
"url--5760b597-396c-4496-b182-4c8602de0b81",
"indicator--5760b598-2b58-4cea-849c-4cb002de0b81",
"indicator--5760b598-ee44-47bf-b208-49fd02de0b81",
"observed-data--5760b598-c4b0-4aa5-84f0-416802de0b81",
"url--5760b598-c4b0-4aa5-84f0-416802de0b81",
"indicator--5760b598-3a30-4f28-99c3-47f802de0b81",
"indicator--5760b598-13fc-45eb-89db-41f002de0b81",
"observed-data--5760b599-8678-4518-8a40-4cd002de0b81",
"url--5760b599-8678-4518-8a40-4cd002de0b81",
"indicator--5760b599-b324-4cdf-abd8-455302de0b81",
"indicator--5760b599-c9bc-4b54-afe1-47f102de0b81",
"observed-data--5760b599-385c-462a-a796-430a02de0b81",
"url--5760b599-385c-462a-a796-430a02de0b81",
"indicator--5760b599-6828-4cc4-9f11-467d02de0b81",
"indicator--5760b59a-0764-474e-992b-4a3602de0b81",
"observed-data--5760b59a-997c-4ff3-9cfc-411402de0b81",
"url--5760b59a-997c-4ff3-9cfc-411402de0b81",
"indicator--5760b59a-631c-4eeb-b395-4de402de0b81",
"indicator--5760b59a-93f0-4ab4-8c95-4d9f02de0b81",
"observed-data--5760b59a-dcd4-4f3a-b654-4d7d02de0b81",
"url--5760b59a-dcd4-4f3a-b654-4d7d02de0b81",
"indicator--5760b59b-9418-4bc1-b2e7-40d802de0b81",
"indicator--5760b59b-c1a8-42a4-95fe-474702de0b81",
"observed-data--5760b59b-a59c-4aeb-a0ff-417302de0b81",
"url--5760b59b-a59c-4aeb-a0ff-417302de0b81",
"indicator--5760b59b-8ef0-450b-abb9-441f02de0b81",
"indicator--5760b59b-a220-4520-af45-4bb002de0b81",
"observed-data--5760b59c-326c-4dd0-8d86-4a1202de0b81",
"url--5760b59c-326c-4dd0-8d86-4a1202de0b81",
"indicator--5760b59c-ab4c-4504-a0ab-47ed02de0b81",
"indicator--5760b59c-1100-40be-ab6b-409402de0b81",
"observed-data--5760b59c-a630-49ed-8088-425902de0b81",
"url--5760b59c-a630-49ed-8088-425902de0b81",
"indicator--5760b59c-9c5c-4e0c-807b-496402de0b81",
"indicator--5760b59d-a794-44e8-a281-413502de0b81",
"observed-data--5760b59d-e1ac-4cb2-bef6-40fd02de0b81",
"url--5760b59d-e1ac-4cb2-bef6-40fd02de0b81",
"indicator--5760b59d-055c-4ea1-aba0-4d6702de0b81",
"indicator--5760b59d-5924-460e-8005-497a02de0b81",
"observed-data--5760b59d-199c-480b-8934-42c702de0b81",
"url--5760b59d-199c-480b-8934-42c702de0b81",
"indicator--5760b59e-f56c-4d22-81d1-46f402de0b81",
"indicator--5760b59e-6050-4a3b-89f0-4e8702de0b81",
"observed-data--5760b59e-2630-4137-96aa-497602de0b81",
"url--5760b59e-2630-4137-96aa-497602de0b81",
"indicator--5760b59e-3980-436d-a3be-4dc202de0b81",
"indicator--5760b59e-01f8-4591-b8aa-46f502de0b81",
"observed-data--5760b59f-851c-4a2c-b677-42d702de0b81",
"url--5760b59f-851c-4a2c-b677-42d702de0b81",
"indicator--5760b59f-d530-40f1-b7bb-422c02de0b81",
"indicator--5760b59f-a150-4d68-9418-466002de0b81",
"observed-data--5760b59f-64a8-409d-ba94-493f02de0b81",
"url--5760b59f-64a8-409d-ba94-493f02de0b81",
"indicator--5760b59f-7bd8-42ff-8d1d-42f302de0b81",
"indicator--5760b5a0-4670-42ec-ae2f-459e02de0b81",
"observed-data--5760b5a0-b4e8-44da-bfc6-4d6a02de0b81",
"url--5760b5a0-b4e8-44da-bfc6-4d6a02de0b81",
"indicator--5760b5a0-ab84-4ffb-8298-47d602de0b81",
"indicator--5760b5a0-ecac-4c8c-a640-44ef02de0b81",
"observed-data--5760b5a0-1a58-4f98-9421-453a02de0b81",
"url--5760b5a0-1a58-4f98-9421-453a02de0b81",
"indicator--5760b5a1-5e10-42ea-b82a-430b02de0b81",
"indicator--5760b5a1-3054-4c56-bfd9-44e902de0b81",
"observed-data--5760b5a1-8194-4e9e-b010-468202de0b81",
"url--5760b5a1-8194-4e9e-b010-468202de0b81",
"indicator--5760b5a1-e180-4cc9-bc08-4c1502de0b81",
"indicator--5760b5a1-5bdc-4760-9f42-43f202de0b81",
"observed-data--5760b5a2-5814-40c5-b2db-446e02de0b81",
"url--5760b5a2-5814-40c5-b2db-446e02de0b81",
"indicator--5760b5a2-49e0-4eb1-8520-47c202de0b81",
"indicator--5760b5a2-c1c4-4277-8cf8-419002de0b81",
"observed-data--5760b5a2-fb28-44c1-a44b-497302de0b81",
"url--5760b5a2-fb28-44c1-a44b-497302de0b81",
"indicator--5760b5a2-b198-41eb-a137-485302de0b81",
"indicator--5760b5a3-9984-42d4-86f4-4ac002de0b81",
"observed-data--5760b5a3-0bf8-4f6e-be5a-440f02de0b81",
"url--5760b5a3-0bf8-4f6e-be5a-440f02de0b81",
"indicator--5760b5a3-1550-45c6-938a-4f5c02de0b81",
"indicator--5760b5a3-2c8c-497c-af24-493302de0b81",
"observed-data--5760b5a3-d604-4b8f-a697-415e02de0b81",
"url--5760b5a3-d604-4b8f-a697-415e02de0b81",
"indicator--5760b5a4-ba48-40d8-9b25-4ff702de0b81",
"indicator--5760b5a4-7efc-4d3e-a269-4c3702de0b81",
"observed-data--5760b5a4-0810-4e7b-8b82-473402de0b81",
"url--5760b5a4-0810-4e7b-8b82-473402de0b81",
"indicator--5760b5a4-20c8-439e-87dd-483d02de0b81",
"indicator--5760b5a4-764c-4f51-be02-4c4002de0b81",
"observed-data--5760b5a5-577c-4db3-8993-4a3d02de0b81",
"url--5760b5a5-577c-4db3-8993-4a3d02de0b81",
"indicator--5760b5a5-8d5c-4ed6-926c-4e9b02de0b81",
"indicator--5760b5a5-e48c-4913-847c-47dd02de0b81",
"observed-data--5760b5a5-3c4c-4a7f-b9b0-412d02de0b81",
"url--5760b5a5-3c4c-4a7f-b9b0-412d02de0b81",
"indicator--5760b5a5-e700-4b0d-84a2-47d302de0b81",
"indicator--5760b5a6-7d00-423b-9c42-4e3402de0b81",
"observed-data--5760b5a6-0da4-40ad-b36b-426f02de0b81",
"url--5760b5a6-0da4-40ad-b36b-426f02de0b81",
"indicator--5760b5a6-68a8-4f54-b382-44c702de0b81",
"indicator--5760b5a6-c25c-40e7-970d-48d002de0b81",
"observed-data--5760b5a6-c52c-43e9-9341-4be102de0b81",
"url--5760b5a6-c52c-43e9-9341-4be102de0b81",
"indicator--5760b5a7-5d84-4b46-84b0-4bed02de0b81",
"indicator--5760b5a7-7104-436c-8759-418202de0b81",
"observed-data--5760b5a7-0eb4-4fd4-a2a8-409b02de0b81",
"url--5760b5a7-0eb4-4fd4-a2a8-409b02de0b81",
"indicator--5760b5a7-e7a4-4fa4-b672-4e6f02de0b81",
"indicator--5760b5a7-d38c-40e7-b154-49cc02de0b81",
"observed-data--5760b5a8-1e28-493d-aa7f-4a8a02de0b81",
"url--5760b5a8-1e28-493d-aa7f-4a8a02de0b81",
"indicator--5760b5a8-4ef0-441b-aeb1-48c002de0b81",
"indicator--5760b5a8-ca94-4730-94cb-460e02de0b81",
"observed-data--5760b5a8-ef18-41a0-a0f9-431002de0b81",
"url--5760b5a8-ef18-41a0-a0f9-431002de0b81",
"indicator--5760b5a8-4330-4da5-a0db-4e4002de0b81",
"indicator--5760b5a8-548c-4c9c-a3f2-48a802de0b81",
"observed-data--5760b5a9-ce3c-4cfa-b12b-493002de0b81",
"url--5760b5a9-ce3c-4cfa-b12b-493002de0b81",
"indicator--5760b5a9-8070-4c8f-a4f8-479302de0b81",
"indicator--5760b5a9-3cd4-4b72-af82-4fd002de0b81",
"observed-data--5760b5a9-cb60-4743-bc5a-4b5b02de0b81",
"url--5760b5a9-cb60-4743-bc5a-4b5b02de0b81",
"indicator--5760b5a9-1b68-4461-90fd-4cdd02de0b81",
"indicator--5760b5aa-963c-4539-8190-42ba02de0b81",
"observed-data--5760b5aa-1a44-4994-8e4b-433202de0b81",
"url--5760b5aa-1a44-4994-8e4b-433202de0b81",
"indicator--5760b5aa-7964-44b1-aca4-483102de0b81",
"indicator--5760b5aa-0bcc-4bad-b4c5-4ccd02de0b81",
"observed-data--5760b5aa-2c54-41d3-98c3-497d02de0b81",
"url--5760b5aa-2c54-41d3-98c3-497d02de0b81",
"indicator--5760b5ab-f0a0-4057-868c-4d5c02de0b81",
"indicator--5760b5ab-22a0-4197-9129-4c2202de0b81",
"observed-data--5760b5ab-060c-4caa-b5ea-4e7702de0b81",
"url--5760b5ab-060c-4caa-b5ea-4e7702de0b81",
"indicator--5760b5ab-ebc4-40b9-9c50-489002de0b81",
"indicator--5760b5ab-9420-447d-acde-415102de0b81",
"observed-data--5760b5ac-f3e0-4f8a-b8bf-4ecf02de0b81",
"url--5760b5ac-f3e0-4f8a-b8bf-4ecf02de0b81",
"x-misp-attribute--5760b708-b0f0-42c2-8d68-491e950d210f",
"x-misp-attribute--5760b708-a274-40ba-af8a-4a2e950d210f",
"x-misp-attribute--5760b708-66c8-4821-a214-468f950d210f",
"x-misp-attribute--5760b708-0e1c-41d1-bad6-436f950d210f",
"indicator--5760b756-b958-4f16-8184-4a77950d210f",
"indicator--5760b78a-4060-4b6c-9763-44de950d210f",
"observed-data--5760ba26-b1f8-4a6f-b5fd-486a950d210f",
"domain-name--5760ba26-b1f8-4a6f-b5fd-486a950d210f",
"indicator--576101e7-9d7c-4f12-866d-4c4f950d210f",
"indicator--57613ab9-601c-4f6e-bee3-41c9950d210f",
"indicator--57613ab8-e4e0-4f51-9b71-48e6950d210f",
"indicator--57613ab9-2728-4b84-8114-4e9d950d210f",
"indicator--5767b45c-78c4-46d5-b94b-4ef5950d210f",
"indicator--5767b444-185c-4442-bb4f-4f86950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"malware\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57608499-087c-41b0-84e3-4445950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:33.000Z",
"modified": "2016-06-14T22:26:33.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'video.today-nytimes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57608499-1ddc-41b9-8ad2-43e4950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:33.000Z",
"modified": "2016-06-14T22:26:33.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'api.officeonlinetool.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57608499-69c0-4efa-94b0-4ece950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:33.000Z",
"modified": "2016-06-14T22:26:33.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'ie.update-windows-microsoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57608499-14e0-442e-8035-4e65950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:33.000Z",
"modified": "2016-06-14T22:26:33.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'travel.tripmans.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849a-fc9c-41d7-95e4-4afc950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:34.000Z",
"modified": "2016-06-14T22:26:34.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'dns.undpus.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849a-c8cc-42e7-bbfa-4b1d950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:34.000Z",
"modified": "2016-06-14T22:26:34.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'secure2.sophosrv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849a-92cc-43ea-b582-4d34950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:34.000Z",
"modified": "2016-06-14T22:26:34.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'update.nfkllyuisyahooapis.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849a-5748-4ec6-99f6-4ec7950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:34.000Z",
"modified": "2016-06-14T22:26:34.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'www.go-gga.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849a-dbe0-4f97-8f2b-4fff950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:34.000Z",
"modified": "2016-06-14T22:26:34.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'images.defexpoindia14.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849a-b468-4cd7-9f26-4d39950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:34.000Z",
