13201 lines
4.9 MiB
JSON
13201 lines
4.9 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--57761f00-7058-4077-aa9a-4ab3950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:35.000Z",
|
||
|
"modified": "2016-07-01T07:57:35.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--57761f00-7058-4077-aa9a-4ab3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:35.000Z",
|
||
|
"modified": "2016-07-01T07:57:35.000Z",
|
||
|
"name": "OSINT - Pacifier APT",
|
||
|
"published": "2016-07-04T06:45:58Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--57761f11-ef74-4550-a466-471d950d210f",
|
||
|
"url--57761f11-ef74-4550-a466-471d950d210f",
|
||
|
"observed-data--57761f33-2be0-4eed-9962-4772950d210f",
|
||
|
"file--57761f33-2be0-4eed-9962-4772950d210f",
|
||
|
"artifact--57761f33-2be0-4eed-9962-4772950d210f",
|
||
|
"indicator--57761f78-020c-439f-99e0-40c9950d210f",
|
||
|
"indicator--57761f78-6ea0-4184-ac9d-4c6b950d210f",
|
||
|
"indicator--57761f78-f150-4edd-b793-4a9d950d210f",
|
||
|
"indicator--57761f78-caa4-41ff-804b-4da7950d210f",
|
||
|
"indicator--57761f79-5b20-4c92-970a-4e29950d210f",
|
||
|
"indicator--57761f79-ae14-417d-a838-4a65950d210f",
|
||
|
"indicator--57761f79-7318-4eab-acaf-42ef950d210f",
|
||
|
"indicator--57761f79-e9a8-4c1c-8135-4dd3950d210f",
|
||
|
"indicator--57761f7a-5884-4a35-8503-47a5950d210f",
|
||
|
"indicator--57761f7a-e3a4-40d9-9a8d-45bb950d210f",
|
||
|
"indicator--57761f7a-0a50-4c25-9ee9-4b89950d210f",
|
||
|
"indicator--57761f7a-4ee8-4110-83f4-4c95950d210f",
|
||
|
"indicator--57761f7a-3334-4e8a-9bc2-4be7950d210f",
|
||
|
"indicator--57761f7b-8cb0-47a8-8f97-4351950d210f",
|
||
|
"indicator--57761f7b-7500-473f-89ed-4a7c950d210f",
|
||
|
"indicator--57761f7b-dd00-414b-9bc7-4a7d950d210f",
|
||
|
"indicator--57761f7b-1538-422c-b981-497d950d210f",
|
||
|
"indicator--57761f7b-87f4-4864-8288-4219950d210f",
|
||
|
"indicator--57761f7c-7f08-4bf7-b2ff-4ac0950d210f",
|
||
|
"indicator--57761f7c-7de8-4e2a-907d-491f950d210f",
|
||
|
"indicator--57761f7c-30bc-4678-a64b-43f1950d210f",
|
||
|
"indicator--57761f7c-d100-48cc-8d02-43ff950d210f",
|
||
|
"indicator--57761f7c-a514-4406-b347-4561950d210f",
|
||
|
"indicator--57761f7d-b6a0-425d-9cd6-4e99950d210f",
|
||
|
"indicator--57761f7d-c8f4-4a91-9c97-47a7950d210f",
|
||
|
"indicator--57761f7d-7d08-4561-841f-46ce950d210f",
|
||
|
"indicator--57761f7d-d824-492f-8fe6-4cb5950d210f",
|
||
|
"indicator--57761f7d-b228-4b9d-82e0-4b12950d210f",
|
||
|
"indicator--57761f7e-12d0-4264-98f6-41ba950d210f",
|
||
|
"indicator--57761f7e-da88-4dca-a67f-4f74950d210f",
|
||
|
"indicator--57761f7e-0710-49af-be72-415f950d210f",
|
||
|
"indicator--57761f7e-f3ac-495a-b500-44e6950d210f",
|
||
|
"indicator--57761f7f-a5c0-4810-a088-474c950d210f",
|
||
|
"indicator--57761f7f-3c08-4bcf-9671-495f950d210f",
|
||
|
"indicator--57761f7f-73bc-4dfd-b6cd-412b950d210f",
|
||
|
"indicator--57761f7f-a214-4bd7-8735-4a13950d210f",
|
||
|
"indicator--57761f7f-2b24-452b-ae5b-4404950d210f",
|
||
|
"indicator--57761f80-9400-41c2-9dbd-4236950d210f",
|
||
|
"indicator--57761f80-0198-4e8b-bd77-4d31950d210f",
|
||
|
"indicator--57761f80-b93c-4380-b88b-4899950d210f",
|
||
|
"indicator--57761f80-c394-48f4-9ba2-427f950d210f",
|
||
|
"indicator--57761f80-d18c-4c02-b9af-4f2f950d210f",
|
||
|
"indicator--57761f80-da70-4a67-a3f3-429f950d210f",
|
||
|
"indicator--57761f81-1a40-4532-8079-4455950d210f",
|
||
|
"indicator--57761f81-9cc4-400a-b682-40af950d210f",
|
||
|
"indicator--57761f81-5d2c-4cb6-b308-40c3950d210f",
|
||
|
"indicator--57761f81-c02c-4d6b-b814-4161950d210f",
|
||
|
"indicator--57761f81-9a74-4053-bc91-40e9950d210f",
|
||
|
"indicator--57761f82-3bac-4c03-9042-43f9950d210f",
|
||
|
"indicator--57761f82-9c04-4afe-a48b-4617950d210f",
|
||
|
"indicator--57761f82-aed4-4137-af0e-4d3b950d210f",
|
||
|
"indicator--57761f82-6378-43a4-a8a6-4cbc950d210f",
|
||
|
"indicator--57761f82-79e0-4622-8b56-4fbf950d210f",
|
||
|
"indicator--57761f83-2f70-4b4e-947b-4827950d210f",
|
||
|
"indicator--57761f83-0330-42c4-9f72-4306950d210f",
|
||
|
"indicator--57761f83-f958-4aaf-980a-4c1c950d210f",
|
||
|
"indicator--57761f83-0ee4-49a9-b822-4731950d210f",
|
||
|
"indicator--57761f83-a618-4e51-accb-4d1a950d210f",
|
||
|
"indicator--57761f84-9610-4046-8a97-4d9e950d210f",
|
||
|
"indicator--57761f84-a980-43d2-8238-4b4c950d210f",
|
||
|
"indicator--57761f84-9304-492f-bf07-45c8950d210f",
|
||
|
"indicator--57761f84-cffc-4c49-a8ca-464e950d210f",
|
||
|
"indicator--57761f84-684c-4152-a714-4011950d210f",
|
||
|
"indicator--57761f85-8af4-4314-923b-43a0950d210f",
|
||
|
"indicator--57761f85-e280-4b26-8e21-4dcd950d210f",
|
||
|
"indicator--57761f85-15cc-4a42-9e31-4ca7950d210f",
|
||
|
"indicator--57761f85-fcec-4e7e-ba7a-42ca950d210f",
|
||
|
"indicator--57761f85-ccd8-4f02-9b8a-48c5950d210f",
|
||
|
"indicator--57761f86-bfe4-4eb2-8ad4-44c3950d210f",
|
||
|
"indicator--57761f86-c2fc-45cf-8814-4b59950d210f",
|
||
|
"indicator--57761f86-7e84-442c-98b1-4ae0950d210f",
|
||
|
"indicator--57761f86-5b9c-45c5-a41c-4bf1950d210f",
|
||
|
"indicator--57761f86-0190-43f1-a288-404b950d210f",
|
||
|
"indicator--57761f86-f7f8-40f7-ac7a-4104950d210f",
|
||
|
"indicator--57761f87-f2e0-4465-a428-4a0b950d210f",
|
||
|
"indicator--57761f87-29a0-47c0-80da-45ea950d210f",
|
||
|
"indicator--57761f87-6fdc-4ca5-8f1c-4ca4950d210f",
|
||
|
"indicator--57761f87-0124-4165-94eb-4485950d210f",
|
||
|
"indicator--57761f87-cba4-4206-a47c-48b1950d210f",
|
||
|
"indicator--57761f88-f774-40d1-ab48-41a1950d210f",
|
||
|
"indicator--57761f88-3808-4f11-b88a-4069950d210f",
|
||
|
"indicator--57761f88-4c50-45bc-bae7-40c7950d210f",
|
||
|
"indicator--57761f88-4fec-43e3-ba8e-4281950d210f",
|
||
|
"indicator--57761f88-dc10-46e0-b99b-4812950d210f",
|
||
|
"indicator--57761f89-e760-4a9f-bc64-447c950d210f",
|
||
|
"indicator--57761f89-afd8-467c-a730-48d2950d210f",
|
||
|
"indicator--57761f89-0c64-4d9d-9881-4752950d210f",
|
||
|
"indicator--57761f89-1ce8-4a49-811b-4658950d210f",
|
||
|
"indicator--57761f89-0044-4ee1-91a9-4ecc950d210f",
|
||
|
"indicator--57761f89-3b20-444c-a64f-4562950d210f",
|
||
|
"indicator--57761f8a-c4b0-4fdc-94de-4fa1950d210f",
|
||
|
"indicator--57761f8a-bfe4-4660-b186-4808950d210f",
|
||
|
"indicator--57761f8a-c838-4350-a119-416b950d210f",
|
||
|
"indicator--57761f8a-a350-4625-a2ab-4b6a950d210f",
|
||
|
"indicator--57761f8b-2a74-4c2b-83d3-4185950d210f",
|
||
|
"indicator--57761f8b-1930-4dad-b4e4-45b7950d210f",
|
||
|
"indicator--57761f8b-11fc-47de-9996-41e3950d210f",
|
||
|
"indicator--57761f8b-1f14-4e8e-a122-41ca950d210f",
|
||
|
"indicator--57762103-bd9c-438d-963d-43c8950d210f",
|
||
|
"indicator--57762104-b034-4cd7-9a16-406c950d210f",
|
||
|
"indicator--57762104-33fc-47fc-be77-4518950d210f",
|
||
|
"indicator--57762104-1cd4-480b-9e38-4332950d210f",
|
||
|
"indicator--57762104-6388-4349-a3fe-4ad4950d210f",
|
||
|
"indicator--57762105-e17c-465b-aa62-49c2950d210f",
|
||
|
"indicator--57762105-080c-4306-b484-4e1e950d210f",
|
||
|
"indicator--57762105-893c-4a01-9aed-4c32950d210f",
|
||
|
"indicator--57762105-0214-45ad-9556-4085950d210f",
|
||
|
"indicator--57762105-6a44-4ed2-8fbb-4ae4950d210f",
|
||
|
"indicator--57762106-a9ac-46e8-b53e-49db950d210f",
|
||
|
"indicator--57762106-157c-423d-bb8c-4e7e950d210f",
|
||
|
"indicator--57762106-69d0-4ea6-b3af-41fb950d210f",
|
||
|
"indicator--57762106-6020-4845-b9c0-45f9950d210f",
|
||
|
"indicator--57762106-e71c-4a42-ae31-4024950d210f",
|
||
|
"indicator--57762107-b98c-4fdc-a0f6-449d950d210f",
|
||
|
"indicator--57762107-897c-461e-b793-49f7950d210f",
|
||
|
"indicator--57762107-1d3c-4148-a70d-493c950d210f",
|
||
|
"indicator--57762107-60d8-4068-9901-4550950d210f",
|
||
|
"indicator--57762108-b7b4-4281-a919-4b4e950d210f",
|
||
|
"indicator--57762108-f310-4f0d-9b17-41a3950d210f",
|
||
|
"indicator--57762108-8dec-471b-8773-467e950d210f",
|
||
|
"indicator--57762108-6110-4035-8fcc-4705950d210f",
|
||
|
"indicator--57762108-0a60-4ee4-9fc7-4667950d210f",
|
||
|
"indicator--57762109-5670-410e-be7c-48f1950d210f",
|
||
|
"indicator--57762109-37a4-4845-83c8-40e9950d210f",
|
||
|
"indicator--57762109-efc4-41e3-bf5e-4954950d210f",
|
||
|
"indicator--57762109-bd28-45bf-bb87-4aa3950d210f",
|
||
|
"indicator--57762109-6dc8-44f9-8114-4df9950d210f",
|
||
|
"indicator--5776210a-5104-43df-b647-4ef5950d210f",
|
||
|
"indicator--5776215f-64b0-4a06-a249-4a64950d210f",
|
||
|
"indicator--57762160-9380-42be-858a-4c5f950d210f",
|
||
|
"indicator--57762160-a470-4d14-bcc4-49b3950d210f",
|
||
|
"indicator--57762160-eb34-4811-8411-4017950d210f",
|
||
|
"indicator--57762160-530c-4c52-8973-47c8950d210f",
|
||
|
"indicator--57762161-2a20-44b5-a570-4fd4950d210f",
|
||
|
"indicator--57762161-b1f4-46a8-a5d8-4dbb950d210f",
|
||
|
"x-misp-attribute--5776217e-a348-4243-bebc-4950950d210f",
|
||
|
"x-misp-attribute--5776217e-f46c-47d0-aaaf-44fd950d210f",
|
||
|
"x-misp-attribute--577621ac-3fc4-4093-8d3d-489a950d210f",
|
||
|
"indicator--5776226f-d248-46a3-a438-441f02de0b81",
|
||
|
"indicator--5776226f-6468-41a9-bf8a-423c02de0b81",
|
||
|
"observed-data--57762270-524c-487f-9724-44f302de0b81",
|
||
|
"url--57762270-524c-487f-9724-44f302de0b81",
|
||
|
"indicator--57762270-3e04-4184-b58d-459a02de0b81",
|
||
|
"indicator--57762270-1698-4362-b2fc-405102de0b81",
|
||
|
"observed-data--57762270-9738-4423-bd1e-46f602de0b81",
|
||
|
"url--57762270-9738-4423-bd1e-46f602de0b81",
|
||
|
"indicator--57762271-7d40-41c8-9761-4b7d02de0b81",
|
||
|
"indicator--57762271-77ac-46ac-881a-43a202de0b81",
|
||
|
"observed-data--57762271-9818-45f6-aa96-497402de0b81",
|
||
|
"url--57762271-9818-45f6-aa96-497402de0b81",
|
||
|
"indicator--57762271-3ee0-4d35-9f2b-463102de0b81",
|
||
|
"indicator--57762271-9154-40f9-b5ea-4b1502de0b81",
|
||
|
"observed-data--57762272-fcac-4b50-a1b9-412002de0b81",
|
||
|
"url--57762272-fcac-4b50-a1b9-412002de0b81",
|
||
|
"indicator--57762272-0048-466e-88fa-48d902de0b81",
|
||
|
"indicator--57762272-faec-465e-98d7-4dba02de0b81",
|
||
|
"observed-data--57762272-9048-4482-a63b-43ab02de0b81",
|
||
|
"url--57762272-9048-4482-a63b-43ab02de0b81",
|
||
|
"indicator--57762272-cddc-4e0f-b898-4e2a02de0b81",
|
||
|
"indicator--57762273-12b4-4fe3-a33f-495f02de0b81",
|
||
|
"observed-data--57762273-7d10-4677-aecd-4b8602de0b81",
|
||
|
"url--57762273-7d10-4677-aecd-4b8602de0b81",
|
||
|
"indicator--57762273-7fd4-4b29-add0-4c7302de0b81",
|
||
|
"indicator--57762273-ea5c-4e6e-b158-4c7002de0b81",
|
||
|
"observed-data--57762274-b7d4-4843-ad92-442002de0b81",
|
||
|
"url--57762274-b7d4-4843-ad92-442002de0b81",
|
||
|
"indicator--57762274-6054-45ef-9aa2-464802de0b81",
|
||
|
"indicator--57762274-5f04-4cf4-85e7-46d202de0b81",
|
||
|
"observed-data--57762274-e354-4af4-956e-47d502de0b81",
|
||
|
"url--57762274-e354-4af4-956e-47d502de0b81",
|
||
|
"indicator--57762274-4f24-4576-84d7-4e0902de0b81",
|
||
|
"indicator--57762275-b268-472d-a65c-40eb02de0b81",
|
||
|
"observed-data--57762275-5f7c-4103-bed0-490c02de0b81",
|
||
|
"url--57762275-5f7c-4103-bed0-490c02de0b81",
|
||
|
"indicator--57762275-a12c-45d7-80c9-423102de0b81",
|
||
|
"indicator--57762275-2978-46e1-87c7-419402de0b81",
|
||
|
"observed-data--57762275-dc7c-431b-b719-478602de0b81",
|
||
|
"url--57762275-dc7c-431b-b719-478602de0b81",
|
||
|
"indicator--57762276-681c-4e23-95ee-487702de0b81",
|
||
|
"indicator--57762276-6e2c-4097-82cf-45b502de0b81",
|
||
|
"observed-data--57762276-496c-4bd1-87cd-4a3502de0b81",
|
||
|
"url--57762276-496c-4bd1-87cd-4a3502de0b81",
|
||
|
"indicator--57762276-d54c-45e7-b553-44f602de0b81",
|
||
|
"indicator--57762277-2838-4e7d-a65a-4d5c02de0b81",
|
||
|
"observed-data--57762277-6d5c-40a8-bbaa-4e4502de0b81",
|
||
|
"url--57762277-6d5c-40a8-bbaa-4e4502de0b81",
|
||
|
"indicator--57762277-cccc-4d5e-8cc0-41cc02de0b81",
|
||
|
"indicator--57762277-39f0-4815-836a-4ef102de0b81",
|
||
|
"observed-data--57762277-181c-4362-8333-43fc02de0b81",
|
||
|
"url--57762277-181c-4362-8333-43fc02de0b81",
|
||
|
"indicator--57762278-fb68-43ea-9e2a-46aa02de0b81",
|
||
|
"indicator--57762278-348c-4ed4-a3a8-4f7802de0b81",
|
||
|
"observed-data--57762278-4c84-4483-be3c-401402de0b81",
|
||
|
"url--57762278-4c84-4483-be3c-401402de0b81",
|
||
|
"indicator--57762278-e73c-4266-9b34-4b6702de0b81",
|
||
|
"indicator--57762278-2ce8-42b6-bdf8-4c0202de0b81",
|
||
|
"observed-data--57762279-2328-4863-8eb7-404302de0b81",
|
||
|
"url--57762279-2328-4863-8eb7-404302de0b81",
|
||
|
"indicator--57762279-3110-49a4-96c8-4c5202de0b81",
|
||
|
"indicator--57762279-d374-4558-9d88-44f302de0b81",
|
||
|
"observed-data--57762279-94c0-4fbf-b95f-4b2a02de0b81",
|
||
|
"url--57762279-94c0-4fbf-b95f-4b2a02de0b81",
|
||
|
"indicator--5776227a-d560-471d-88b7-49eb02de0b81",
|
||
|
"indicator--5776227a-c844-423e-be0d-433702de0b81",
|
||
|
"observed-data--5776227a-1af0-4c98-aeef-40bb02de0b81",
|
||
|
"url--5776227a-1af0-4c98-aeef-40bb02de0b81",
|
||
|
"indicator--5776227a-0c0c-4b5b-b2eb-4a1502de0b81",
|
||
|
"indicator--5776227a-27c0-4d21-8f2b-467302de0b81",
|
||
|
"observed-data--5776227b-0544-4586-9e26-4af802de0b81",
|
||
|
"url--5776227b-0544-4586-9e26-4af802de0b81",
|
||
|
"indicator--5776227b-5778-4835-9808-4fcb02de0b81",
|
||
|
"indicator--5776227b-f1e0-44d1-850b-43a502de0b81",
|
||
|
"observed-data--5776227b-dbdc-4b69-b100-46a402de0b81",
|
||
|
"url--5776227b-dbdc-4b69-b100-46a402de0b81",
|
||
|
"indicator--5776227b-6f38-4d22-8afd-496d02de0b81",
|
||
|
"indicator--5776227c-7e3c-44de-990b-402f02de0b81",
|
||
|
"observed-data--5776227c-4de0-45a6-8d9d-4f2c02de0b81",
|
||
|
"url--5776227c-4de0-45a6-8d9d-4f2c02de0b81",
|
||
|
"indicator--5776227c-2da0-4c78-87e8-4e2102de0b81",
|
||
|
"indicator--5776227c-41a8-4255-885d-441002de0b81",
|
||
|
"observed-data--5776227d-ecf4-49c5-91ed-4ce602de0b81",
|
||
|
"url--5776227d-ecf4-49c5-91ed-4ce602de0b81",
|
||
|
"indicator--5776227d-fb70-4c34-b1e9-417002de0b81",
|
||
|
"indicator--5776227d-1258-417f-b834-4af802de0b81",
|
||
|
"observed-data--5776227d-ea24-4608-be52-4e5b02de0b81",
|
||
|
"url--5776227d-ea24-4608-be52-4e5b02de0b81",
|
||
|
"indicator--5776227d-c0b4-48e2-befb-41a602de0b81",
|
||
|
"indicator--5776227e-f93c-4d9e-aa3f-4c3402de0b81",
|
||
|
"observed-data--5776227e-4bc4-40ec-b7e3-4ea302de0b81",
|
||
|
"url--5776227e-4bc4-40ec-b7e3-4ea302de0b81",
|
||
|
"indicator--5776227e-8c1c-4b45-8dbd-412002de0b81",
|
||
|
"indicator--5776227e-2300-4f5b-8444-457002de0b81",
|
||
|
"observed-data--5776227e-3538-4521-b749-49f902de0b81",
|
||
|
"url--5776227e-3538-4521-b749-49f902de0b81",
|
||
|
"indicator--5776227f-a0f4-43eb-b20e-4cc202de0b81",
|
||
|
"indicator--5776227f-56d8-453f-9b09-4f3c02de0b81",
|
||
|
"observed-data--5776227f-d904-4ac9-98cc-4df702de0b81",
|
||
|
"url--5776227f-d904-4ac9-98cc-4df702de0b81",
|
||
|
"indicator--5776227f-6ac0-4ce0-a75a-4e1902de0b81",
|
||
|
"indicator--57762280-899c-4c89-b6f3-433402de0b81",
|
||
|
"observed-data--57762280-b55c-4d0b-89ce-4b4a02de0b81",
|
||
|
"url--57762280-b55c-4d0b-89ce-4b4a02de0b81",
|
||
|
"indicator--57762280-1388-439e-97e9-449902de0b81",
|
||
|
"indicator--57762280-f78c-43e2-9a0f-4f9a02de0b81",
|
||
|
"observed-data--57762280-f688-49c8-8dad-4fa802de0b81",
|
||
|
"url--57762280-f688-49c8-8dad-4fa802de0b81",
|
||
|
"indicator--57762281-56b0-4d3b-af74-438e02de0b81",
|
||
|
"indicator--57762281-be18-4605-b5aa-473102de0b81",
|
||
|
"observed-data--57762281-1de0-4d76-8e52-411002de0b81",
|
||
|
"url--57762281-1de0-4d76-8e52-411002de0b81",
|
||
|
"indicator--57762281-c154-4ac2-8b6f-474602de0b81",
|
||
|
"indicator--57762281-c598-4ddc-a421-4e6402de0b81",
|
||
|
"observed-data--57762282-3a7c-478b-b862-417702de0b81",
|
||
|
"url--57762282-3a7c-478b-b862-417702de0b81",
|
||
|
"indicator--57762282-5748-422d-b730-44f902de0b81",
|
||
|
"indicator--57762282-5e90-4270-9334-40d702de0b81",
|
||
|
"observed-data--57762282-477c-4520-94e5-49ef02de0b81",
|
||
|
"url--57762282-477c-4520-94e5-49ef02de0b81",
|
||
|
"indicator--57762282-456c-460a-937b-405702de0b81",
|
||
|
"indicator--57762283-0f18-4f47-85cd-45a702de0b81",
|
||
|
"observed-data--57762283-0034-44c3-97ba-4f3302de0b81",
|
||
|
"url--57762283-0034-44c3-97ba-4f3302de0b81",
|
||
|
"indicator--57762283-f808-4710-a4c2-4e3502de0b81",
|
||
|
"indicator--57762283-c654-478f-b986-4a0c02de0b81",
|
||
|
"observed-data--57762284-59a0-4b28-bc67-490402de0b81",
|
||
|
"url--57762284-59a0-4b28-bc67-490402de0b81",
|
||
|
"indicator--57762284-6730-42ba-950a-478502de0b81",
|
||
|
"indicator--57762284-ebcc-46fa-aa95-494502de0b81",
|
||
|
"observed-data--57762284-eea4-490c-9605-4e6c02de0b81",
|
||
|
"url--57762284-eea4-490c-9605-4e6c02de0b81",
|
||
|
"indicator--57762284-de14-496c-8242-402a02de0b81",
|
||
|
"indicator--57762285-f5bc-444e-bf44-4e8c02de0b81",
|
||
|
"observed-data--57762285-c00c-4199-a593-4f6a02de0b81",
|
||
|
"url--57762285-c00c-4199-a593-4f6a02de0b81",
|
||
|
"indicator--57762285-0bd4-4fe6-b487-47f202de0b81",
|
||
|
"indicator--57762285-8868-41e8-8d28-4da702de0b81",
|
||
|
"observed-data--57762285-6818-4b68-875e-452b02de0b81",
|
||
|
"url--57762285-6818-4b68-875e-452b02de0b81",
|
||
|
"indicator--57762286-a3d0-4251-9919-48b302de0b81",
|
||
|
"indicator--57762286-6074-4f59-bc0d-4ddd02de0b81",
|
||
|
"observed-data--57762286-8b24-473c-82ca-4e5702de0b81",
|
||
|
"url--57762286-8b24-473c-82ca-4e5702de0b81",
|
||
|
"indicator--57762286-4688-4152-b622-4dcd02de0b81",
|
||
|
"indicator--57762287-35a0-4b0a-9d29-40c702de0b81",
|
||
|
"observed-data--57762287-5a90-4699-86f8-4c4602de0b81",
|
||
|
"url--57762287-5a90-4699-86f8-4c4602de0b81",
|
||
|
"indicator--57762287-44e4-40e2-9eaa-4f7a02de0b81",
|
||
|
"indicator--57762287-7470-430f-9ff1-400202de0b81",
|
||
|
"observed-data--57762287-8afc-4b4c-9f46-4b6902de0b81",
|
||
|
"url--57762287-8afc-4b4c-9f46-4b6902de0b81",
|
||
|
"indicator--57762288-04d8-401a-ba96-414902de0b81",
|
||
|
"indicator--57762288-20b0-41ff-bc62-428102de0b81",
|
||
|
"observed-data--57762288-8d64-42d2-bd97-4cea02de0b81",
|
||
|
"url--57762288-8d64-42d2-bd97-4cea02de0b81",
|
||
|
"indicator--57762288-d6a4-4e3e-8edf-4bed02de0b81",
|
||
|
"indicator--57762288-fefc-421a-b25b-479902de0b81",
|
||
|
"observed-data--57762289-2584-4e78-8275-447502de0b81",
|
||
|
"url--57762289-2584-4e78-8275-447502de0b81",
|
||
|
"indicator--57762289-80bc-4a29-a0ef-422102de0b81",
|
||
|
"indicator--57762289-6e98-4118-93cc-422202de0b81",
|
||
|
"observed-data--57762289-6550-4740-b15f-44c502de0b81",
|
||
|
"url--57762289-6550-4740-b15f-44c502de0b81",
|
||
|
"indicator--5776228a-7674-47c8-8918-42f402de0b81",
|
||
|
"indicator--5776228a-523c-4092-8609-439202de0b81",
|
||
|
"observed-data--5776228a-a5f0-4de2-a150-43a202de0b81",
|
||
|
"url--5776228a-a5f0-4de2-a150-43a202de0b81",
|
||
|
"indicator--5776228a-57f0-41b2-89b3-440b02de0b81",
|
||
|
"indicator--5776228a-72dc-495a-8175-499d02de0b81",
|
||
|
"observed-data--5776228b-394c-4b32-bd45-402802de0b81",
|
||
|
"url--5776228b-394c-4b32-bd45-402802de0b81",
|
||
|
"indicator--5776228b-f49c-47ff-8d49-4ed802de0b81",
|
||
|
"indicator--5776228b-a3d4-4f68-a02c-49ae02de0b81",
|
||
|
"observed-data--5776228b-e1e8-4087-b7be-4ac502de0b81",
|
||
|
"url--5776228b-e1e8-4087-b7be-4ac502de0b81",
|
||
|
"indicator--5776228c-19cc-4a41-a56d-4e2002de0b81",
|
||
|
"indicator--5776228c-35c0-4d92-af6f-421e02de0b81",
|
||
|
"observed-data--5776228c-84a8-44ae-a936-4a9d02de0b81",
|
||
|
"url--5776228c-84a8-44ae-a936-4a9d02de0b81",
|
||
|
"indicator--5776228c-39b0-41a7-acf3-49e002de0b81",
|
||
|
"indicator--5776228c-7980-4fde-83ee-44b202de0b81",
|
||
|
"observed-data--5776228d-8724-4b47-950c-4e9502de0b81",
|
||
|
"url--5776228d-8724-4b47-950c-4e9502de0b81",
|
||
|
"indicator--5776228d-b374-4910-a8c7-42b302de0b81",
|
||
|
"indicator--5776228d-be5c-445b-86c5-497a02de0b81",
|
||
|
"observed-data--5776228d-d364-4808-8db7-452502de0b81",
|
||
|
"url--5776228d-d364-4808-8db7-452502de0b81",
|
||
|
"indicator--5776228e-e650-49fa-a108-457602de0b81",
|
||
|
"indicator--5776228e-16a4-45c6-b641-49aa02de0b81",
|
||
|
"observed-data--5776228e-6458-4ce4-9353-442a02de0b81",
|
||
|
"url--5776228e-6458-4ce4-9353-442a02de0b81",
|
||
|
"indicator--5776228e-e1c8-4961-b1a2-49cb02de0b81",
|
||
|
"indicator--5776228e-459c-40d0-846b-4b9702de0b81",
|
||
|
"observed-data--5776228f-b8d8-4c97-922b-49fd02de0b81",
|
||
|
"url--5776228f-b8d8-4c97-922b-49fd02de0b81",
|
||
|
"indicator--5776228f-4fe8-4053-b362-4ae702de0b81",
|
||
|
"indicator--5776228f-7e0c-4fb4-aab6-414402de0b81",
|
||
|
"observed-data--5776228f-475c-4613-b359-4cef02de0b81",
|
||
|
"url--5776228f-475c-4613-b359-4cef02de0b81",
|
||
|
"indicator--5776228f-f0ac-4cf8-90fe-4ffe02de0b81",
|
||
|
"indicator--57762290-366c-4f4f-a74a-415c02de0b81",
|
||
|
"observed-data--57762290-9c58-4cf2-91e7-4e6102de0b81",
|
||
|
"url--57762290-9c58-4cf2-91e7-4e6102de0b81",
|
||
|
"indicator--57762290-eed4-4fc9-b6ec-42de02de0b81",
|
||
|
"indicator--57762290-d584-4868-9f3a-4b7502de0b81",
|
||
|
"observed-data--57762291-c024-4350-9751-4fdd02de0b81",
|
||
|
"url--57762291-c024-4350-9751-4fdd02de0b81",
|
||
|
"indicator--57762291-6388-4409-a066-44c002de0b81",
|
||
|
"indicator--57762291-96d8-4e3b-8a92-498002de0b81",
|
||
|
"observed-data--57762291-62b8-46ec-be9d-45b702de0b81",
|
||
|
"url--57762291-62b8-46ec-be9d-45b702de0b81",
|
||
|
"indicator--57762291-f75c-4ede-8e40-4a4d02de0b81",
|
||
|
"indicator--57762292-9ef8-425d-8eb6-434602de0b81",
|
||
|
"observed-data--57762292-efa8-4b11-bcc6-4a4602de0b81",
|
||
|
"url--57762292-efa8-4b11-bcc6-4a4602de0b81",
|
||
|
"indicator--57762292-e328-4036-baec-458602de0b81",
|
||
|
"indicator--57762292-1bf8-4603-a54d-4afb02de0b81",
|
||
|
"observed-data--57762292-8404-4fd0-9785-484902de0b81",
|
||
|
"url--57762292-8404-4fd0-9785-484902de0b81",
|
||
|
"indicator--57762293-0644-493d-8d06-411a02de0b81",
|
||
|
"indicator--57762293-4a58-41dd-94d6-48ab02de0b81",
|
||
|
"observed-data--57762293-e8dc-4ae2-8126-422a02de0b81",
|
||
|
"url--57762293-e8dc-4ae2-8126-422a02de0b81",
|
||
|
"indicator--57762293-a900-4961-9418-4dd302de0b81",
|
||
|
"indicator--57762294-4e9c-429d-bb8a-492c02de0b81",
|
||
|
"observed-data--57762294-7764-4af5-aac1-469502de0b81",
|
||
|
"url--57762294-7764-4af5-aac1-469502de0b81",
|
||
|
"indicator--57762294-0e3c-480e-b660-4bf002de0b81",
|
||
|
"indicator--57762294-b618-44cf-beae-421202de0b81",
|
||
|
"observed-data--57762294-9dc4-4d2f-8d84-444302de0b81",
|
||
|
"url--57762294-9dc4-4d2f-8d84-444302de0b81",
|
||
|
"indicator--57762295-1530-4722-902f-4a2e02de0b81",
|
||
|
"indicator--57762295-cb38-4486-bdd0-482e02de0b81",
|
||
|
"observed-data--57762295-8e94-4a2e-9823-4f5302de0b81",
|
||
|
"url--57762295-8e94-4a2e-9823-4f5302de0b81",
|
||
|
"indicator--57762295-e5bc-45d0-8efc-411202de0b81",
|
||
|