"modified": "2016-06-14T22:26:34.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'update.micrdsoft.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849b-0008-44e3-904a-4906950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:35.000Z",
"modified": "2016-06-14T22:26:35.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'support.f--secure.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849b-b0a0-425d-a0ca-49ec950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:35.000Z",
"modified": "2016-06-14T22:26:35.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'store.outlook-microsoft.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849b-dba0-446e-b855-40d7950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:35.000Z",
"modified": "2016-06-14T22:26:35.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'b.support.outlook-microsoft.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849b-9c20-4d7f-9c8a-4920950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:35.000Z",
"modified": "2016-06-14T22:26:35.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'logon.had-one-job.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849b-3e08-4fb0-b077-486e950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:35.000Z",
"modified": "2016-06-14T22:26:35.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'www.avgfree.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849c-5844-4822-b388-4e11950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:36.000Z",
"modified": "2016-06-14T22:26:36.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'mail.upgoogle.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849c-d3f4-488b-a5e6-47ee950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:36.000Z",
"modified": "2016-06-14T22:26:36.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'wbmail.city-library.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760849c-43c4-4e67-a8d7-45db950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:26:36.000Z",
"modified": "2016-06-14T22:26:36.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[domain-name:value = 'library.cpgcorp.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e2-fdd8-498d-b142-41f8950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:46.000Z",
"modified": "2016-06-14T22:27:46.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '558461b6fb0441e7f70c4224963490ea49f44d40c5700a4c7fd19be4c62b3d6a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e2-f5c4-4aee-9f0b-4629950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:46.000Z",
"modified": "2016-06-14T22:27:46.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'a835baa7ffc265346443b5d6f4828d7221594bd91be8afc08152f3d68698b672']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e2-2ff0-46c2-95e9-46ae950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:46.000Z",
"modified": "2016-06-14T22:27:46.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '2653ecc3ea17e0d5613ddebe76bdddea6c108713330b0bd8e68d2d5141a4a07d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e2-fe04-4c77-9bda-4de3950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:46.000Z",
"modified": "2016-06-14T22:27:46.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '2d40ca005a7df46b3f7c691006c9951fc3bee25bb4fa4a0ebbdee76d7d117fdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e3-1ea8-4035-ae99-4947950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:47.000Z",
"modified": "2016-06-14T22:27:47.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'af67df976fb941c99f4d3dd948ed4828a445dd6f9c98ffc2070c8be76c60484d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e3-bcd4-4a2c-9765-4c90950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:47.000Z",
"modified": "2016-06-14T22:27:47.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'e5bcb55d7881b3b367521532af173e85d1eee66badf89586168d22ed17bc25b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e3-e7c4-46d1-a92d-4be3950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:47.000Z",
"modified": "2016-06-14T22:27:47.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'd834e70a524a87945f7a8880b78f5e10460c1d2b60f3e487cb6f05c8221aa4f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e3-d87c-46db-b60f-40a8950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:47.000Z",
"modified": "2016-06-14T22:27:47.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '0cc1660e384683f2147e02ff76c69822ee2b98433c3a3613bbd28b9d8258da38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e3-eee0-4c0d-b5ea-476f950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:47.000Z",
"modified": "2016-06-14T22:27:47.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'f71025d47105dcd674a0b9ef0c83a83854ba20cb0eb8168da36a7908d150e44f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e4-ed54-41fb-aee6-4d16950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:47.000Z",
"modified": "2016-06-14T22:27:47.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '5dc3f4a067ae125f99fa90844bba667235ec7ef667353e282ff29712dda5b71c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e4-6bf8-4688-97aa-47a5950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:48.000Z",
"modified": "2016-06-14T22:27:48.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '8ee3fc5ccef751e098c4e64b36e8b5c95dc48473ac83380b59d10ea32f9946f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e4-1d08-4aae-9e66-4704950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:48.000Z",
"modified": "2016-06-14T22:27:48.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '35589ce27c27dd4407a79540f32031d752b774b4bd6b8a3687e19a177ae6b18b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e4-59cc-411b-b6b5-41df950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:48.000Z",
"modified": "2016-06-14T22:27:48.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '36422e6ccaa50a9ecceb7fb709a9e383552732525cb579f8438237d87aaf8377']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e4-346c-4225-8e53-4ad3950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:48.000Z",
"modified": "2016-06-14T22:27:48.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '3c5c4d68d0fa6520637fb4afe6a7097ec7d0f1d6a738bb0064bb009ea6344e8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e4-f424-424a-8fc7-48b6950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:48.000Z",
"modified": "2016-06-14T22:27:48.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'a03bd56eeee9f376eb59c6f4d19bf8a651eeb57bb4ebb7f884192b22a6616e68']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e5-15d8-48bb-8c34-4e05950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:49.000Z",
"modified": "2016-06-14T22:27:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'b53b27bb3e9d02e3ec5404cf3e67debb90d9337dbb570ca8b8cfce1054428466']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e5-8548-42ea-8d8a-43c4950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:49.000Z",
"modified": "2016-06-14T22:27:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'ba0057a1b132ec16559efc832941455cc07f34c434da2a7434f73f1d2141bebf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e5-ad58-49f0-83bd-4366950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:49.000Z",
"modified": "2016-06-14T22:27:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '2b111e287d356ac4561ba4f56135b7c1361b7da32e5825028a5e300e44b05579']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e5-c128-4139-a50b-4ada950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:49.000Z",
"modified": "2016-06-14T22:27:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '029e735581c38d66f03aa0e9d1c22959b0bc8dfe298b9e91b127c42c7f904b5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e5-1758-48c2-a388-4762950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:49.000Z",
"modified": "2016-06-14T22:27:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '15b9c033b49a5328ddb06997a817af55469aaf6bc3911de030e6f5ad845160bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e5-a53c-4e0c-86ff-45e1950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:49.000Z",
"modified": "2016-06-14T22:27:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '33b288455c12bf7678fb5fd028ff3d42fcaf33cf833a147cb7f0f89f7dad0d8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e6-c3e8-48c9-a854-46bc950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:50.000Z",
"modified": "2016-06-14T22:27:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'eb2d3c9e15b189dd02f753f805e90493254e17d40db6f1228a4e4095c5f260c1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e6-75f4-444b-a32d-46c7950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:50.000Z",
"modified": "2016-06-14T22:27:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '5da5a5643e32d6200567768e6112d4d3161335d8d7a6dd48f02bf444fe98aab3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e6-d0a4-4ae3-b588-4fa2950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:50.000Z",
"modified": "2016-06-14T22:27:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '241c66bb54bd27afeb4805aa8a8045155b81c8cd7093dde7ef19273728f502eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e6-acdc-4c09-97ff-4a36950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:50.000Z",
"modified": "2016-06-14T22:27:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '577622fbf0a7bebc60844df808e75eef81a3d62ec6943f80168ac0d5ef39de5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e6-d71c-4624-803a-4374950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:50.000Z",
"modified": "2016-06-14T22:27:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'd2d4723f8c3bba910cade05c9ecea00cdcc647d42232bccc610d066792a95b15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e7-859c-43fd-b12b-4869950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:51.000Z",
"modified": "2016-06-14T22:27:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'dae17755e106be27ea4b97120906c46d4fcbb14cc8d9fc2c432f4c0cc74bb3fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e7-7ffc-410e-925c-4049950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:51.000Z",
"modified": "2016-06-14T22:27:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '23132f4dfd4cb8abe11af1064e4930bc36a464d1235f43bad4ff20708babcc34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e7-b3ac-4d51-a9bb-4902950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:51.000Z",