"indicator--57762296-f9b0-4afe-91fe-404b02de0b81",
|
||
|
"observed-data--57762296-8bf4-44f7-801f-46f102de0b81",
|
||
|
"url--57762296-8bf4-44f7-801f-46f102de0b81",
|
||
|
"indicator--57762296-99b4-4a45-9414-49ac02de0b81",
|
||
|
"indicator--57762296-f3a8-497e-a278-417c02de0b81",
|
||
|
"observed-data--57762296-88e8-48ed-9edf-422c02de0b81",
|
||
|
"url--57762296-88e8-48ed-9edf-422c02de0b81",
|
||
|
"indicator--57762297-0bb0-4d29-b8e8-488402de0b81",
|
||
|
"indicator--57762297-8194-4b7e-a919-4d1602de0b81",
|
||
|
"observed-data--57762297-fb08-4b5e-ab26-41e602de0b81",
|
||
|
"url--57762297-fb08-4b5e-ab26-41e602de0b81",
|
||
|
"indicator--57762297-4584-44d3-a6a8-49c502de0b81",
|
||
|
"indicator--57762297-47f0-403e-a803-41d402de0b81",
|
||
|
"observed-data--57762297-3168-40bd-90fc-4c1202de0b81",
|
||
|
"url--57762297-3168-40bd-90fc-4c1202de0b81",
|
||
|
"indicator--57762298-5a88-4ea0-991e-40c802de0b81",
|
||
|
"indicator--57762298-fb5c-4d53-9311-41a602de0b81",
|
||
|
"observed-data--57762298-ed28-41e0-9411-41d202de0b81",
|
||
|
"url--57762298-ed28-41e0-9411-41d202de0b81",
|
||
|
"indicator--57762298-c554-48d1-87b3-48cf02de0b81",
|
||
|
"indicator--57762298-bdd0-4637-a45c-4c5e02de0b81",
|
||
|
"observed-data--57762299-7910-4b64-8778-47d302de0b81",
|
||
|
"url--57762299-7910-4b64-8778-47d302de0b81",
|
||
|
"indicator--57762299-a51c-4cde-86f0-4ba002de0b81",
|
||
|
"indicator--57762299-d8a4-4f9a-b985-4e0202de0b81",
|
||
|
"observed-data--57762299-5eb8-4e84-a698-434002de0b81",
|
||
|
"url--57762299-5eb8-4e84-a698-434002de0b81",
|
||
|
"indicator--5776229a-b640-495f-af5b-432f02de0b81",
|
||
|
"indicator--5776229a-dfcc-4bc0-a424-44d702de0b81",
|
||
|
"observed-data--5776229a-dbdc-4da9-96a1-471702de0b81",
|
||
|
"url--5776229a-dbdc-4da9-96a1-471702de0b81",
|
||
|
"indicator--5776229a-3348-43fb-bc46-402202de0b81",
|
||
|
"indicator--5776229a-d984-40f8-a8f1-474f02de0b81",
|
||
|
"observed-data--5776229b-6ed8-487f-84fb-4e4302de0b81",
|
||
|
"url--5776229b-6ed8-487f-84fb-4e4302de0b81",
|
||
|
"indicator--5776229b-50e0-46cc-8866-47fe02de0b81",
|
||
|
"indicator--5776229b-4738-4db9-81b1-43b702de0b81",
|
||
|
"observed-data--5776229b-2884-4028-9dc1-4e9202de0b81",
|
||
|
"url--5776229b-2884-4028-9dc1-4e9202de0b81",
|
||
|
"indicator--5776229b-f830-4870-81eb-457502de0b81",
|
||
|
"indicator--5776229c-5958-4aaf-b11c-474f02de0b81",
|
||
|
"observed-data--5776229c-c038-4614-9bd1-4ee102de0b81",
|
||
|
"url--5776229c-c038-4614-9bd1-4ee102de0b81",
|
||
|
"indicator--5776229c-9330-46f6-8f0d-4f3902de0b81",
|
||
|
"indicator--5776229c-4a3c-4ff1-b1ba-43b702de0b81",
|
||
|
"observed-data--5776229d-85cc-47f6-b608-4d6002de0b81",
|
||
|
"url--5776229d-85cc-47f6-b608-4d6002de0b81",
|
||
|
"indicator--5776229d-b6b4-40f1-b649-447402de0b81",
|
||
|
"indicator--5776229d-c510-4721-8b4f-482102de0b81",
|
||
|
"observed-data--5776229d-9fc0-4024-9c61-444a02de0b81",
|
||
|
"url--5776229d-9fc0-4024-9c61-444a02de0b81",
|
||
|
"indicator--5776229d-9d30-4d79-beb5-4ba802de0b81",
|
||
|
"indicator--5776229e-c16c-4c0c-94a7-446202de0b81",
|
||
|
"observed-data--5776229e-6860-4cce-b0f6-451b02de0b81",
|
||
|
"url--5776229e-6860-4cce-b0f6-451b02de0b81",
|
||
|
"indicator--5776229e-5894-4081-8e42-4a8c02de0b81",
|
||
|
"indicator--5776229e-478c-4095-9492-475002de0b81",
|
||
|
"observed-data--5776229e-dc40-47a3-8291-4d1702de0b81",
|
||
|
"url--5776229e-dc40-47a3-8291-4d1702de0b81",
|
||
|
"indicator--5776229f-6160-4b1c-8cb0-408e02de0b81",
|
||
|
"indicator--5776229f-2f60-4722-a200-4c6e02de0b81",
|
||
|
"observed-data--5776229f-4f60-457d-9f45-4d3c02de0b81",
|
||
|
"url--5776229f-4f60-457d-9f45-4d3c02de0b81",
|
||
|
"indicator--5776229f-c8c0-4170-b8c4-424b02de0b81",
|
||
|
"indicator--577622a0-3b24-4f43-bca8-418702de0b81",
|
||
|
"observed-data--577622a0-5650-43bd-8108-47d702de0b81",
|
||
|
"url--577622a0-5650-43bd-8108-47d702de0b81",
|
||
|
"indicator--577622a0-588c-449d-9e05-487202de0b81",
|
||
|
"indicator--577622a0-5ba4-47d8-b395-44e902de0b81",
|
||
|
"observed-data--577622a0-410c-4f1c-ab79-438802de0b81",
|
||
|
"url--577622a0-410c-4f1c-ab79-438802de0b81",
|
||
|
"indicator--577622a1-9d44-423d-ac0c-4d1602de0b81",
|
||
|
"indicator--577622a1-7968-49c1-9318-4a5c02de0b81",
|
||
|
"observed-data--577622a1-3568-4c4b-8cbe-4b8c02de0b81",
|
||
|
"url--577622a1-3568-4c4b-8cbe-4b8c02de0b81",
|
||
|
"indicator--577622a1-b1f8-4299-b4c3-435702de0b81",
|
||
|
"indicator--577622a2-393c-440f-b507-4cc802de0b81",
|
||
|
"observed-data--577622a2-7ab0-4466-840b-43ca02de0b81",
|
||
|
"url--577622a2-7ab0-4466-840b-43ca02de0b81",
|
||
|
"indicator--577622a2-0328-493e-b171-4b1002de0b81",
|
||
|
"indicator--577622a2-b378-4dde-b38c-476d02de0b81",
|
||
|
"observed-data--577622a2-efd8-4221-ad51-40bd02de0b81",
|
||
|
"url--577622a2-efd8-4221-ad51-40bd02de0b81",
|
||
|
"indicator--577622a3-4ea8-4b56-a320-457902de0b81",
|
||
|
"indicator--577622a3-f844-4c8e-ba22-4a2a02de0b81",
|
||
|
"observed-data--577622a3-5208-4ea4-94db-42b302de0b81",
|
||
|
"url--577622a3-5208-4ea4-94db-42b302de0b81",
|
||
|
"indicator--577622a3-fa50-4e64-a160-42e102de0b81",
|
||
|
"indicator--577622a3-f3c0-4c2f-a75f-494d02de0b81",
|
||
|
"observed-data--577622a4-6ac8-4611-a7cb-497302de0b81",
|
||
|
"url--577622a4-6ac8-4611-a7cb-497302de0b81",
|
||
|
"indicator--577622a4-9fe8-41f6-9c4e-47e802de0b81",
|
||
|
"indicator--577622a4-0d5c-4d5c-b136-4d2402de0b81",
|
||
|
"observed-data--577622a4-28b8-4072-b389-489602de0b81",
|
||
|
"url--577622a4-28b8-4072-b389-489602de0b81",
|
||
|
"indicator--577622a4-14d8-4a6b-8835-4f8902de0b81",
|
||
|
"indicator--577622a5-3d30-4570-b749-447802de0b81",
|
||
|
"observed-data--577622a5-2ea8-41d6-bc61-432a02de0b81",
|
||
|
"url--577622a5-2ea8-41d6-bc61-432a02de0b81",
|
||
|
"indicator--577622a5-f948-4a8c-975f-48d602de0b81",
|
||
|
"indicator--577622a5-34f0-4333-b5f6-484602de0b81",
|
||
|
"observed-data--577622a6-27d4-4740-a7f9-42c602de0b81",
|
||
|
"url--577622a6-27d4-4740-a7f9-42c602de0b81",
|
||
|
"indicator--577622a6-3da8-4f76-87ff-4e1702de0b81",
|
||
|
"indicator--577622a6-e14c-4430-a097-418d02de0b81",
|
||
|
"observed-data--577622a6-5060-4860-b2a1-4aa302de0b81",
|
||
|
"url--577622a6-5060-4860-b2a1-4aa302de0b81",
|
||
|
"indicator--577622a6-a5d0-49e9-8fc9-467a02de0b81",
|
||
|
"indicator--577622a7-82a0-4d36-ab26-436e02de0b81",
|
||
|
"observed-data--577622a7-6570-4503-bbd7-40e802de0b81",
|
||
|
"url--577622a7-6570-4503-bbd7-40e802de0b81",
|
||
|
"indicator--577622a7-8f3c-4248-997c-47b002de0b81",
|
||
|
"indicator--577622a7-f718-499b-b46b-4bc702de0b81",
|
||
|
"observed-data--577622a7-58e8-4406-9c95-4b9402de0b81",
|
||
|
"url--577622a7-58e8-4406-9c95-4b9402de0b81",
|
||
|
"indicator--577622a8-0edc-47a2-81b9-4a7f02de0b81",
|
||
|
"indicator--577622a8-b08c-42d4-9cf6-4ab502de0b81",
|
||
|
"observed-data--577622a8-5a54-49f2-af0a-4cb602de0b81",
|
||
|
"url--577622a8-5a54-49f2-af0a-4cb602de0b81",
|
||
|
"indicator--577622a8-1fcc-4890-96cd-4b7802de0b81",
|
||
|
"indicator--577622a9-8164-49c0-a961-427d02de0b81",
|
||
|
"observed-data--577622a9-db84-4384-bbc3-48b202de0b81",
|
||
|
"url--577622a9-db84-4384-bbc3-48b202de0b81",
|
||
|
"indicator--577622a9-4bf0-42a0-8f1a-4da502de0b81",
|
||
|
"indicator--577622a9-5588-4de3-98b9-40cf02de0b81",
|
||
|
"observed-data--577622a9-6da4-4e0f-bd6b-4add02de0b81",
|
||
|
"url--577622a9-6da4-4e0f-bd6b-4add02de0b81",
|
||
|
"indicator--577622aa-4a20-488a-beee-45f402de0b81",
|
||
|
"indicator--577622aa-ab1c-4fdc-8da9-443502de0b81",
|
||
|
"observed-data--577622aa-ba70-4725-91b7-4b4b02de0b81",
|
||
|
"url--577622aa-ba70-4725-91b7-4b4b02de0b81",
|
||
|
"indicator--577622aa-5630-4b39-bbee-485902de0b81",
|
||
|
"indicator--577622aa-8a0c-472c-ab66-406802de0b81",
|
||
|
"observed-data--577622ab-7d80-4427-880a-456102de0b81",
|
||
|
"url--577622ab-7d80-4427-880a-456102de0b81",
|
||
|
"indicator--577622ab-9388-44d3-8680-481c02de0b81",
|
||
|
"indicator--577622ab-f3ac-48a9-981f-4f2302de0b81",
|
||
|
"observed-data--577622ab-d820-4817-8c24-492a02de0b81",
|
||
|
"url--577622ab-d820-4817-8c24-492a02de0b81",
|
||
|
"indicator--577622ab-4d60-4a1b-bf2a-464a02de0b81",
|
||
|
"indicator--577622ac-1f80-465e-a9d6-442002de0b81",
|
||
|
"observed-data--577622ac-437c-4cf0-8eb5-428602de0b81",
|
||
|
"url--577622ac-437c-4cf0-8eb5-428602de0b81",
|
||
|
"indicator--577622ac-90b0-4162-b35d-44e802de0b81",
|
||
|
"indicator--577622ac-a678-4f1c-97a1-491d02de0b81",
|
||
|
"observed-data--577622ad-4d34-4ccf-b447-402e02de0b81",
|
||
|
"url--577622ad-4d34-4ccf-b447-402e02de0b81",
|
||
|
"indicator--577622ad-96ac-4195-8bc8-41d702de0b81",
|
||
|
"indicator--577622ad-c11c-4bd3-9b01-41bb02de0b81",
|
||
|
"observed-data--577622ad-d774-401c-afd2-4c7702de0b81",
|
||
|
"url--577622ad-d774-401c-afd2-4c7702de0b81",
|
||
|
"indicator--577622ad-cc18-4cb3-ad7b-407d02de0b81",
|
||
|
"indicator--577622ae-789c-4079-9a13-4e4c02de0b81",
|
||
|
"observed-data--577622ae-eecc-47ca-8df9-461102de0b81",
|
||
|
"url--577622ae-eecc-47ca-8df9-461102de0b81",
|
||
|
"indicator--577622ae-f46c-4de6-8ebd-4e9502de0b81",
|
||
|
"indicator--577622ae-7284-4c3f-a15a-451102de0b81",
|
||
|
"observed-data--577622af-3650-495b-add5-454002de0b81",
|
||
|
"url--577622af-3650-495b-add5-454002de0b81",
|
||
|
"indicator--577622af-1cac-45ac-8281-459202de0b81",
|
||
|
"indicator--577622af-4c70-41d9-b113-4de602de0b81",
|
||
|
"observed-data--577622af-0bd8-4195-8a09-4fb102de0b81",
|
||
|
"url--577622af-0bd8-4195-8a09-4fb102de0b81",
|
||
|
"indicator--577622af-4cc0-45c8-8fdb-47cb02de0b81",
|
||
|
"indicator--577622b0-57cc-46e7-8972-4fad02de0b81",
|
||
|
"observed-data--577622b0-65f8-44aa-9163-455b02de0b81",
|
||
|
"url--577622b0-65f8-44aa-9163-455b02de0b81",
|
||
|
"indicator--577622b0-37e0-456c-9d50-48c202de0b81",
|
||
|
"indicator--577622b0-a740-40e7-99f3-483d02de0b81",
|
||
|
"observed-data--577622b0-10e0-4044-9d83-48df02de0b81",
|
||
|
"url--577622b0-10e0-4044-9d83-48df02de0b81",
|
||
|
"indicator--577622b1-4970-497e-b600-48ce02de0b81",
|
||
|
"indicator--577622b1-78ac-42fe-9c51-4a2602de0b81",
|
||
|
"observed-data--577622b1-5170-44ac-a2f8-498502de0b81",
|
||
|
"url--577622b1-5170-44ac-a2f8-498502de0b81",
|
||
|
"indicator--577622b1-76c4-4cd9-8806-48c502de0b81",
|
||
|
"indicator--577622b1-1fa4-4fd6-9b6d-45b102de0b81",
|
||
|
"observed-data--577622b2-4f1c-4d02-b21a-464202de0b81",
|
||
|
"url--577622b2-4f1c-4d02-b21a-464202de0b81",
|
||
|
"indicator--577622b2-3ce4-40b4-ba8b-415202de0b81",
|
||
|
"indicator--577622b2-538c-44bd-842d-419702de0b81",
|
||
|
"observed-data--577622b2-0450-4461-9bfc-451002de0b81",
|
||
|
"url--577622b2-0450-4461-9bfc-451002de0b81",
|
||
|
"indicator--577622b2-3d44-4a01-9833-48b802de0b81",
|
||
|
"indicator--577622b3-2694-4cae-b6cd-47d302de0b81",
|
||
|
"observed-data--577622b3-181c-45b6-99af-4c7b02de0b81",
|
||
|
"url--577622b3-181c-45b6-99af-4c7b02de0b81",
|
||
|
"indicator--577622b3-b8ac-41c8-bf8c-439802de0b81",
|
||
|
"indicator--577622b3-8714-4346-8151-4dcf02de0b81",
|
||
|
"observed-data--577622b3-676c-4fd6-bc91-4db502de0b81",
|
||
|
"url--577622b3-676c-4fd6-bc91-4db502de0b81",
|
||
|
"indicator--577622b4-4d6c-44d2-8e2b-455002de0b81",
|
||
|
"indicator--577622b4-9358-460e-9766-46ad02de0b81",
|
||
|
"observed-data--577622b4-e598-497c-ae50-4ed902de0b81",
|
||
|
"url--577622b4-e598-497c-ae50-4ed902de0b81",
|
||
|
"indicator--577622b4-5744-4de8-9f77-473b02de0b81",
|
||
|
"indicator--577622b4-ca98-40df-be39-4d0702de0b81",
|
||
|
"observed-data--577622b5-1134-482a-b348-4ac702de0b81",
|
||
|
"url--577622b5-1134-482a-b348-4ac702de0b81",
|
||
|
"indicator--577622b5-90b0-43f3-a0ae-44ff02de0b81",
|
||
|
"indicator--577622b5-5b54-406c-b964-4dd402de0b81",
|
||
|
"observed-data--577622b5-a438-46f1-9978-4ef802de0b81",
|
||
|
"url--577622b5-a438-46f1-9978-4ef802de0b81",
|
||
|
"indicator--577622b5-9f24-4fbd-be61-41df02de0b81",
|
||
|
"indicator--577622b5-4894-4a4a-a718-442802de0b81",
|
||
|
"observed-data--577622b6-c0c8-4d2e-8304-4dae02de0b81",
|
||
|
"url--577622b6-c0c8-4d2e-8304-4dae02de0b81",
|
||
|
"indicator--577622b6-1740-4c7e-b243-414302de0b81",
|
||
|
"indicator--577622b6-a400-4afe-8fb4-409402de0b81",
|
||
|
"observed-data--577622b6-ec54-46bb-934b-4e6c02de0b81",
|
||
|
"url--577622b6-ec54-46bb-934b-4e6c02de0b81",
|
||
|
"indicator--577622b6-1bb8-4781-a15c-4f2502de0b81",
|
||
|
"indicator--577622b7-c6ac-4e1a-ab65-485f02de0b81",
|
||
|
"observed-data--577622b7-16b0-40c2-aee9-46a602de0b81",
|
||
|
"url--577622b7-16b0-40c2-aee9-46a602de0b81",
|
||
|
"indicator--577622b7-72f0-45bf-8e92-4feb02de0b81",
|
||
|
"indicator--577622b7-0cf4-484b-aaf7-4e5502de0b81",
|
||
|
"observed-data--577622b7-58b4-4dcf-8c00-4d8602de0b81",
|
||
|
"url--577622b7-58b4-4dcf-8c00-4d8602de0b81",
|
||
|
"indicator--577622b8-3ebc-408d-a18f-4c4402de0b81",
|
||
|
"indicator--577622b8-b848-4cb9-a4eb-427a02de0b81",
|
||
|
"observed-data--577622b8-33ac-419a-8ea5-4dc202de0b81",
|
||
|
"url--577622b8-33ac-419a-8ea5-4dc202de0b81",
|
||
|
"indicator--577622b8-2450-4e39-b670-467a02de0b81",
|
||
|
"indicator--577622b8-6fb4-4ac1-99f1-47d302de0b81",
|
||
|
"observed-data--577622b9-5104-47e1-8258-4baa02de0b81",
|
||
|
"url--577622b9-5104-47e1-8258-4baa02de0b81",
|
||
|
"indicator--577622b9-12bc-4083-8d37-4b8002de0b81",
|
||
|
"indicator--577622b9-d774-487d-97e7-4bfa02de0b81",
|
||
|
"observed-data--577622b9-a3e8-4159-8f2f-418202de0b81",
|
||
|
"url--577622b9-a3e8-4159-8f2f-418202de0b81",
|
||
|
"indicator--577622b9-1148-4072-8fad-43b402de0b81",
|
||
|
"indicator--577622ba-bad0-41e8-b8a5-406902de0b81",
|
||
|
"observed-data--577622ba-e364-497f-ada0-466502de0b81",
|
||
|
"url--577622ba-e364-497f-ada0-466502de0b81",
|
||
|
"indicator--577622ba-e208-4e77-b67b-43df02de0b81",
|
||
|
"indicator--577622ba-499c-4f96-8f91-495502de0b81",
|
||
|
"observed-data--577622bb-4f2c-41d7-8c5b-45df02de0b81",
|
||
|
"url--577622bb-4f2c-41d7-8c5b-45df02de0b81",
|
||
|
"indicator--577622bb-a60c-4861-9dd8-400102de0b81",
|
||
|
"indicator--577622bb-6e8c-4220-807b-474202de0b81",
|
||
|
"observed-data--577622bb-8b10-441c-8a6d-429a02de0b81",
|
||
|
"url--577622bb-8b10-441c-8a6d-429a02de0b81",
|
||
|
"indicator--577622bb-ef04-4f29-96fe-419f02de0b81",
|
||
|
"indicator--577622bb-dacc-4204-9ff3-497c02de0b81",
|
||
|
"observed-data--577622bc-2fb0-4f20-ae75-434202de0b81",
|
||
|
"url--577622bc-2fb0-4f20-ae75-434202de0b81",
|
||
|
"indicator--577622bc-029c-4187-b10c-448702de0b81",
|
||
|
"indicator--577622bc-2abc-4546-a5b4-4d6f02de0b81",
|
||
|
"observed-data--577622bc-81b4-4573-b1ea-4c8402de0b81",
|
||
|
"url--577622bc-81b4-4573-b1ea-4c8402de0b81",
|
||
|
"indicator--577622bc-6014-4cea-98b9-47d802de0b81",
|
||
|
"indicator--577622bd-e4c4-40f3-a15c-44bd02de0b81",
|
||
|
"observed-data--577622bd-e5a0-463c-b21f-40da02de0b81",
|
||
|
"url--577622bd-e5a0-463c-b21f-40da02de0b81",
|
||
|
"indicator--577622bd-1154-4e54-8e6b-46dc02de0b81",
|
||
|
"indicator--577622bd-c310-4fb7-b738-4be902de0b81",
|
||
|
"observed-data--577622bd-e908-49b5-88f2-471802de0b81",
|
||
|
"url--577622bd-e908-49b5-88f2-471802de0b81",
|
||
|
"indicator--577622bd-895c-448c-8b12-42e202de0b81",
|
||
|
"indicator--577622be-f260-40cb-b733-410702de0b81",
|
||
|
"observed-data--577622be-4840-4e44-83a1-49cc02de0b81",
|
||
|
"url--577622be-4840-4e44-83a1-49cc02de0b81",
|
||
|
"indicator--5777fb83-d690-4e69-9033-4bf2950d210f",
|
||
|
"indicator--5777fb83-178c-4459-b097-4f46950d210f",
|
||
|
"indicator--5777fb84-6014-4eee-beb9-4d85950d210f",
|
||
|
"indicator--5777fb84-717c-45e9-b992-4f51950d210f",
|
||
|
"indicator--5777fb84-8ebc-4e3d-814d-4b86950d210f",
|
||
|
"indicator--5777fb84-9610-454e-84c4-4cfe950d210f",
|
||
|
"indicator--5777fb84-aea0-4fa2-8248-432e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"circl:incident-classification=\"malware\"",
|
||
|
"type:OSINT"
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57761f11-ef74-4550-a466-471d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:43:13.000Z",
|
||
|
"modified": "2016-07-01T07:43:13.000Z",
|
||
|
"first_observed": "2016-07-01T07:43:13Z",
|
||
|
"last_observed": "2016-07-01T07:43:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57761f11-ef74-4550-a466-471d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57761f11-ef74-4550-a466-471d950d210f",
|
||
|
"value": "http://download.bitdefender.com/resources/files/News/CaseStudies/study/115/Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57761f33-2be0-4eed-9962-4772950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:43:47.000Z",
|
||
|
"modified": "2016-07-01T07:43:47.000Z",
|
||
|
"first_observed": "2016-07-01T07:43:47Z",
|
||
|
"last_observed": "2016-07-01T07:43:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--57761f33-2be0-4eed-9962-4772950d210f",
|
||
|
"artifact--57761f33-2be0-4eed-9962-4772950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--57761f33-2be0-4eed-9962-4772950d210f",
|
||
|
"name": "Bitdefender-Whitepaper-PAC-A4-en-EN1.pdf",
|
||
|
"content_ref": "artifact--57761f33-2be0-4eed-9962-4772950d210f"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--57761f33-2be0-4eed-9962-4772950d210f",
|
||
|
"payload_bin": "JVBERi0xLjQNJeLjz9MNCjE4NzMgMCBvYmoNPDwvTGluZWFyaXplZCAxL0wgMzQzMjc1Ny9PIDE4NzUvRSA5NTY1MzEvTiAzMi9UIDMzOTUxODAvSCBbIDg5NiAxNDI5XT4+DWVuZG9iag0gICAgICAgIA14cmVmDTE4NzMgMzANMDAwMDAwMDAxNiAwMDAwMCBuDQowMDAwMDAyNTQwIDAwMDAwIG4NCjAwMDAwMDI3MDMgMDAwMDAgbg0KMDAwMDAwMzE3NSAwMDAwMCBuDQowMDAwMDAzMjkwIDAwMDAwIG4NCjAwMDAwMDM5NTAgMDAwMDAgbg0KMDAwMDAwNDUwMCAwMDAwMCBuDQowMDAwMDA1MDQzIDAwMDAwIG4NCjAwMDAwMDU2MTEgMDAwMDAgbg0KMDAwMDAwNjE2NSAwMDAwMCBuDQowMDAwMDA2NzQxIDAwMDAwIG4NCjAwMDAwMDY4NzggMDAwMDAgbg0KMDAwMDAwNzYwNyAwMDAwMCBuDQowMDAwMDA3ODcwIDAwMDAwIG4NCjAwMDAwMDg0ODUgMDAwMDAgbg0KMDAwMDAwOTA5OSAwMDAwMCBuDQowMDAwMDA5ODA3IDAwMDAwIG4NCjAwMDAwMjEyNjMgMDAwMDAgbg0KMDAwMDAyMTMzNCAwMDAwMCBuDQowMDAwMDIxNDI5IDAwMDAwIG4NCjAwMDAwMjU3MzYgMDAwMDAgbg0KMDAwMDAyNjAwNyAwMDAwMCBuDQowMDAwMDI2MjM3IDAwMDAwIG4NCjAwMDAwMjYyNjYgMDAwMDAgbg0KMDAwMDAyNjYxNiAwMDAwMCBuDQowMDAwMDYyMDgzIDAwMDAwIG4NCjAwMDAwNjIxMjQgMDAwMDAgbg0KMDAwMDA2NDM1OSAwMDAwMCBuDQowMDAwMDAyMzI1IDAwMDAwIG4NCjAwMDAwMDA4OTYgMDAwMDAgbg0KdHJhaWxlcg08PC9TaXplIDE5MDMvUm9vdCAxODc0IDAgUi9JbmZvIDMyOSAwIFIvSURbPEUxOTMxRTAwRDdDRjQxMUVBMkE3RDAwQzA4NDExMjkxPjxFRDA0MTk3QUI4Mzk0ODRDQjY2NjUxNTU1NUVGREYwRT5dL1ByZXYgMzM5NTE2OS9YUmVmU3RtIDIzMjU+Pg1zdGFydHhyZWYNMA0lJUVPRg0xOTAyIDAgb2JqDTw8L0MgMTc3NS9GaWx0ZXIvRmxhdGVEZWNvZGUvSSAxODA5L0xlbmd0aCAxMzM2L1MgMTQ2Nz4+c3RyZWFtDQpo3qxVe0xTZxQ/99IXFWovtmgRtbkUi+Uh0jALme6uFosIrN0oAnY+kAA+MIXJwE42x2AU3LQVyGTILMqQGpxFwPkeJOtYfRBQ1OhcNOh8ENw0isMtS/bdiwg12X/7kpvvfOfx+/3OuS8AwAFYfwEHgNsFIphYIuTjAgt4ayhDGbGaRbzNEmqEwm4f6m2WPk6kpx5kUnMugp/d2MR/tIaD41/q9l/CeI95AbIdTu5ZMIFPOOTZ59d6aays/Tx5H+sR7zylPoagfUpgCmUXByzp/83s+w4Wc4EbQsGzGc/bduc8MB8MWN9cX/Jg//rRb9LLZug1kjE5Vf6ySyJOT+DSLS/uUroq/+AM13B6uLGbNPCr9yUWSn7aoFWvOpy1lnQty3JtEkmNx7b0nxrdPFv6RkNQx6GAMyX+LMuTYEXgnkFly645deHmztK4qnyBUKRMX5Bx4rPoqF0NSwtkW70rFLpasnDoqrf/vGqxXfd97sPzOff6FBoz9rSlN27byC9692VZQiNTnuXKFSkdent3wRa3ICi25OuaQ/KdBr25s2ae3i/svbmhuk/Lk36Mbe5L0BS/GMghtUmkOd/t15JyJqObdEVldvADRC1OY12spn1AkJIvuTw8UEnTtlBHUttOaZNXvtWYUNnBt83WbRtSVr5L7RM/vZanlScy5Zi6c4eid0ZEfEOU/txOmr12ypVWmlaqO0xtKihzTJPTmPdtL1tBmB+wHlbIEpBzSOIYF8HmD3B6QhJsUYVaomHxVr+RjawdIrdFFJoWEdio0LivoJH/HR36Cvq7PDyop/eAyhGbVZkicI5pWaKuFbemRxptsY471cGqLx4+35AyP9UZ35a45zD+ebkixLc52RY24lXL3L/lNJgOMRzt3HyHfa31Vte3DZfv6/cm15EGr1pMzWCu7MyvFjf3kW+i3r9qvZVUOsSMTpbWJM291Lj5iuuCqH1xocT9Z8X73R/3hsU8Q21aRWGp9oW7ko3XpzUxI0cFKj5BPh7sU5QrFoavNHYvVyIid33YP6o/BO2fsPtJV66rnB5PPeUghit6D8TUK2iinqb4towFa9Xs0mFzwb1Z1kHlwesOvCy+bXna0dbbN7BzNXSbzypscrxM1xa9N9KoYlIGZGn2kLwbx/M4HVr6kRqxXTOtHmDzGjNXtKaeKF1n6d0XeDH5DPMIm13ZfXMRypMe20YmJS3i6hgKzozA2JlXLT5UExwfs+im95HrpznZuehNKLJYLNvRjhG09fJAL4IgNCuKLRNrzI1l5xR7eLyUGm2xZ5KXYbxwHMxLOZEz5iOmT0pBGBrNJOCXirI9JBVNzv+vyGuHcVZGOeHB+ZoEjFAuLPakJ+WTHWSQJynXYwyaOEOR5xA840XjJk5mv7LZzJhQ9BXThO1hMRVIP0GQIWMS/u/PJQrcgsBt99AegK5NTAsz0Wd7Zh+kgdyKTwEphc8C6WM8GDi38bMg6MITQebEHfg5HYQBixIeh6kUnAeQYkt4BwEEUOW79wlIrFhuXYTUxxem9T+VQ7gJDBDq3j0ILPtsEusxQSgqw0/DHDuuBMEaROtvxedDeCS+Hf0xsEUgEWJcCALsB2CbUFRgTxoFjglGOdFdqE/cCWLAdCADHydoaUsFWBfts0IOfcyBmV3TiyAQ4C5I7OM+tgmrA7BDPJBCBMq5jdkRFFkAU+m7S0Zi3uiojgGWFcsEjhV+R8n8u/DawhaA0vgrMhDGqnVonwqck7vbVf6DH3FvfqiiM5aB8mc/2kDXyX8FGAA0z3D3DWVuZHN0cmVhbQ1lbmRvYmoNMTkwMSAwIG9iag08PC9EZWNvZGVQYXJtczw8L0NvbHVtbnMgNC9QcmVkaWN0b3IgMTI+Pi9GaWx0ZXIvRmxhdGVEZWNvZGUvSW5kZXhbMzMwIDE1NDNdL0xlbmd0aCA2MS9TaXplIDE4NzMvVHlwZS9YUmVmL1dbMSAyIDFdPj5zdHJlYW0NCmje7NExAQAwDMOwpIwKeFwHpHoEwJ7pZpIUh+jTwHN4Ds/hOTyH5/AcnsNzeA7P4Tk8x8XnX4ABAB2RG3wNZW5kc3RyZWFtDWVuZG9iag0xODc0IDAgb2JqDTw8L0xhbmcoZW4tVVMpL01hcmtJbmZvPDwvTWFya2VkIHRydWU+Pi9NZXRhZGF0YSAzMjggMCBSL1BhZ2VzIDMyMSAwIFIvU3RydWN0VHJlZVJvb3QgMzMwIDAgUi9UeXBlL0NhdGFsb2cvVmlld2VyUHJlZmVyZW5jZXM8PC9EaXJlY3Rpb24vTDJSPj4+Pg1lbmRvYmoNMTg3NSAwIG9iag08PC9BcnRCb3hbMC4wIDAuMCA1OTUuMjc2IDg0MS44OV0vQmxlZWRCb3hbMC4wIDAuMCA1OTUuMjc2IDg0MS44OV0vQ29udGVudHNbMTg3NyAwIFIgMTg3OCAwIFIgMTg3OSAwIFIgMTg4MCAwIFIgMTg4MSAwIFIgMTg4MiAwIFIgMTg4NyAwIFIgMTg4OCAwIFJdL0Nyb3BCb3hbMC4wIDAuMCA1OTUuMjc2IDg0MS44OV0vTWVkaWFCb3hbMC4wIDAuMCA1OTUuMjc2IDg0MS44OV0vUGFyZW50IDMyMiAwIFIvUmVzb3VyY2VzPDwvRXh0R1N0YXRlPDwvR1MwIDE4NzYgMCBSPj4vRm9udDw8L0MyXzAgMTg4MyAwIFIvVFQwIDE4ODQgMCBSPj4vUHJvY1NldFsvUERGL1RleHQvSW1hZ2VDXS9Qcm9wZXJ
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f78-020c-439f-99e0-40c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:56.000Z",
|
||
|
"modified": "2016-07-01T07:44:56.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '0641f22e1b4e15cc23660b2e8bbf42623e997dfb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f78-6ea0-4184-ac9d-4c6b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:56.000Z",
|
||
|
"modified": "2016-07-01T07:44:56.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '0af1a6d6c487e78aa252ae2f5921606a8a379206']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f78-f150-4edd-b793-4a9d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:56.000Z",
|
||
|
"modified": "2016-07-01T07:44:56.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '100241519698bb013f668ff49d3d0d4fdab6a584']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f78-caa4-41ff-804b-4da7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:56.000Z",
|
||
|
"modified": "2016-07-01T07:44:56.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '14014f810a0c07b6dde48b7a8954b56c409ae7f3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f79-5b20-4c92-970a-4e29950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:57.000Z",
|
||
|
"modified": "2016-07-01T07:44:57.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '16c6d317fd7c361623c62cf5652a6b7937f58e0a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f79-ae14-417d-a838-4a65950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:57.000Z",