"modified": "2016-06-14T22:27:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'fa28559a4e0e920b70129cea95a98da9a409eaa093c63f341a7809692b31e723']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e7-29f8-47d8-9d97-4dd4950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:51.000Z",
"modified": "2016-06-14T22:27:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '234d62ffd83c3972a32e89685787ff3aab4548cd16e4384c3c704a059ef731ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e7-dc2c-4716-9556-4eff950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:51.000Z",
"modified": "2016-06-14T22:27:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'e01aae93f68a84829fd8c0bc5ae923897d32af3a1d78623839fcfd18c99627cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e7-9d40-4dde-b74e-4538950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:51.000Z",
"modified": "2016-06-14T22:27:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '2a1a0d8d81647c321759197a15f14091ab5e76b913eb2d7d28c6bb053166d882']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e8-7c04-42d0-ab53-4ea9950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:52.000Z",
"modified": "2016-06-14T22:27:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '6882664f1d0eb8c8cf61bdd16494380d34b6207455638342c6c3a7eef1ed9197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e8-f4b8-47b6-bb66-41c0950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:52.000Z",
"modified": "2016-06-14T22:27:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '1922273bb36ab282e3b7846f1bb2802f5803bde66078fa996e44b84d0265675f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e8-94b4-4162-9a17-4a2e950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:52.000Z",
"modified": "2016-06-14T22:27:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '1ca75e9b1761e15968d01a6e4f0a9f6ce47ba7ee4047d1533fb838f0f6ab28e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e8-1d18-4dd0-a026-49e5950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:52.000Z",
"modified": "2016-06-14T22:27:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'b7edbe6aee1896a952fcce2305c2bb7d8e77162bb45e305c64c7f8c9f63b3ab5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e8-0c18-46d3-bff0-47d1950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:52.000Z",
"modified": "2016-06-14T22:27:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = 'ac3b42453fac93e575988ba73ab24311515b090d57b1ad9f27dcbae8363f2d99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e9-f660-478c-9961-4ca9950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:53.000Z",
"modified": "2016-06-14T22:27:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '0741a18bfd79dac1fb850a7d4fcc62098c43fb0c803df6cd9934e82a1362dd07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e9-bf88-48ab-bb04-4b48950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:53.000Z",
"modified": "2016-06-14T22:27:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '722f41aa2c7d670364b7a9bb683a0025aef5893b34af67873972cdaf09490ad2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576084e9-db04-41cf-81a3-4698950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:27:53.000Z",
"modified": "2016-06-14T22:27:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.SHA256 = '7deb75e95e8e22c6abb3b33c00b47a93122b8c744e8f66affd9748292e5a177f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-14T22:27:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57608528-91e4-4666-b514-42ef950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-07-19T08:59:34.000Z",
"modified": "2016-07-19T08:59:34.000Z",
"pattern": "[rule shimrat\r\n{\r\n meta:\r\n description = \"Detects ShimRat and the ShimRat loader\"\r\n author = \"Yonathan Klijnsma (yonathan.klijnsma@fox-it.com)\"\r\n date = \"20/11/2015\"\r\n \r\n strings:\r\n $dll = \".dll\"\r\n $dat = \".dat\"\r\n $headersig = \"QWERTYUIOPLKJHG\"\r\n $datasig = \"MNBVCXZLKJHGFDS\"\r\n $datamarker1 = \"Data$$00\"\r\n $datamarker2 = \"Data$$01%c%sData\"\r\n $cmdlineformat = \"ping localhost -n 9 /c %s > nul\"\r\n $demoproject_keyword1 = \"Demo\"\r\n $demoproject_keyword2 = \"Win32App\"\r\n $comspec = \"COMSPEC\"\r\n $shim_func1 = \"ShimMain\"\r\n $shim_func2 = \"NotifyShims\"\r\n $shim_func3 = \"GetHookAPIs\"\r\n\r\n\r\n condition:\r\n ($dll and $dat and $headersig and $datasig) or ($datamarker1 and $datamarker2) or ($cmdlineformat and $demoproject_keyword1 and $demoproject_keyword2 and $comspec) or ($dll and $dat and $shim_func1 and $shim_func2 and $shim_func3)\r\n}\r\n\r\nrule shimratreporter\r\n{\r\n meta:\r\n description = \"Detects ShimRatReporter\"\r\n author = \"Yonathan Klijnsma (yonathan.klijnsma@fox-it.com)\"\r\n date = \"20/11/2015\"\r\n\r\n strings:\r\n $IpInfo = \"IP-INFO\"\r\n $NetworkInfo = \"Network-INFO\"\r\n $OsInfo = \"OS-INFO\"\r\n $ProcessInfo = \"Process-INFO\"\r\n $BrowserInfo = \"Browser-INFO\"\r\n $QueryUserInfo = \"QueryUser-INFO\"\r\n $UsersInfo = \"Users-INFO\"\r\n $SoftwareInfo = \"Software-INFO\"\r\n $AddressFormat = \"%02X-%02X-%02X-%02X-%02X-%02X\"\r\n $proxy_str = \"(from environment) = %s\"\r\n\r\n $netuserfun = \"NetUserEnum\"\r\n $networkparams = \"GetNetworkParams\"\r\n\r\n condition:\r\n all of them\r\n}]",
"pattern_type": "yara",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2016-07-19T08:59:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57608570-b360-43b8-99cd-4833950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-07-19T08:59:32.000Z",
"modified": "2016-07-19T08:59:32.000Z",
"description": "Snort signatures",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"FOX-SRT - Trojan - ShimRat check-in (Data)\"; flow:established,to_server; content:\"POST\"; http_method; content:\".php HTTP/1.\"; content:\"|0d0a0d0a|Data$$\"; fast_pattern:only; content:!\"Content-Type\"; content:!\"Referer:\"; content:!\"Cookie:\"; content:\"|0d0a0d0a|\"; pcre:\"/Data\\$\\$\\d\\d/R\"; content:\"Data\"; isdataat:!1,relative; threshold: type limit, track by_src, count 1, seconds 600; classtype:trojan-activity; reference:url,blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/; sid:21001854; rev:4;)]",
"pattern_type": "snort",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2016-07-19T08:59:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--576085d3-b7f8-4625-9080-4a2d950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:31:47.000Z",
"modified": "2016-06-14T22:31:47.000Z",
"first_observed": "2016-06-14T22:31:47Z",
"last_observed": "2016-06-14T22:31:47Z",
"number_observed": 1,
"object_refs": [
"url--576085d3-b7f8-4625-9080-4a2d950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"Internal reference\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--576085d3-b7f8-4625-9080-4a2d950d210f",
"value": "https://github.com/fox-it/mofang"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760866b-5714-4531-acd7-4eca950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-14T22:34:19.000Z",
"modified": "2016-06-14T22:34:19.000Z",
"first_observed": "2016-06-14T22:34:19Z",
"last_observed": "2016-06-14T22:34:19Z",
"number_observed": 1,
"object_refs": [
"url--5760866b-5714-4531-acd7-4eca950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"Internal reference\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760866b-5714-4531-acd7-4eca950d210f",
"value": "http://blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b597-6b90-490c-bedb-4da102de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:35.000Z",
"modified": "2016-06-15T01:55:35.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 7deb75e95e8e22c6abb3b33c00b47a93122b8c744e8f66affd9748292e5a177f",
"pattern": "[file:hashes.SHA1 = '5428d25b9ec583260c25af0d71eba364388a530e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b597-6ff8-4d33-be86-496b02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:35.000Z",
"modified": "2016-06-15T01:55:35.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 7deb75e95e8e22c6abb3b33c00b47a93122b8c744e8f66affd9748292e5a177f",
"pattern": "[file:hashes.MD5 = 'b43e5988bde7bb03133eec60daaf22d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b597-396c-4496-b182-4c8602de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:35.000Z",
"modified": "2016-06-15T01:55:35.000Z",
"first_observed": "2016-06-15T01:55:35Z",
"last_observed": "2016-06-15T01:55:35Z",
"number_observed": 1,
"object_refs": [
"url--5760b597-396c-4496-b182-4c8602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b597-396c-4496-b182-4c8602de0b81",
"value": "https://www.virustotal.com/file/7deb75e95e8e22c6abb3b33c00b47a93122b8c744e8f66affd9748292e5a177f/analysis/1444933085/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b598-2b58-4cea-849c-4cb002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:36.000Z",
"modified": "2016-06-15T01:55:36.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 722f41aa2c7d670364b7a9bb683a0025aef5893b34af67873972cdaf09490ad2",
"pattern": "[file:hashes.SHA1 = '961ad7d813f6c64aae3d999aab802f50f8d94172']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b598-ee44-47bf-b208-49fd02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:36.000Z",
"modified": "2016-06-15T01:55:36.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 722f41aa2c7d670364b7a9bb683a0025aef5893b34af67873972cdaf09490ad2",
"pattern": "[file:hashes.MD5 = '582e4adddfd12f7d68035c3b8e2e3378']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b598-c4b0-4aa5-84f0-416802de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:36.000Z",
"modified": "2016-06-15T01:55:36.000Z",
"first_observed": "2016-06-15T01:55:36Z",
"last_observed": "2016-06-15T01:55:36Z",
"number_observed": 1,
"object_refs": [
"url--5760b598-c4b0-4aa5-84f0-416802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b598-c4b0-4aa5-84f0-416802de0b81",
"value": "https://www.virustotal.com/file/722f41aa2c7d670364b7a9bb683a0025aef5893b34af67873972cdaf09490ad2/analysis/1445877385/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b598-3a30-4f28-99c3-47f802de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:36.000Z",