|
||
|
"modified": "2016-07-01T07:44:57.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '22c565e2cfb8adadd022b0ec281bb2b6ed62dca2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f79-7318-4eab-acaf-42ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:57.000Z",
|
||
|
"modified": "2016-07-01T07:44:57.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '23ce92fd1d4d2d42389a66869434fb578aa3f539']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f79-e9a8-4c1c-8135-4dd3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:57.000Z",
|
||
|
"modified": "2016-07-01T07:44:57.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '261a8fc8e0e396298120a7bc15c32a37f3ce5b94']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7a-5884-4a35-8503-47a5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:58.000Z",
|
||
|
"modified": "2016-07-01T07:44:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '2a9c8639215faf08593f17b930f83757324dfbee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7a-e3a4-40d9-9a8d-45bb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:58.000Z",
|
||
|
"modified": "2016-07-01T07:44:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '2ad7262ad52320399aa54cd8482c30e7a480bebc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7a-0a50-4c25-9ee9-4b89950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:58.000Z",
|
||
|
"modified": "2016-07-01T07:44:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '2eb5a075b710155c409e727e7f74fdc3be63b58c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7a-4ee8-4110-83f4-4c95950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:58.000Z",
|
||
|
"modified": "2016-07-01T07:44:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '325b1075b4544ecc2c5741a7a06a9df00f0965da']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7a-3334-4e8a-9bc2-4be7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:58.000Z",
|
||
|
"modified": "2016-07-01T07:44:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '336d5957909487990033a3432d0347be34db044a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7b-8cb0-47a8-8f97-4351950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:59.000Z",
|
||
|
"modified": "2016-07-01T07:44:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '368b746daf5448812b231aed67bd795dfb5a605d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7b-7500-473f-89ed-4a7c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:59.000Z",
|
||
|
"modified": "2016-07-01T07:44:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '38d16c19b54bf2c94e0ad81fca207de062181b31']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7b-dd00-414b-9bc7-4a7d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:59.000Z",
|
||
|
"modified": "2016-07-01T07:44:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '4880a13c4e1cde0343c233f5e107abf4e3d00664']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7b-1538-422c-b981-497d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:59.000Z",
|
||
|
"modified": "2016-07-01T07:44:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '49f0569886e5e6ba4b32b7f118dc35f9e5916dc2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7b-87f4-4864-8288-4219950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:44:59.000Z",
|
||
|
"modified": "2016-07-01T07:44:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '4eecebf5c9720c8e85347e0dcf55a844a6d01b08']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:44:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7c-7f08-4bf7-b2ff-4ac0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:00.000Z",
|
||
|
"modified": "2016-07-01T07:45:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '5374b898dbb618aa84d92f7a3e9d166e9e819960']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7c-7de8-4e2a-907d-491f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:00.000Z",
|
||
|
"modified": "2016-07-01T07:45:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '54ac8caeae8046e01301379602041c74ee527dfc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7c-30bc-4678-a64b-43f1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:00.000Z",
|
||
|
"modified": "2016-07-01T07:45:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '5617c1414cb79411c64883ee72d219d52123fa30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7c-d100-48cc-8d02-43ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:00.000Z",
|
||
|
"modified": "2016-07-01T07:45:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '583036a7c9b210508c222c7dfdd9b8321feca7df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7c-a514-4406-b347-4561950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:00.000Z",
|
||
|
"modified": "2016-07-01T07:45:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '58952be65d0ed53490f69f566485c699f246dcc0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7d-b6a0-425d-9cd6-4e99950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:01.000Z",
|
||
|
"modified": "2016-07-01T07:45:01.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '5a6b14fad221ab65a086b1ee7c97eb63ff38480e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7d-c8f4-4a91-9c97-47a7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:01.000Z",
|
||
|
"modified": "2016-07-01T07:45:01.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '5aaa055fa5eb9a436ca0e643bf2ada268bcd6f33']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7d-7d08-4561-841f-46ce950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:01.000Z",
|
||
|
"modified": "2016-07-01T07:45:01.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '5bcc6da122b3aa88c766d80eb7774c2c6e9e25d5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7d-d824-492f-8fe6-4cb5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:01.000Z",
|
||
|
"modified": "2016-07-01T07:45:01.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '623185a651a1962538141d7ffefdc2f2445a9201']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7d-b228-4b9d-82e0-4b12950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:01.000Z",
|
||
|
"modified": "2016-07-01T07:45:01.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '66a7642abaf3d05d5ab14e83dfd52eca0c17acc6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7e-12d0-4264-98f6-41ba950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:02.000Z",
|
||
|
"modified": "2016-07-01T07:45:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '67e9e098c2b39b5847f6cd3aa5a3f86917602f5f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7e-da88-4dca-a67f-4f74950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:02.000Z",
|
||
|
"modified": "2016-07-01T07:45:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '6a2d12adc541c9c5aaa1096d7e59c72c489cdd59']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7e-0710-49af-be72-415f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:02.000Z",
|
||
|
"modified": "2016-07-01T07:45:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '713855aa5680154324bfcbac638aa1c12681e3c3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7e-f3ac-495a-b500-44e6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:02.000Z",
|
||
|
"modified": "2016-07-01T07:45:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '7674f680fd0c24c222c027976c40ffe1e08c6f2e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7f-a5c0-4810-a088-474c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:03.000Z",
|
||
|
"modified": "2016-07-01T07:45:03.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '7abf407b9a19dd9ee528fa6e5a099ea1c8ba2f98']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7f-3c08-4bcf-9671-495f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:03.000Z",
|
||
|
"modified": "2016-07-01T07:45:03.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '80091e1b7b4dd404c83a9c54fda9e6951b2689b1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7f-73bc-4dfd-b6cd-412b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:03.000Z",
|
||
|
"modified": "2016-07-01T07:45:03.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '852dc73ca9e6d92b3da96500d27ab44b7f9a4ea4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7f-a214-4bd7-8735-4a13950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:03.000Z",
|
||
|
"modified": "2016-07-01T07:45:03.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '85c03c6fa5e3803e55a46f17d6981992181de57b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f7f-2b24-452b-ae5b-4404950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:03.000Z",
|
||
|
"modified": "2016-07-01T07:45:03.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '88af035dc34f730c884b5a11c8be666974a1a6eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f80-9400-41c2-9dbd-4236950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:04.000Z",
|
||
|
"modified": "2016-07-01T07:45:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '88fd1ee6fb78385a1c5e462dd0768bc34b8188a3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f80-0198-4e8b-bd77-4d31950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:04.000Z",
|
||
|
"modified": "2016-07-01T07:45:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '8c4dd73cdd48908ddf5039c5a99e719dfd44ff41']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f80-b93c-4380-b88b-4899950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:04.000Z",
|
||
|
"modified": "2016-07-01T07:45:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '8d40a65a2bca1378eb6e009c1842aa0e45ae289e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f80-c394-48f4-9ba2-427f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:04.000Z",
|
||
|
"modified": "2016-07-01T07:45:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a5359856742d09d1596e5c7fde407856d72046db']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f80-d18c-4c02-b9af-4f2f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:04.000Z",
|
||
|
"modified": "2016-07-01T07:45:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a9239572afe4fbdfe077a262c9699eb1d22a9c87']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f80-da70-4a67-a3f3-429f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:04.000Z",
|
||
|
"modified": "2016-07-01T07:45:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'acc2250be782063f268b87bd0f798549c5838b95']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f81-1a40-4532-8079-4455950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:05.000Z",
|
||
|
"modified": "2016-07-01T07:45:05.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'aecf66120861b71c92a2d1f0015fc9228c02ee88']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f81-9cc4-400a-b682-40af950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:05.000Z",
|
||
|
"modified": "2016-07-01T07:45:05.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b2700f16e4494ef7eba26b88a800728621adffea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f81-5d2c-4cb6-b308-40c3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:05.000Z",
|
||
|
"modified": "2016-07-01T07:45:05.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b4afc5e0002201ce052466cba9061018474b1de0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f81-c02c-4d6b-b814-4161950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:05.000Z",
|
||
|
"modified": "2016-07-01T07:45:05.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b55dac24f646dd5e0ea856d6ed7891ad8c8acdc1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f81-9a74-4053-bc91-40e9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:05.000Z",
|
||
|
"modified": "2016-07-01T07:45:05.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b84ef6480d888b560b071e1f97e78f06080dae89']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f82-3bac-4c03-9042-43f9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:06.000Z",
|
||
|
"modified": "2016-07-01T07:45:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c340534b8eafed85fc6e9950033b0b9e696d5cb0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f82-9c04-4afe-a48b-4617950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:06.000Z",
|
||
|
"modified": "2016-07-01T07:45:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c4b06021c6c925c837dab3ba42c6b76eb77ad30b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f82-aed4-4137-af0e-4d3b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:06.000Z",
|
||
|
"modified": "2016-07-01T07:45:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c5166d1a574bc5e374490846f2584f94f755d90b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f82-6378-43a4-a8a6-4cbc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:06.000Z",
|
||
|
"modified": "2016-07-01T07:45:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c9b1208be2aa2c5cfbcbfcb9b1a45c36854414b8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f82-79e0-4622-8b56-4fbf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:06.000Z",
|
||
|
"modified": "2016-07-01T07:45:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ce234ed0899c8f97e3f2085215b842723a773368']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f83-2f70-4b4e-947b-4827950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:07.000Z",
|
||
|
"modified": "2016-07-01T07:45:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd80d5ccb9d37d971a408d3c91f803e40b8421a2c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f83-0330-42c4-9f72-4306950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:07.000Z",
|
||
|
"modified": "2016-07-01T07:45:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd83d7de186fa6c7abe4676eb568ba4dc62a7c931']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f83-f958-4aaf-980a-4c1c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:07.000Z",
|
||
|
"modified": "2016-07-01T07:45:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e20b0f03f6708118bca9f408b156b210ba083b54']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f83-0ee4-49a9-b822-4731950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:07.000Z",
|
||
|
"modified": "2016-07-01T07:45:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'eacadedc31af04ef86470aec62ad3eccc9a35332']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f83-a618-4e51-accb-4d1a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:07.000Z",
|
||
|
"modified": "2016-07-01T07:45:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'eb0f02e36e77221366becabc60e78dd43368ab9d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f84-9610-4046-8a97-4d9e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:08.000Z",
|
||
|
"modified": "2016-07-01T07:45:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'eb1b83825ff28de7f13812bfce273ad7fb1994fb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f84-a980-43d2-8238-4b4c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:08.000Z",
|
||
|
"modified": "2016-07-01T07:45:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ede8ec9f3efeb515859becd1f430f82933b42dd9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f84-9304-492f-bf07-45c8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:08.000Z",
|
||
|
"modified": "2016-07-01T07:45:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'edf96c42f4e1cf43fbaab3f0bbf54280fc8e311d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f84-cffc-4c49-a8ca-464e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:08.000Z",
|
||
|
"modified": "2016-07-01T07:45:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'eea9fec97dca5d122069adf6dd71628bd6d9c2fd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f84-684c-4152-a714-4011950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:08.000Z",
|
||
|
"modified": "2016-07-01T07:45:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f9af4a51616db485adc577ad600b60e77916cace']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f85-8af4-4314-923b-43a0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:09.000Z",
|
||
|
"modified": "2016-07-01T07:45:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fbd538cf432f2576b37e2770f860b70b009c3cf3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f85-e280-4b26-8e21-4dcd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:09.000Z",
|
||
|
"modified": "2016-07-01T07:45:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '01e2e16be5828ca03c6b78f253bd962bfaa5ccbf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f85-15cc-4a42-9e31-4ca7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:09.000Z",
|
||
|
"modified": "2016-07-01T07:45:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '09df1b0abd32791c3b0d5d657cd956f81e2dacb2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f85-fcec-4e7e-ba7a-42ca950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:09.000Z",
|
||
|
"modified": "2016-07-01T07:45:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '0a9dd2b71df68ba088d7d868d7e191875755e34c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f85-ccd8-4f02-9b8a-48c5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:09.000Z",
|
||
|
"modified": "2016-07-01T07:45:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '14b6f2bc2b869d3417619201c7205e240a93d2ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f86-bfe4-4eb2-8ad4-44c3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:10.000Z",
|
||
|
"modified": "2016-07-01T07:45:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '1ae10d6ec5d33b704c32ef52c3ee9671f4298d5f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f86-c2fc-45cf-8814-4b59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:10.000Z",
|
||
|
"modified": "2016-07-01T07:45:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '1e49924afe56e3c782893118a51256ca5f247fba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f86-7e84-442c-98b1-4ae0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:10.000Z",
|
||
|
"modified": "2016-07-01T07:45:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '23d5cc54641f56f554890bbd55d580e5c564e197']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f86-5b9c-45c5-a41c-4bf1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:10.000Z",
|
||
|
"modified": "2016-07-01T07:45:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '26f8d64038439c006f12ec34b035b1dee1c56b31']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f86-0190-43f1-a288-404b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:10.000Z",
|
||
|
"modified": "2016-07-01T07:45:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '272c42bcdcc88adba1e01e60a931fbe5f5800883']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f86-f7f8-40f7-ac7a-4104950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:10.000Z",
|
||
|
"modified": "2016-07-01T07:45:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '2a84f90ed23a569defee7b37f4650aca4021a767']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f87-f2e0-4465-a428-4a0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:11.000Z",
|
||
|
"modified": "2016-07-01T07:45:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '2bf06a003a9bd56d2ed91770966a7aee7d9784b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f87-29a0-47c0-80da-45ea950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:11.000Z",
|
||
|
"modified": "2016-07-01T07:45:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '321ca51b4c250515bc3075abe735e360a57dee22']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f87-6fdc-4ca5-8f1c-4ca4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:11.000Z",
|
||
|
"modified": "2016-07-01T07:45:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '33f57151a52666ca055f1dc66ef04e2f9cb09918']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f87-0124-4165-94eb-4485950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:11.000Z",
|
||
|
"modified": "2016-07-01T07:45:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '3e10fd3e8d4c4a7900e603aee7660c83441d998e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f87-cba4-4206-a47c-48b1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:11.000Z",
|
||
|
"modified": "2016-07-01T07:45:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '3fbaf98c75992db9db11d29ae20c13b7b0f50470']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f88-f774-40d1-ab48-41a1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:12.000Z",
|
||
|
"modified": "2016-07-01T07:45:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '443551d822eba6a81b8ac3177e31e210c99934d0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f88-3808-4f11-b88a-4069950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:12.000Z",
|
||
|
"modified": "2016-07-01T07:45:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '45c7f3f065cf015289ab17161a1880eb638b508a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f88-4c50-45bc-bae7-40c7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:12.000Z",
|
||
|
"modified": "2016-07-01T07:45:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '46f1b8722f8f094015c749599e94a3e44850df0a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f88-4fec-43e3-ba8e-4281950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:12.000Z",
|
||
|
"modified": "2016-07-01T07:45:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '4f35665e689bea4f116505f81ae2906fd1517128']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f88-dc10-46e0-b99b-4812950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:12.000Z",
|
||
|
"modified": "2016-07-01T07:45:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '547f525f57f3f47222ae3ab253635df936bd355a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f89-e760-4a9f-bc64-447c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:13.000Z",
|
||
|
"modified": "2016-07-01T07:45:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '585550816539b73dfdc3cee80cc60e1cdc1cdb3e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f89-afd8-467c-a730-48d2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:13.000Z",
|
||
|
"modified": "2016-07-01T07:45:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '5d492ae763bfc227db9eea46e560124128ff925b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f89-0c64-4d9d-9881-4752950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:13.000Z",
|
||
|
"modified": "2016-07-01T07:45:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '5ff776d23e6c6af47619ad2e7333a434b79e19df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f89-1ce8-4a49-811b-4658950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:13.000Z",
|
||