"modified": "2016-06-15T01:55:36.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0741a18bfd79dac1fb850a7d4fcc62098c43fb0c803df6cd9934e82a1362dd07",
"pattern": "[file:hashes.SHA1 = '8817dcb6d244676d22fa430cacd0dd6b7a1c5f24']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b598-13fc-45eb-89db-41f002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:36.000Z",
"modified": "2016-06-15T01:55:36.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0741a18bfd79dac1fb850a7d4fcc62098c43fb0c803df6cd9934e82a1362dd07",
"pattern": "[file:hashes.MD5 = 'fb80354303a0ff748696baae3d264af4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b599-8678-4518-8a40-4cd002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:37.000Z",
"modified": "2016-06-15T01:55:37.000Z",
"first_observed": "2016-06-15T01:55:37Z",
"last_observed": "2016-06-15T01:55:37Z",
"number_observed": 1,
"object_refs": [
"url--5760b599-8678-4518-8a40-4cd002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b599-8678-4518-8a40-4cd002de0b81",
"value": "https://www.virustotal.com/file/0741a18bfd79dac1fb850a7d4fcc62098c43fb0c803df6cd9934e82a1362dd07/analysis/1433495631/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b599-b324-4cdf-abd8-455302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:37.000Z",
"modified": "2016-06-15T01:55:37.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ac3b42453fac93e575988ba73ab24311515b090d57b1ad9f27dcbae8363f2d99",
"pattern": "[file:hashes.SHA1 = '5fc9cec7f98c26c1881f142b2ff79a6457fd642e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b599-c9bc-4b54-afe1-47f102de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:37.000Z",
"modified": "2016-06-15T01:55:37.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ac3b42453fac93e575988ba73ab24311515b090d57b1ad9f27dcbae8363f2d99",
"pattern": "[file:hashes.MD5 = '0067bbd63db0a4f5662cdb1633d92444']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b599-385c-462a-a796-430a02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:37.000Z",
"modified": "2016-06-15T01:55:37.000Z",
"first_observed": "2016-06-15T01:55:37Z",
"last_observed": "2016-06-15T01:55:37Z",
"number_observed": 1,
"object_refs": [
"url--5760b599-385c-462a-a796-430a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b599-385c-462a-a796-430a02de0b81",
"value": "https://www.virustotal.com/file/ac3b42453fac93e575988ba73ab24311515b090d57b1ad9f27dcbae8363f2d99/analysis/1433150046/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b599-6828-4cc4-9f11-467d02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:37.000Z",
"modified": "2016-06-15T01:55:37.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b7edbe6aee1896a952fcce2305c2bb7d8e77162bb45e305c64c7f8c9f63b3ab5",
"pattern": "[file:hashes.SHA1 = 'fb2a1294d76bbe97eb9be744d72a135fc9a6af1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59a-0764-474e-992b-4a3602de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:38.000Z",
"modified": "2016-06-15T01:55:38.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b7edbe6aee1896a952fcce2305c2bb7d8e77162bb45e305c64c7f8c9f63b3ab5",
"pattern": "[file:hashes.MD5 = '9a6167cf7c180f15d8ae13f48d549d2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59a-997c-4ff3-9cfc-411402de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:38.000Z",
"modified": "2016-06-15T01:55:38.000Z",
"first_observed": "2016-06-15T01:55:38Z",
"last_observed": "2016-06-15T01:55:38Z",
"number_observed": 1,
"object_refs": [
"url--5760b59a-997c-4ff3-9cfc-411402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59a-997c-4ff3-9cfc-411402de0b81",
"value": "https://www.virustotal.com/file/b7edbe6aee1896a952fcce2305c2bb7d8e77162bb45e305c64c7f8c9f63b3ab5/analysis/1434710549/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59a-631c-4eeb-b395-4de402de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:38.000Z",
"modified": "2016-06-15T01:55:38.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1ca75e9b1761e15968d01a6e4f0a9f6ce47ba7ee4047d1533fb838f0f6ab28e2",
"pattern": "[file:hashes.SHA1 = '7c9eb0815c0baff8729acdbe5ebfb74b77673c5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59a-93f0-4ab4-8c95-4d9f02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:38.000Z",
"modified": "2016-06-15T01:55:38.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1ca75e9b1761e15968d01a6e4f0a9f6ce47ba7ee4047d1533fb838f0f6ab28e2",
"pattern": "[file:hashes.MD5 = '5c00ccf456135514c591478904b146e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59a-dcd4-4f3a-b654-4d7d02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:38.000Z",
"modified": "2016-06-15T01:55:38.000Z",
"first_observed": "2016-06-15T01:55:38Z",
"last_observed": "2016-06-15T01:55:38Z",
"number_observed": 1,
"object_refs": [
"url--5760b59a-dcd4-4f3a-b654-4d7d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59a-dcd4-4f3a-b654-4d7d02de0b81",
"value": "https://www.virustotal.com/file/1ca75e9b1761e15968d01a6e4f0a9f6ce47ba7ee4047d1533fb838f0f6ab28e2/analysis/1441743554/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59b-9418-4bc1-b2e7-40d802de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:39.000Z",
"modified": "2016-06-15T01:55:39.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1922273bb36ab282e3b7846f1bb2802f5803bde66078fa996e44b84d0265675f",
"pattern": "[file:hashes.SHA1 = 'b1b303058e1e586dc2ae2939340a2c35de3c2289']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59b-c1a8-42a4-95fe-474702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:39.000Z",
"modified": "2016-06-15T01:55:39.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1922273bb36ab282e3b7846f1bb2802f5803bde66078fa996e44b84d0265675f",
"pattern": "[file:hashes.MD5 = '484c7f9e6c9233ba6ed4adb79b87ebce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59b-a59c-4aeb-a0ff-417302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:39.000Z",
"modified": "2016-06-15T01:55:39.000Z",
"first_observed": "2016-06-15T01:55:39Z",
"last_observed": "2016-06-15T01:55:39Z",
"number_observed": 1,
"object_refs": [
"url--5760b59b-a59c-4aeb-a0ff-417302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59b-a59c-4aeb-a0ff-417302de0b81",
"value": "https://www.virustotal.com/file/1922273bb36ab282e3b7846f1bb2802f5803bde66078fa996e44b84d0265675f/analysis/1447679426/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59b-8ef0-450b-abb9-441f02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:39.000Z",
"modified": "2016-06-15T01:55:39.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 6882664f1d0eb8c8cf61bdd16494380d34b6207455638342c6c3a7eef1ed9197",
"pattern": "[file:hashes.SHA1 = 'a6105b2aef7845af8c18459442bdabb476038835']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59b-a220-4520-af45-4bb002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:39.000Z",
"modified": "2016-06-15T01:55:39.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 6882664f1d0eb8c8cf61bdd16494380d34b6207455638342c6c3a7eef1ed9197",
"pattern": "[file:hashes.MD5 = '2384febe404ef48d6585f050e3cd51a8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59c-326c-4dd0-8d86-4a1202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:40.000Z",
"modified": "2016-06-15T01:55:40.000Z",
"first_observed": "2016-06-15T01:55:40Z",
"last_observed": "2016-06-15T01:55:40Z",
"number_observed": 1,
"object_refs": [
"url--5760b59c-326c-4dd0-8d86-4a1202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59c-326c-4dd0-8d86-4a1202de0b81",
"value": "https://www.virustotal.com/file/6882664f1d0eb8c8cf61bdd16494380d34b6207455638342c6c3a7eef1ed9197/analysis/1425014357/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59c-ab4c-4504-a0ab-47ed02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:40.000Z",
"modified": "2016-06-15T01:55:40.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2a1a0d8d81647c321759197a15f14091ab5e76b913eb2d7d28c6bb053166d882",
"pattern": "[file:hashes.SHA1 = '8576e17b70de2ba61e4acfc4ff8ff14287d1c067']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59c-1100-40be-ab6b-409402de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:40.000Z",
"modified": "2016-06-15T01:55:40.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2a1a0d8d81647c321759197a15f14091ab5e76b913eb2d7d28c6bb053166d882",
"pattern": "[file:hashes.MD5 = '916a2a20a447b10e379543a47a60b40f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59c-a630-49ed-8088-425902de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:40.000Z",
"modified": "2016-06-15T01:55:40.000Z",
"first_observed": "2016-06-15T01:55:40Z",
"last_observed": "2016-06-15T01:55:40Z",
"number_observed": 1,
"object_refs": [
"url--5760b59c-a630-49ed-8088-425902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59c-a630-49ed-8088-425902de0b81",
"value": "https://www.virustotal.com/file/2a1a0d8d81647c321759197a15f14091ab5e76b913eb2d7d28c6bb053166d882/analysis/1380958163/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59c-9c5c-4e0c-807b-496402de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:40.000Z",
"modified": "2016-06-15T01:55:40.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e01aae93f68a84829fd8c0bc5ae923897d32af3a1d78623839fcfd18c99627cc",
"pattern": "[file:hashes.SHA1 = '26b788c117a8c22b0fdd78952c7eff132ed5a990']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59d-a794-44e8-a281-413502de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:41.000Z",
"modified": "2016-06-15T01:55:41.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e01aae93f68a84829fd8c0bc5ae923897d32af3a1d78623839fcfd18c99627cc",
"pattern": "[file:hashes.MD5 = '888cac09f613db4505c4ee8d01d4291b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59d-e1ac-4cb2-bef6-40fd02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:41.000Z",
"modified": "2016-06-15T01:55:41.000Z",
"first_observed": "2016-06-15T01:55:41Z",
"last_observed": "2016-06-15T01:55:41Z",
"number_observed": 1,
"object_refs": [
"url--5760b59d-e1ac-4cb2-bef6-40fd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59d-e1ac-4cb2-bef6-40fd02de0b81",
"value": "https://www.virustotal.com/file/e01aae93f68a84829fd8c0bc5ae923897d32af3a1d78623839fcfd18c99627cc/analysis/1378854272/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59d-055c-4ea1-aba0-4d6702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:41.000Z",