|
"modified": "2016-07-01T07:45:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '621698f821a2bafccad026f9f5d2fe1ac46a39ce']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f89-0044-4ee1-91a9-4ecc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:13.000Z",
|
||
|
"modified": "2016-07-01T07:45:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '66ec04c005d0a1ebc218455915e31d2a2b6dd459']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f89-3b20-444c-a64f-4562950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:13.000Z",
|
||
|
"modified": "2016-07-01T07:45:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '686ada60c898782b57ca993141b64f7c7a531c50']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8a-c4b0-4fdc-94de-4fa1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:14.000Z",
|
||
|
"modified": "2016-07-01T07:45:14.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '6c68a9df2d710187d067ecb2d0cc04358d570b52']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8a-bfe4-4660-b186-4808950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:14.000Z",
|
||
|
"modified": "2016-07-01T07:45:14.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '6e070e01076a4a92f08924a405f389436003d927']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8a-c838-4350-a119-416b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:14.000Z",
|
||
|
"modified": "2016-07-01T07:45:14.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '78499e4694f847972576960a04f8177691a7c911']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8a-a350-4625-a2ab-4b6a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:14.000Z",
|
||
|
"modified": "2016-07-01T07:45:14.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '840563929f13ab05e45a8d3fb2d11e70e3cdccca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8b-2a74-4c2b-83d3-4185950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:15.000Z",
|
||
|
"modified": "2016-07-01T07:45:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '840de34aa767131eb34069e6f936dea3a48c024e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8b-1930-4dad-b4e4-45b7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:15.000Z",
|
||
|
"modified": "2016-07-01T07:45:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '85a6e3a3fcee71ffa2aad90336960132fa8f4c4d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8b-11fc-47de-9996-41e3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:15.000Z",
|
||
|
"modified": "2016-07-01T07:45:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '88f473f3d7a7eb2637754a8d0856ab888066ab08']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57761f8b-1f14-4e8e-a122-41ca950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:45:15.000Z",
|
||
|
"modified": "2016-07-01T07:45:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '8f8d7cd742fb843ba8cb16c2b2d6349436049ed8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:45:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762103-bd9c-438d-963d-43c8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:31.000Z",
|
||
|
"modified": "2016-07-01T07:51:31.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '8ffd436182f8d2a7ec0a66c0d6d43f71222f62b5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762104-b034-4cd7-9a16-406c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:32.000Z",
|
||
|
"modified": "2016-07-01T07:51:32.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '92731e4ed149c59a25c233635c55a87a8a22b19f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762104-33fc-47fc-be77-4518950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:32.000Z",
|
||
|
"modified": "2016-07-01T07:51:32.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '96d9cf7296f02bf4e49c0540fb84981493b61a93']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762104-1cd4-480b-9e38-4332950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:32.000Z",
|
||
|
"modified": "2016-07-01T07:51:32.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '9957af2dbfa04bca2a5319a216852ce4f4a17682']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762104-6388-4349-a3fe-4ad4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:32.000Z",
|
||
|
"modified": "2016-07-01T07:51:32.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = '9b0effd20ea7239275b6cf1e02280eb67eced701']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762105-e17c-465b-aa62-49c2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:33.000Z",
|
||
|
"modified": "2016-07-01T07:51:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a5daecfd57f006acd15486bd544f40e4cdce3801']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762105-080c-4306-b484-4e1e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:33.000Z",
|
||
|
"modified": "2016-07-01T07:51:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a753de6b2e6d3d5735fc5e90a879f1ad7e93fb0f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762105-893c-4a01-9aed-4c32950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:33.000Z",
|
||
|
"modified": "2016-07-01T07:51:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b0b9215e236bb47f5f0a108be97b24d20898d2fc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762105-0214-45ad-9556-4085950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:33.000Z",
|
||
|
"modified": "2016-07-01T07:51:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b35b07ad4f42493ecb19f66aba83da8e74c1bb5a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762105-6a44-4ed2-8fbb-4ae4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:33.000Z",
|
||
|
"modified": "2016-07-01T07:51:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b4e867893d9d6f8b52de98ab6b41513d61f20472']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762106-a9ac-46e8-b53e-49db950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:34.000Z",
|
||
|
"modified": "2016-07-01T07:51:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b719e1d03e860235a68dda4168f29ac4988d25de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762106-157c-423d-bb8c-4e7e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:34.000Z",
|
||
|
"modified": "2016-07-01T07:51:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ba29c29a35d15a668ea2ea79d1d4e56c2d67553f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762106-69d0-4ea6-b3af-41fb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:34.000Z",
|
||
|
"modified": "2016-07-01T07:51:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'bca5accb9f1d0806f8603cf74ce0ebe9519f5004']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762106-6020-4845-b9c0-45f9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:34.000Z",
|
||
|
"modified": "2016-07-01T07:51:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'be10c837af1f25ee67440f3a33da8c650f5ab54a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762106-e71c-4a42-ae31-4024950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:34.000Z",
|
||
|
"modified": "2016-07-01T07:51:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c34a68c1a2d2beddbbe8ee8bd125cce14d0dc377']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762107-b98c-4fdc-a0f6-449d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:35.000Z",
|
||
|
"modified": "2016-07-01T07:51:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c3bc94b065449879c25a541d740346e060d9d6fe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762107-897c-461e-b793-49f7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:35.000Z",
|
||
|
"modified": "2016-07-01T07:51:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c414ba1dd1f281a63e58c60eb1d8cb4ac3c4e7f0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762107-1d3c-4148-a70d-493c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:35.000Z",
|
||
|
"modified": "2016-07-01T07:51:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c7accc1c4ceedc756c30ebb2f1ff9f0dbd0255b0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762107-60d8-4068-9901-4550950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:35.000Z",
|
||
|
"modified": "2016-07-01T07:51:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'c8395601ea301ba083cb530dad7a44c8048eeb77']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762108-b7b4-4281-a919-4b4e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:36.000Z",
|
||
|
"modified": "2016-07-01T07:51:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ca07bbfc5e8c15c4258f92e6e6c328b86b7b19a5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762108-f310-4f0d-9b17-41a3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:36.000Z",
|
||
|
"modified": "2016-07-01T07:51:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ccf0a302eb264cbb5db726d61ad18ebdc0d3d012']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762108-8dec-471b-8773-467e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:36.000Z",
|
||
|
"modified": "2016-07-01T07:51:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd53eb2a6904d1fb7982bb876916cd3723c3dc9b1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762108-6110-4035-8fcc-4705950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:36.000Z",
|
||
|
"modified": "2016-07-01T07:51:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd6d3d9a56513b83db497a8d4701c2ac7270d78eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762108-0a60-4ee4-9fc7-4667950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:36.000Z",
|
||
|
"modified": "2016-07-01T07:51:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd7218e80261517badd8090d3a5ba0a1ed21c21a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762109-5670-410e-be7c-48f1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:37.000Z",
|
||
|
"modified": "2016-07-01T07:51:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd74d8ec530c02b1eb94203de1f641e15a72faf8d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762109-37a4-4845-83c8-40e9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:37.000Z",
|
||
|
"modified": "2016-07-01T07:51:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e32832e3f0e0b8450e7bdded16c441951b171130']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762109-efc4-41e3-bf5e-4954950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:37.000Z",
|
||
|
"modified": "2016-07-01T07:51:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'eda30afac2c1fa0ed2c80e8859e2556ea3dfe2ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762109-bd28-45bf-bb87-4aa3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:37.000Z",
|
||
|
"modified": "2016-07-01T07:51:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'ee1f5ba06400fa192664f984d71b1a0cdba96d75']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762109-6dc8-44f9-8114-4df9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:37.000Z",
|
||
|
"modified": "2016-07-01T07:51:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f781e603c55558708ac3101d0bfee2c1752693c2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776210a-5104-43df-b647-4ef5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:51:38.000Z",
|
||
|
"modified": "2016-07-01T07:51:38.000Z",
|
||
|
"description": "SHA1 hashes of all known variants",
|
||
|