"modified": "2016-06-15T01:55:41.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 234d62ffd83c3972a32e89685787ff3aab4548cd16e4384c3c704a059ef731ce",
"pattern": "[file:hashes.SHA1 = '25dae9e0e597df3a020326b039e93c8ffa93d252']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59d-5924-460e-8005-497a02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:41.000Z",
"modified": "2016-06-15T01:55:41.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 234d62ffd83c3972a32e89685787ff3aab4548cd16e4384c3c704a059ef731ce",
"pattern": "[file:hashes.MD5 = 'd7a575895b07b007d0daf1f15bfb14a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59d-199c-480b-8934-42c702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:41.000Z",
"modified": "2016-06-15T01:55:41.000Z",
"first_observed": "2016-06-15T01:55:41Z",
"last_observed": "2016-06-15T01:55:41Z",
"number_observed": 1,
"object_refs": [
"url--5760b59d-199c-480b-8934-42c702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59d-199c-480b-8934-42c702de0b81",
"value": "https://www.virustotal.com/file/234d62ffd83c3972a32e89685787ff3aab4548cd16e4384c3c704a059ef731ce/analysis/1443828297/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59e-f56c-4d22-81d1-46f402de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:42.000Z",
"modified": "2016-06-15T01:55:42.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: fa28559a4e0e920b70129cea95a98da9a409eaa093c63f341a7809692b31e723",
"pattern": "[file:hashes.SHA1 = 'ee485a666c425be84585fd00062f29535bee0804']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59e-6050-4a3b-89f0-4e8702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:42.000Z",
"modified": "2016-06-15T01:55:42.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: fa28559a4e0e920b70129cea95a98da9a409eaa093c63f341a7809692b31e723",
"pattern": "[file:hashes.MD5 = 'a326e2abacc72c7a050ffe36e3d3d0eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59e-2630-4137-96aa-497602de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:42.000Z",
"modified": "2016-06-15T01:55:42.000Z",
"first_observed": "2016-06-15T01:55:42Z",
"last_observed": "2016-06-15T01:55:42Z",
"number_observed": 1,
"object_refs": [
"url--5760b59e-2630-4137-96aa-497602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59e-2630-4137-96aa-497602de0b81",
"value": "https://www.virustotal.com/file/fa28559a4e0e920b70129cea95a98da9a409eaa093c63f341a7809692b31e723/analysis/1425101429/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59e-3980-436d-a3be-4dc202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:42.000Z",
"modified": "2016-06-15T01:55:42.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 23132f4dfd4cb8abe11af1064e4930bc36a464d1235f43bad4ff20708babcc34",
"pattern": "[file:hashes.SHA1 = '412cb33b9f5d09ba9f75b704619b47dd05fba426']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59e-01f8-4591-b8aa-46f502de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:42.000Z",
"modified": "2016-06-15T01:55:42.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 23132f4dfd4cb8abe11af1064e4930bc36a464d1235f43bad4ff20708babcc34",
"pattern": "[file:hashes.MD5 = '3dab6ff3719ff7fcb01080fc36fe97dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59f-851c-4a2c-b677-42d702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:43.000Z",
"modified": "2016-06-15T01:55:43.000Z",
"first_observed": "2016-06-15T01:55:43Z",
"last_observed": "2016-06-15T01:55:43Z",
"number_observed": 1,
"object_refs": [
"url--5760b59f-851c-4a2c-b677-42d702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59f-851c-4a2c-b677-42d702de0b81",
"value": "https://www.virustotal.com/file/23132f4dfd4cb8abe11af1064e4930bc36a464d1235f43bad4ff20708babcc34/analysis/1427970735/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59f-d530-40f1-b7bb-422c02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:43.000Z",
"modified": "2016-06-15T01:55:43.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: dae17755e106be27ea4b97120906c46d4fcbb14cc8d9fc2c432f4c0cc74bb3fb",
"pattern": "[file:hashes.SHA1 = 'ff646e7d832759fa24810b9723e0d6581bcbc1a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59f-a150-4d68-9418-466002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:43.000Z",
"modified": "2016-06-15T01:55:43.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: dae17755e106be27ea4b97120906c46d4fcbb14cc8d9fc2c432f4c0cc74bb3fb",
"pattern": "[file:hashes.MD5 = '36e057fa2020c65f2849d718f2bb90ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b59f-64a8-409d-ba94-493f02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:43.000Z",
"modified": "2016-06-15T01:55:43.000Z",
"first_observed": "2016-06-15T01:55:43Z",
"last_observed": "2016-06-15T01:55:43Z",
"number_observed": 1,
"object_refs": [
"url--5760b59f-64a8-409d-ba94-493f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b59f-64a8-409d-ba94-493f02de0b81",
"value": "https://www.virustotal.com/file/dae17755e106be27ea4b97120906c46d4fcbb14cc8d9fc2c432f4c0cc74bb3fb/analysis/1448490452/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b59f-7bd8-42ff-8d1d-42f302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:43.000Z",
"modified": "2016-06-15T01:55:43.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: d2d4723f8c3bba910cade05c9ecea00cdcc647d42232bccc610d066792a95b15",
"pattern": "[file:hashes.SHA1 = 'e6035ffbdc4abd0d8b6d4890f83de42ffecde1ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a0-4670-42ec-ae2f-459e02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:44.000Z",
"modified": "2016-06-15T01:55:44.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: d2d4723f8c3bba910cade05c9ecea00cdcc647d42232bccc610d066792a95b15",
"pattern": "[file:hashes.MD5 = '2f14d8c3d4815436f806fc1a435e29e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a0-b4e8-44da-bfc6-4d6a02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:44.000Z",
"modified": "2016-06-15T01:55:44.000Z",
"first_observed": "2016-06-15T01:55:44Z",
"last_observed": "2016-06-15T01:55:44Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a0-b4e8-44da-bfc6-4d6a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a0-b4e8-44da-bfc6-4d6a02de0b81",
"value": "https://www.virustotal.com/file/d2d4723f8c3bba910cade05c9ecea00cdcc647d42232bccc610d066792a95b15/analysis/1427970044/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a0-ab84-4ffb-8298-47d602de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:44.000Z",
"modified": "2016-06-15T01:55:44.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 577622fbf0a7bebc60844df808e75eef81a3d62ec6943f80168ac0d5ef39de5c",
"pattern": "[file:hashes.SHA1 = '16f4a3f9485df96e25ac508d8a24e5b65fcf2fab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a0-ecac-4c8c-a640-44ef02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:44.000Z",
"modified": "2016-06-15T01:55:44.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 577622fbf0a7bebc60844df808e75eef81a3d62ec6943f80168ac0d5ef39de5c",
"pattern": "[file:hashes.MD5 = '4e22e8bc3034d0df1e902413c9cfefc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a0-1a58-4f98-9421-453a02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:44.000Z",
"modified": "2016-06-15T01:55:44.000Z",
"first_observed": "2016-06-15T01:55:44Z",
"last_observed": "2016-06-15T01:55:44Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a0-1a58-4f98-9421-453a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a0-1a58-4f98-9421-453a02de0b81",
"value": "https://www.virustotal.com/file/577622fbf0a7bebc60844df808e75eef81a3d62ec6943f80168ac0d5ef39de5c/analysis/1459351611/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a1-5e10-42ea-b82a-430b02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:45.000Z",
"modified": "2016-06-15T01:55:45.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 241c66bb54bd27afeb4805aa8a8045155b81c8cd7093dde7ef19273728f502eb",
"pattern": "[file:hashes.SHA1 = 'b31cf0d74fa4db0b00518e637f95bd366a25b477']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a1-3054-4c56-bfd9-44e902de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:45.000Z",
"modified": "2016-06-15T01:55:45.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 241c66bb54bd27afeb4805aa8a8045155b81c8cd7093dde7ef19273728f502eb",
"pattern": "[file:hashes.MD5 = 'b281a2e1457cd5ca8c85700817018902']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a1-8194-4e9e-b010-468202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:45.000Z",
"modified": "2016-06-15T01:55:45.000Z",
"first_observed": "2016-06-15T01:55:45Z",
"last_observed": "2016-06-15T01:55:45Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a1-8194-4e9e-b010-468202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a1-8194-4e9e-b010-468202de0b81",
"value": "https://www.virustotal.com/file/241c66bb54bd27afeb4805aa8a8045155b81c8cd7093dde7ef19273728f502eb/analysis/1409778711/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a1-e180-4cc9-bc08-4c1502de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:45.000Z",
"modified": "2016-06-15T01:55:45.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 5da5a5643e32d6200567768e6112d4d3161335d8d7a6dd48f02bf444fe98aab3",
"pattern": "[file:hashes.SHA1 = '24b26252a0181e9a88290fa4702379eab7006682']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a1-5bdc-4760-9f42-43f202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:45.000Z",
"modified": "2016-06-15T01:55:45.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 5da5a5643e32d6200567768e6112d4d3161335d8d7a6dd48f02bf444fe98aab3",
"pattern": "[file:hashes.MD5 = '06cca5013175c5a1c8ff89a494e24245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a2-5814-40c5-b2db-446e02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:46.000Z",
"modified": "2016-06-15T01:55:46.000Z",
"first_observed": "2016-06-15T01:55:46Z",
"last_observed": "2016-06-15T01:55:46Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a2-5814-40c5-b2db-446e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a2-5814-40c5-b2db-446e02de0b81",
"value": "https://www.virustotal.com/file/5da5a5643e32d6200567768e6112d4d3161335d8d7a6dd48f02bf444fe98aab3/analysis/1450293548/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a2-49e0-4eb1-8520-47c202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:46.000Z",
"modified": "2016-06-15T01:55:46.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: eb2d3c9e15b189dd02f753f805e90493254e17d40db6f1228a4e4095c5f260c1",
"pattern": "[file:hashes.SHA1 = '20175624f9672d15aaa68a35a7ae79efeeb21ce5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a2-c1c4-4277-8cf8-419002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:46.000Z",
"modified": "2016-06-15T01:55:46.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: eb2d3c9e15b189dd02f753f805e90493254e17d40db6f1228a4e4095c5f260c1",
"pattern": "[file:hashes.MD5 = 'cf883d04762b868b450275017ab3ccfa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a2-fb28-44c1-a44b-497302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:46.000Z",
"modified": "2016-06-15T01:55:46.000Z",
"first_observed": "2016-06-15T01:55:46Z",
"last_observed": "2016-06-15T01:55:46Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a2-fb28-44c1-a44b-497302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a2-fb28-44c1-a44b-497302de0b81",
"value": "https://www.virustotal.com/file/eb2d3c9e15b189dd02f753f805e90493254e17d40db6f1228a4e4095c5f260c1/analysis/1402677511/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a2-b198-41eb-a137-485302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:46.000Z",
"modified": "2016-06-15T01:55:46.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 33b288455c12bf7678fb5fd028ff3d42fcaf33cf833a147cb7f0f89f7dad0d8f",
"pattern": "[file:hashes.SHA1 = '2dee817ec73a51f4d2ac6334134a033157b8d5dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a3-9984-42d4-86f4-4ac002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:46.000Z",
"modified": "2016-06-15T01:55:46.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 33b288455c12bf7678fb5fd028ff3d42fcaf33cf833a147cb7f0f89f7dad0d8f",
"pattern": "[file:hashes.MD5 = '25e87e846bb969802e8db9b36d6cf67c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a3-0bf8-4f6e-be5a-440f02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:47.000Z",
"modified": "2016-06-15T01:55:47.000Z",
"first_observed": "2016-06-15T01:55:47Z",
"last_observed": "2016-06-15T01:55:47Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a3-0bf8-4f6e-be5a-440f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a3-0bf8-4f6e-be5a-440f02de0b81",
"value": "https://www.virustotal.com/file/33b288455c12bf7678fb5fd028ff3d42fcaf33cf833a147cb7f0f89f7dad0d8f/analysis/1392684716/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a3-1550-45c6-938a-4f5c02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:47.000Z",
"modified": "2016-06-15T01:55:47.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 15b9c033b49a5328ddb06997a817af55469aaf6bc3911de030e6f5ad845160bc",
"pattern": "[file:hashes.SHA1 = '17ac65b0ae949bb846ca356b334ce3c40c36d0a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a3-2c8c-497c-af24-493302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:47.000Z",
"modified": "2016-06-15T01:55:47.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 15b9c033b49a5328ddb06997a817af55469aaf6bc3911de030e6f5ad845160bc",
"pattern": "[file:hashes.MD5 = 'b213fe655d2c6a05f60da5b114fe481e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a3-d604-4b8f-a697-415e02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:47.000Z",
"modified": "2016-06-15T01:55:47.000Z",
"first_observed": "2016-06-15T01:55:47Z",
"last_observed": "2016-06-15T01:55:47Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a3-d604-4b8f-a697-415e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a3-d604-4b8f-a697-415e02de0b81",
"value": "https://www.virustotal.com/file/15b9c033b49a5328ddb06997a817af55469aaf6bc3911de030e6f5ad845160bc/analysis/1427976396/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a4-ba48-40d8-9b25-4ff702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:48.000Z",
"modified": "2016-06-15T01:55:48.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 029e735581c38d66f03aa0e9d1c22959b0bc8dfe298b9e91b127c42c7f904b5e",
"pattern": "[file:hashes.SHA1 = '5f502ef8b45567234b42d6edbd1926665057615e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a4-7efc-4d3e-a269-4c3702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:48.000Z",
"modified": "2016-06-15T01:55:48.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 029e735581c38d66f03aa0e9d1c22959b0bc8dfe298b9e91b127c42c7f904b5e",
"pattern": "[file:hashes.MD5 = 'ca41c19366bee737fe5bc5008250976a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a4-0810-4e7b-8b82-473402de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:48.000Z",
"modified": "2016-06-15T01:55:48.000Z",
"first_observed": "2016-06-15T01:55:48Z",
"last_observed": "2016-06-15T01:55:48Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a4-0810-4e7b-8b82-473402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a4-0810-4e7b-8b82-473402de0b81",
"value": "https://www.virustotal.com/file/029e735581c38d66f03aa0e9d1c22959b0bc8dfe298b9e91b127c42c7f904b5e/analysis/1415618882/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a4-20c8-439e-87dd-483d02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:48.000Z",
"modified": "2016-06-15T01:55:48.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ba0057a1b132ec16559efc832941455cc07f34c434da2a7434f73f1d2141bebf",
"pattern": "[file:hashes.SHA1 = 'ee4c94151b08e0c5af5ad754dff8e86a22537cec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a4-764c-4f51-be02-4c4002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:48.000Z",
"modified": "2016-06-15T01:55:48.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ba0057a1b132ec16559efc832941455cc07f34c434da2a7434f73f1d2141bebf",
"pattern": "[file:hashes.MD5 = '663e54e686842eb8f8bae2472cf01ba1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a5-577c-4db3-8993-4a3d02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:49.000Z",
"modified": "2016-06-15T01:55:49.000Z",
"first_observed": "2016-06-15T01:55:49Z",
"last_observed": "2016-06-15T01:55:49Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a5-577c-4db3-8993-4a3d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a5-577c-4db3-8993-4a3d02de0b81",
"value": "https://www.virustotal.com/file/ba0057a1b132ec16559efc832941455cc07f34c434da2a7434f73f1d2141bebf/analysis/1425282070/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a5-8d5c-4ed6-926c-4e9b02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:49.000Z",
"modified": "2016-06-15T01:55:49.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: a03bd56eeee9f376eb59c6f4d19bf8a651eeb57bb4ebb7f884192b22a6616e68",
"pattern": "[file:hashes.SHA1 = 'cd9ad276b10cffd4b60c37cd441d9b720f3cfd95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a5-e48c-4913-847c-47dd02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:49.000Z",
"modified": "2016-06-15T01:55:49.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: a03bd56eeee9f376eb59c6f4d19bf8a651eeb57bb4ebb7f884192b22a6616e68",
"pattern": "[file:hashes.MD5 = '5965731f2f237a12f7a4873e3e37658a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a5-3c4c-4a7f-b9b0-412d02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:49.000Z",
"modified": "2016-06-15T01:55:49.000Z",
"first_observed": "2016-06-15T01:55:49Z",
"last_observed": "2016-06-15T01:55:49Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a5-3c4c-4a7f-b9b0-412d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a5-3c4c-4a7f-b9b0-412d02de0b81",
"value": "https://www.virustotal.com/file/a03bd56eeee9f376eb59c6f4d19bf8a651eeb57bb4ebb7f884192b22a6616e68/analysis/1416960110/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a5-e700-4b0d-84a2-47d302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:49.000Z",
"modified": "2016-06-15T01:55:49.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3c5c4d68d0fa6520637fb4afe6a7097ec7d0f1d6a738bb0064bb009ea6344e8d",
"pattern": "[file:hashes.SHA1 = '64e3fb5a3833e0d662cfe8a85985c3fe61e36224']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a6-7d00-423b-9c42-4e3402de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:50.000Z",
"modified": "2016-06-15T01:55:50.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3c5c4d68d0fa6520637fb4afe6a7097ec7d0f1d6a738bb0064bb009ea6344e8d",
"pattern": "[file:hashes.MD5 = 'a3f7895fae05fa121a4e23dd3595c366']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a6-0da4-40ad-b36b-426f02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:50.000Z",
"modified": "2016-06-15T01:55:50.000Z",
"first_observed": "2016-06-15T01:55:50Z",
"last_observed": "2016-06-15T01:55:50Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a6-0da4-40ad-b36b-426f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a6-0da4-40ad-b36b-426f02de0b81",
"value": "https://www.virustotal.com/file/3c5c4d68d0fa6520637fb4afe6a7097ec7d0f1d6a738bb0064bb009ea6344e8d/analysis/1414573515/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a6-68a8-4f54-b382-44c702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:50.000Z",
"modified": "2016-06-15T01:55:50.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 35589ce27c27dd4407a79540f32031d752b774b4bd6b8a3687e19a177ae6b18b",
"pattern": "[file:hashes.SHA1 = '6c6e3e434d2f08ed7725dff646c67c96cdfb5775']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a6-c25c-40e7-970d-48d002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:50.000Z",
"modified": "2016-06-15T01:55:50.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 35589ce27c27dd4407a79540f32031d752b774b4bd6b8a3687e19a177ae6b18b",
"pattern": "[file:hashes.MD5 = 'f34c6239b7d70f23ce02a8d207176637']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a6-c52c-43e9-9341-4be102de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:50.000Z",
"modified": "2016-06-15T01:55:50.000Z",
"first_observed": "2016-06-15T01:55:50Z",
"last_observed": "2016-06-15T01:55:50Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a6-c52c-43e9-9341-4be102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a6-c52c-43e9-9341-4be102de0b81",
"value": "https://www.virustotal.com/file/35589ce27c27dd4407a79540f32031d752b774b4bd6b8a3687e19a177ae6b18b/analysis/1434442386/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a7-5d84-4b46-84b0-4bed02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:51.000Z",