"pattern": "[file:hashes.SHA1 = 'fdb9d026502aa64aa23b1acb96f6d0013ef874b4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:51:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776215f-64b0-4a06-a249-4a64950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:03.000Z",
|
||
|
"modified": "2016-07-01T07:53:03.000Z",
|
||
|
"description": "2014-2015 variants",
|
||
|
"pattern": "[url:value = 'reckless.dk/wp-includes/class-pomo.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:53:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762160-9380-42be-858a-4c5f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:04.000Z",
|
||
|
"modified": "2016-07-01T07:53:04.000Z",
|
||
|
"description": "2014-2015 variants",
|
||
|
"pattern": "[url:value = 'reckless.dk/wp-includes/class.wp-db.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:53:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762160-a470-4d14-bcc4-49b3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:04.000Z",
|
||
|
"modified": "2016-07-01T07:53:04.000Z",
|
||
|
"description": "2014-2015 variants",
|
||
|
"pattern": "[url:value = 'fishstalk.esy.es/wp-content/plugins/bbpress/includes/common/menu.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:53:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762160-eb34-4811-8411-4017950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:04.000Z",
|
||
|
"modified": "2016-07-01T07:53:04.000Z",
|
||
|
"description": "2014-2015 variants",
|
||
|
"pattern": "[url:value = 'fishstalk.esy.es/wp-includes/SimplePie/Net/IPv4.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:53:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762160-530c-4c52-8973-47c8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:04.000Z",
|
||
|
"modified": "2016-07-01T07:53:04.000Z",
|
||
|
"description": "2014-2015 variants",
|
||
|
"pattern": "[url:value = '77-ufo.com/wp-includes/class-menu.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:53:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762161-2a20-44b5-a570-4fd4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:05.000Z",
|
||
|
"modified": "2016-07-01T07:53:05.000Z",
|
||
|
"description": "2014-2015 variants",
|
||
|
"pattern": "[url:value = '77-ufo.com/pma/db_table.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:53:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762161-b1f4-46a8-a5d8-4dbb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:05.000Z",
|
||
|
"modified": "2016-07-01T07:53:05.000Z",
|
||
|
"description": "2014-2015 variants",
|
||
|
"pattern": "[url:value = 'scientific.otzo.com/rss.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:53:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5776217e-a348-4243-bebc-4950950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:34.000Z",
|
||
|
"modified": "2016-07-01T07:53:34.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"named pipe\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Artifacts dropped",
|
||
|
"x_misp_type": "named pipe",
|
||
|
"x_misp_value": "\\\\.\\pipe\\bc367"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5776217e-f46c-47d0-aaaf-44fd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:53:34.000Z",
|
||
|
"modified": "2016-07-01T07:53:34.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"named pipe\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Artifacts dropped",
|
||
|
"x_misp_type": "named pipe",
|
||
|
"x_misp_value": "\\\\.\\pipe\\bc31a7"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--577621ac-3fc4-4093-8d3d-489a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:54:20.000Z",
|
||
|
"modified": "2016-07-01T07:54:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"windows-scheduled-task\"",
|
||
|
"misp:category=\"Artifacts dropped\""
|
||
|
],
|
||
|
"x_misp_category": "Artifacts dropped",
|
||
|
"x_misp_type": "windows-scheduled-task",
|
||
|
"x_misp_value": "command schtasks /create /SC DAILY /ST 12:00 /TN update /F /TR %APPDATA%\\Microsoft\\VisualStudio\\11.0\\dws.exe"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776226f-d248-46a3-a438-441f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:35.000Z",
|
||
|
"modified": "2016-07-01T07:57:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: fdb9d026502aa64aa23b1acb96f6d0013ef874b4",
|
||
|
"pattern": "[file:hashes.SHA256 = '4054aef68780170c06c653afef64fe515b1a1417678dc7e31dbed7653075fe68']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776226f-6468-41a9-bf8a-423c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:35.000Z",
|
||
|
"modified": "2016-07-01T07:57:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: fdb9d026502aa64aa23b1acb96f6d0013ef874b4",
|
||
|
"pattern": "[file:hashes.MD5 = 'f08c1b2af14a985adbac0408f27ded49']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762270-524c-487f-9724-44f302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:36.000Z",
|
||
|
"modified": "2016-07-01T07:57:36.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:36Z",
|
||
|
"last_observed": "2016-07-01T07:57:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762270-524c-487f-9724-44f302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762270-524c-487f-9724-44f302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4054aef68780170c06c653afef64fe515b1a1417678dc7e31dbed7653075fe68/analysis/1446805297/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762270-3e04-4184-b58d-459a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:36.000Z",
|
||
|
"modified": "2016-07-01T07:57:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: f781e603c55558708ac3101d0bfee2c1752693c2",
|
||
|
"pattern": "[file:hashes.SHA256 = '5d7f6da853286388945a7238b5f4dfe38ff31209dc8de5debc4ab930843988d0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762270-1698-4362-b2fc-405102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:36.000Z",
|
||
|
"modified": "2016-07-01T07:57:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: f781e603c55558708ac3101d0bfee2c1752693c2",
|
||
|
"pattern": "[file:hashes.MD5 = '3b94e598b7851be2c1f22e8c71905e7f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762270-9738-4423-bd1e-46f602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:36.000Z",
|
||
|
"modified": "2016-07-01T07:57:36.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:36Z",
|
||
|
"last_observed": "2016-07-01T07:57:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762270-9738-4423-bd1e-46f602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762270-9738-4423-bd1e-46f602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5d7f6da853286388945a7238b5f4dfe38ff31209dc8de5debc4ab930843988d0/analysis/1443119009/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762271-7d40-41c8-9761-4b7d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:37.000Z",
|
||
|
"modified": "2016-07-01T07:57:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ee1f5ba06400fa192664f984d71b1a0cdba96d75",
|
||
|
"pattern": "[file:hashes.SHA256 = '86dfbec1379c3a0f17561d689cbcdb395c14b6df7715e2337c998b639dff185a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762271-77ac-46ac-881a-43a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:37.000Z",
|
||
|
"modified": "2016-07-01T07:57:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ee1f5ba06400fa192664f984d71b1a0cdba96d75",
|
||
|
"pattern": "[file:hashes.MD5 = 'fa80cd330aa52208621eff6c732ed457']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762271-9818-45f6-aa96-497402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:37.000Z",
|
||
|
"modified": "2016-07-01T07:57:37.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:37Z",
|
||
|
"last_observed": "2016-07-01T07:57:37Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762271-9818-45f6-aa96-497402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762271-9818-45f6-aa96-497402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/86dfbec1379c3a0f17561d689cbcdb395c14b6df7715e2337c998b639dff185a/analysis/1465917803/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762271-3ee0-4d35-9f2b-463102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:37.000Z",
|
||
|
"modified": "2016-07-01T07:57:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eda30afac2c1fa0ed2c80e8859e2556ea3dfe2ef",
|
||
|
"pattern": "[file:hashes.SHA256 = '8ff9ddc9d78b4fec41e7bc65f665032bf2e3ab8cc65201df41b81158a8d5617e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762271-9154-40f9-b5ea-4b1502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:37.000Z",
|
||
|
"modified": "2016-07-01T07:57:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eda30afac2c1fa0ed2c80e8859e2556ea3dfe2ef",
|
||
|
"pattern": "[file:hashes.MD5 = '9dbfad5cc11f7b185c2a28a7edc75cb3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762272-fcac-4b50-a1b9-412002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:38.000Z",
|
||
|
"modified": "2016-07-01T07:57:38.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:38Z",
|
||
|
"last_observed": "2016-07-01T07:57:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762272-fcac-4b50-a1b9-412002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762272-fcac-4b50-a1b9-412002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8ff9ddc9d78b4fec41e7bc65f665032bf2e3ab8cc65201df41b81158a8d5617e/analysis/1465917796/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762272-0048-466e-88fa-48d902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:38.000Z",
|
||
|
"modified": "2016-07-01T07:57:38.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: e32832e3f0e0b8450e7bdded16c441951b171130",
|
||
|
"pattern": "[file:hashes.SHA256 = '4494bbbc0105a5f87072d2d454820ea7dd12b1ac61bafb533affbcfad7d602dd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762272-faec-465e-98d7-4dba02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:38.000Z",
|
||
|
"modified": "2016-07-01T07:57:38.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: e32832e3f0e0b8450e7bdded16c441951b171130",
|
||
|
"pattern": "[file:hashes.MD5 = '5c177657faae2d1901ca8699b19f2782']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762272-9048-4482-a63b-43ab02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:38.000Z",
|
||
|
"modified": "2016-07-01T07:57:38.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:38Z",
|
||
|
"last_observed": "2016-07-01T07:57:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762272-9048-4482-a63b-43ab02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762272-9048-4482-a63b-43ab02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4494bbbc0105a5f87072d2d454820ea7dd12b1ac61bafb533affbcfad7d602dd/analysis/1441032864/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762272-cddc-4e0f-b898-4e2a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:38.000Z",
|
||
|
"modified": "2016-07-01T07:57:38.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d74d8ec530c02b1eb94203de1f641e15a72faf8d",
|
||
|
"pattern": "[file:hashes.SHA256 = '3121985b7f9c6be0309595919a18c6b18b3aa7aa40e570ac15cfc42c93778a50']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762273-12b4-4fe3-a33f-495f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:39.000Z",
|
||
|
"modified": "2016-07-01T07:57:39.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d74d8ec530c02b1eb94203de1