"modified": "2016-06-15T01:55:51.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 5dc3f4a067ae125f99fa90844bba667235ec7ef667353e282ff29712dda5b71c",
"pattern": "[file:hashes.SHA1 = '99fc9f54516a78926827495f167ca14682dcc9bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a7-7104-436c-8759-418202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:51.000Z",
"modified": "2016-06-15T01:55:51.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 5dc3f4a067ae125f99fa90844bba667235ec7ef667353e282ff29712dda5b71c",
"pattern": "[file:hashes.MD5 = '26ff9e2da06b7e90443d6190388581ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a7-0eb4-4fd4-a2a8-409b02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:51.000Z",
"modified": "2016-06-15T01:55:51.000Z",
"first_observed": "2016-06-15T01:55:51Z",
"last_observed": "2016-06-15T01:55:51Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a7-0eb4-4fd4-a2a8-409b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a7-0eb4-4fd4-a2a8-409b02de0b81",
"value": "https://www.virustotal.com/file/5dc3f4a067ae125f99fa90844bba667235ec7ef667353e282ff29712dda5b71c/analysis/1432405782/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a7-e7a4-4fa4-b672-4e6f02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:51.000Z",
"modified": "2016-06-15T01:55:51.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0cc1660e384683f2147e02ff76c69822ee2b98433c3a3613bbd28b9d8258da38",
"pattern": "[file:hashes.SHA1 = '6f61b571984dbcf9dfc2f584337bdcd3e58555b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a7-d38c-40e7-b154-49cc02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:51.000Z",
"modified": "2016-06-15T01:55:51.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0cc1660e384683f2147e02ff76c69822ee2b98433c3a3613bbd28b9d8258da38",
"pattern": "[file:hashes.MD5 = 'b4554c52f708154e529f62ba8e0de084']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a8-1e28-493d-aa7f-4a8a02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:52.000Z",
"modified": "2016-06-15T01:55:52.000Z",
"first_observed": "2016-06-15T01:55:52Z",
"last_observed": "2016-06-15T01:55:52Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a8-1e28-493d-aa7f-4a8a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a8-1e28-493d-aa7f-4a8a02de0b81",
"value": "https://www.virustotal.com/file/0cc1660e384683f2147e02ff76c69822ee2b98433c3a3613bbd28b9d8258da38/analysis/1417518524/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a8-4ef0-441b-aeb1-48c002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:52.000Z",
"modified": "2016-06-15T01:55:52.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: d834e70a524a87945f7a8880b78f5e10460c1d2b60f3e487cb6f05c8221aa4f8",
"pattern": "[file:hashes.SHA1 = 'bdf804fb1869ea58b04a818316cf2327d9a6b1dc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a8-ca94-4730-94cb-460e02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:52.000Z",
"modified": "2016-06-15T01:55:52.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: d834e70a524a87945f7a8880b78f5e10460c1d2b60f3e487cb6f05c8221aa4f8",
"pattern": "[file:hashes.MD5 = '23a1a7f0f30f18ba4d0461829eb46766']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a8-ef18-41a0-a0f9-431002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:52.000Z",
"modified": "2016-06-15T01:55:52.000Z",
"first_observed": "2016-06-15T01:55:52Z",
"last_observed": "2016-06-15T01:55:52Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a8-ef18-41a0-a0f9-431002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a8-ef18-41a0-a0f9-431002de0b81",
"value": "https://www.virustotal.com/file/d834e70a524a87945f7a8880b78f5e10460c1d2b60f3e487cb6f05c8221aa4f8/analysis/1415092839/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a8-4330-4da5-a0db-4e4002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:52.000Z",
"modified": "2016-06-15T01:55:52.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e5bcb55d7881b3b367521532af173e85d1eee66badf89586168d22ed17bc25b2",
"pattern": "[file:hashes.SHA1 = 'd122349b4dc611d4b3470b6ff2d23fd644491ecc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a8-548c-4c9c-a3f2-48a802de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:52.000Z",
"modified": "2016-06-15T01:55:52.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e5bcb55d7881b3b367521532af173e85d1eee66badf89586168d22ed17bc25b2",
"pattern": "[file:hashes.MD5 = 'c27fb6999a0243f041c5e387280f9442']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a9-ce3c-4cfa-b12b-493002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:53.000Z",
"modified": "2016-06-15T01:55:53.000Z",
"first_observed": "2016-06-15T01:55:53Z",
"last_observed": "2016-06-15T01:55:53Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a9-ce3c-4cfa-b12b-493002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a9-ce3c-4cfa-b12b-493002de0b81",
"value": "https://www.virustotal.com/file/e5bcb55d7881b3b367521532af173e85d1eee66badf89586168d22ed17bc25b2/analysis/1417748024/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a9-8070-4c8f-a4f8-479302de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:53.000Z",
"modified": "2016-06-15T01:55:53.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: af67df976fb941c99f4d3dd948ed4828a445dd6f9c98ffc2070c8be76c60484d",
"pattern": "[file:hashes.SHA1 = '31fb6ba509d41ef086137ba454c351eb902f8c13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a9-3cd4-4b72-af82-4fd002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:53.000Z",
"modified": "2016-06-15T01:55:53.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: af67df976fb941c99f4d3dd948ed4828a445dd6f9c98ffc2070c8be76c60484d",
"pattern": "[file:hashes.MD5 = 'd8b95e942993b979fb82c22ea5b5ca18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5a9-cb60-4743-bc5a-4b5b02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:53.000Z",
"modified": "2016-06-15T01:55:53.000Z",
"first_observed": "2016-06-15T01:55:53Z",
"last_observed": "2016-06-15T01:55:53Z",
"number_observed": 1,
"object_refs": [
"url--5760b5a9-cb60-4743-bc5a-4b5b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5a9-cb60-4743-bc5a-4b5b02de0b81",
"value": "https://www.virustotal.com/file/af67df976fb941c99f4d3dd948ed4828a445dd6f9c98ffc2070c8be76c60484d/analysis/1415327976/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5a9-1b68-4461-90fd-4cdd02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:53.000Z",
"modified": "2016-06-15T01:55:53.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2d40ca005a7df46b3f7c691006c9951fc3bee25bb4fa4a0ebbdee76d7d117fdf",
"pattern": "[file:hashes.SHA1 = '7e33ef786015b0c0962f314f4c9c7531d451596d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5aa-963c-4539-8190-42ba02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:54.000Z",
"modified": "2016-06-15T01:55:54.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2d40ca005a7df46b3f7c691006c9951fc3bee25bb4fa4a0ebbdee76d7d117fdf",
"pattern": "[file:hashes.MD5 = '4e493a649e2b87ef1a341809dab34a38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5aa-1a44-4994-8e4b-433202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:54.000Z",
"modified": "2016-06-15T01:55:54.000Z",
"first_observed": "2016-06-15T01:55:54Z",
"last_observed": "2016-06-15T01:55:54Z",
"number_observed": 1,
"object_refs": [
"url--5760b5aa-1a44-4994-8e4b-433202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5aa-1a44-4994-8e4b-433202de0b81",
"value": "https://www.virustotal.com/file/2d40ca005a7df46b3f7c691006c9951fc3bee25bb4fa4a0ebbdee76d7d117fdf/analysis/1444915836/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5aa-7964-44b1-aca4-483102de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:54.000Z",
"modified": "2016-06-15T01:55:54.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2653ecc3ea17e0d5613ddebe76bdddea6c108713330b0bd8e68d2d5141a4a07d",
"pattern": "[file:hashes.SHA1 = '2927297d3dfd2fe2c18ea918fa422cd56cbb4bfd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5aa-0bcc-4bad-b4c5-4ccd02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:54.000Z",
"modified": "2016-06-15T01:55:54.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2653ecc3ea17e0d5613ddebe76bdddea6c108713330b0bd8e68d2d5141a4a07d",
"pattern": "[file:hashes.MD5 = '6b126cd9a5f2af30bb048caef92ceb51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5aa-2c54-41d3-98c3-497d02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:54.000Z",
"modified": "2016-06-15T01:55:54.000Z",
"first_observed": "2016-06-15T01:55:54Z",
"last_observed": "2016-06-15T01:55:54Z",
"number_observed": 1,
"object_refs": [
"url--5760b5aa-2c54-41d3-98c3-497d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5aa-2c54-41d3-98c3-497d02de0b81",
"value": "https://www.virustotal.com/file/2653ecc3ea17e0d5613ddebe76bdddea6c108713330b0bd8e68d2d5141a4a07d/analysis/1454913570/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5ab-f0a0-4057-868c-4d5c02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:55.000Z",
"modified": "2016-06-15T01:55:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: a835baa7ffc265346443b5d6f4828d7221594bd91be8afc08152f3d68698b672",
"pattern": "[file:hashes.SHA1 = '538a1bd99b2c202c0ed18571b5b30ea4004009bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5ab-22a0-4197-9129-4c2202de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:55.000Z",
"modified": "2016-06-15T01:55:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: a835baa7ffc265346443b5d6f4828d7221594bd91be8afc08152f3d68698b672",
"pattern": "[file:hashes.MD5 = 'e79b2d2934e5525e7a40d74875f9d761']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5ab-060c-4caa-b5ea-4e7702de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:55.000Z",
"modified": "2016-06-15T01:55:55.000Z",
"first_observed": "2016-06-15T01:55:55Z",
"last_observed": "2016-06-15T01:55:55Z",
"number_observed": 1,
"object_refs": [
"url--5760b5ab-060c-4caa-b5ea-4e7702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5ab-060c-4caa-b5ea-4e7702de0b81",
"value": "https://www.virustotal.com/file/a835baa7ffc265346443b5d6f4828d7221594bd91be8afc08152f3d68698b672/analysis/1432210810/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5ab-ebc4-40b9-9c50-489002de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:55.000Z",
"modified": "2016-06-15T01:55:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 558461b6fb0441e7f70c4224963490ea49f44d40c5700a4c7fd19be4c62b3d6a",
"pattern": "[file:hashes.SHA1 = '5856baf74ef33f2e5a6966f1f02505f4251d7e17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b5ab-9420-447d-acde-415102de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:55.000Z",
"modified": "2016-06-15T01:55:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 558461b6fb0441e7f70c4224963490ea49f44d40c5700a4c7fd19be4c62b3d6a",
"pattern": "[file:hashes.MD5 = 'f4b247a44be362898c4e587545c7653f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T01:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760b5ac-f3e0-4f8a-b8bf-4ecf02de0b81",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T01:55:56.000Z",
"modified": "2016-06-15T01:55:56.000Z",
"first_observed": "2016-06-15T01:55:56Z",
"last_observed": "2016-06-15T01:55:56Z",
"number_observed": 1,
"object_refs": [
"url--5760b5ac-f3e0-4f8a-b8bf-4ecf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5760b5ac-f3e0-4f8a-b8bf-4ecf02de0b81",
"value": "https://www.virustotal.com/file/558461b6fb0441e7f70c4224963490ea49f44d40c5700a4c7fd19be4c62b3d6a/analysis/1427979640/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5760b708-b0f0-42c2-8d68-491e950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T02:01:44.000Z",
"modified": "2016-06-15T02:01:44.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "A program database path, a file present on the authors\u00e2\u20ac\u2122 machine used to aid in debugging the malware, present in early samples gives more indication that the project started in 2012:",
"x_misp_type": "pattern-in-file",
"x_misp_value": "z:\\project2012\\remotecontrol\\winhttpnet\\amcy\\app\\win7\\installscript\\objfre_wxp_x86\\i386\\InstallScript.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5760b708-a274-40ba-af8a-4a2e950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T02:01:44.000Z",
"modified": "2016-06-15T02:01:44.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "A program database path, a file present on the authors\u00e2\u20ac\u2122 machine used to aid in debugging the malware, present in early samples gives more indication that the project started in 2012:",
"x_misp_type": "pattern-in-file",
"x_misp_value": "z:\\project2012\\remotecontrol\\winhttpnet\\amcy\\app\\win7\\serviceapp\\objfre_wxp_x86\\i386\\ServiceApp.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5760b708-66c8-4821-a214-468f950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T02:01:44.000Z",
"modified": "2016-06-15T02:01:44.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "A program database path, a file present on the authors\u00e2\u20ac\u2122 machine used to aid in debugging the malware, present in early samples gives more indication that the project started in 2012:",
"x_misp_type": "pattern-in-file",
"x_misp_value": "z:\\project2012\\remotecontrol\\winhttpnet\\cqgaen\\app\\installscript\\objfre_wxp_x86\\i386\\InstallScript.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5760b708-0e1c-41d1-bad6-436f950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T02:01:44.000Z",
"modified": "2016-06-15T02:01:44.000Z",
"labels": [
"misp:type=\"pattern-in-file\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
],
"x_misp_category": "Payload delivery",
"x_misp_comment": "A program database path, a file present on the authors\u00e2\u20ac\u2122 machine used to aid in debugging the malware, present in early samples gives more indication that the project started in 2012:",
"x_misp_type": "pattern-in-file",
"x_misp_value": "z:\\project2012\\remotecontrol\\winhttpnet\\cqgaen\\app\\serviceapp\\objfre_wxp_x86\\i386\\ServiceApp.pdb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b756-b958-4f16-8184-4a77950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T02:03:02.000Z",
"modified": "2016-06-15T02:03:02.000Z",
"description": "ShimRat core - C&C",
"pattern": "[url:value = 'http://www.avgfree.us/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T02:03:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5760b78a-4060-4b6c-9763-44de950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T02:03:54.000Z",
"modified": "2016-06-15T02:03:54.000Z",
"description": "ShimRat core - C&C",
"pattern": "[url:value = 'http://adventurelearning.me/wp-content/uploads/index.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T02:03:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5760ba26-b1f8-4a6f-b5fd-486a950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T02:15:02.000Z",
"modified": "2016-06-15T02:15:02.000Z",
"first_observed": "2016-06-15T02:15:02Z",
"last_observed": "2016-06-15T02:15:02Z",
"number_observed": 1,
"object_refs": [
"domain-name--5760ba26-b1f8-4a6f-b5fd-486a950d210f"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5760ba26-b1f8-4a6f-b5fd-486a950d210f",
"value": "citrixmeeting.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--576101e7-9d7c-4f12-866d-4c4f950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T07:21:11.000Z",
"modified": "2016-06-15T07:21:11.000Z",
"description": "Enriched via the circl_passivedns module",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.101.2.135']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-15T07:21:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57613ab9-601c-4f6e-bee3-41c9950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T11:23:37.000Z",
"modified": "2016-06-15T11:23:37.000Z",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"FOX-SRT - Trojan - ShimRatReporter check-in\"; content:\"POST\"; http_method; content:\"Accept-Encoding: utf-8|0d0a|\"; fast_pattern; uricontent:\".php?filename=\"; content:\"Accept: */*\"; content:!\"Referer\"; content:!\"Content-Type\"; threshold: type limit, track by_src, count 1, seconds 600; classtype:trojan-activity; reference:url,blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/; sid:21001857; rev:4;)]",
"pattern_type": "snort",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2016-06-15T11:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57613ab8-e4e0-4f51-9b71-48e6950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T11:23:36.000Z",
"modified": "2016-06-15T11:23:36.000Z",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"FOX-SRT - Trojan - ShimRat check-in (php)\"; flow:established,to_server; content:\"POST\"; http_method; content:\".php HTTP/1.\"; content:\"|0d0a0d0a|php\"; fast_pattern:only; content:!\"Content-Type\"; content:!\"Referer:\"; content:!\"Cookie:\"; threshold: type limit, track by_src, count 1, seconds 600; classtype:trojan-activity; reference:url,blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/; sid:21001855; rev:4;)]",
"pattern_type": "snort",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2016-06-15T11:23:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57613ab9-2728-4b84-8114-4e9d950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-15T11:23:37.000Z",
"modified": "2016-06-15T11:23:37.000Z",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\"FOX-SRT - Trojan - ShimRat check-in (Yuok)\"; flow:established,to_server; content:\"POST\"; http_method; content:\".php HTTP/1.1|0d0a|User-Agent: \"; fast_pattern:only; content:!\"Content-Type\"; content:!\"Referer:\"; content:!\"Cookie:\"; content:\"|0d0a0d0a|\"; pcre:\"/(php)?Yuok\\$\\$\\d\\d/R\"; content:\"Yuok\"; isdataat:!1,relative; threshold: type limit, track by_src, count 1, seconds 600; classtype:trojan-activity; reference:url,blog.fox-it.com/2016/06/15/mofang-a-politically-motivated-information-stealing-adversary/; sid:21001856; rev:4;)]",
"pattern_type": "snort",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2016-06-15T11:23:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5767b45c-78c4-46d5-b94b-4ef5950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-20T09:16:12.000Z",
"modified": "2016-06-20T09:16:12.000Z",
"pattern": "[rule shimrat\r\n{\r\nmeta:\r\ndescription = \"Detects ShimRat and the ShimRat loader\"\r\nauthor = \"Yonathan Klijnsma (yonathan.klijnsma@fox-it.com)\"\r\ndate = \"20/11/2015\"\r\nstrings:\r\n$dll = \".dll\"\r\n$dat = \".dat\"\r\n$headersig = \"QWERTYUIOPLKJHG\"\r\n$datasig = \"MNBVCXZLKJHGFDS\"\r\n$datamarker1 = \"Data$$00\"\r\n$datamarker2 = \"Data$$01%c%sData\"\r\n$cmdlineformat = \"ping localhost -n 9 /c %s > nul\"\r\n$demoproject_keyword1 = \"Demo\"\r\n$demoproject_keyword2 = \"Win32App\"\r\n$comspec = \"COMSPEC\"\r\n$shim_func1 = \"ShimMain\"\r\n$shim_func2 = \"NotifyShims\"\r\n$shim_func3 = \"GetHookAPIs\"\r\ncondition:\r\n($dll and $dat and $headersig and $datasig) or ($datamarker1 and $datamarker2) or ($cmdlineformat and $demoproject_keyword1 and $demoproject_keyword2 and $comspec) or ($dll and $dat and $shim_func1 and $shim_func2 and $shim_func3)\r\n}]",
"pattern_type": "yara",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2016-06-20T09:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5767b444-185c-4442-bb4f-4f86950d210f",
"created_by_ref": "identity--55f6ea5f-03c4-42c7-83bb-4984950d210f",
"created": "2016-06-20T09:15:48.000Z",
"modified": "2016-06-20T09:15:48.000Z",
"pattern": "[rule shimratreporter\r\n{\r\nmeta:\r\ndescription = \"Detects ShimRatReporter\"\r\nauthor = \"Yonathan Klijnsma (yonathan.klijnsma@fox-it.com)\"\r\ndate = \"20/11/2015\"\r\nstrings:\r\n$IpInfo = \"IP-INFO\"\r\n$NetworkInfo = \"Network-INFO\"\r\n$OsInfo = \"OS-INFO\"\r\n$ProcessInfo = \"Process-INFO\"\r\n$BrowserInfo = \"Browser-INFO\"\r\n$QueryUserInfo = \"QueryUser-INFO\"\r\n$UsersInfo = \"Users-INFO\"\r\n$SoftwareInfo = \"Software-INFO\"\r\n$AddressFormat = \"%02X-%02X-%02X-%02X-%02X-%02X\"\r\n$proxy_str = \"(from environment) = %s\"\r\n$netuserfun = \"NetUserEnum\"\r\n$networkparams = \"GetNetworkParams\"\r\ncondition:\r\nall of them\r\n}]",
"pattern_type": "yara",
chg: [gen] updated
2023-12-14 14:30:15 +00:00
"pattern_version": "2.1",
chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
"valid_from": "2016-06-20T09:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"yara\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink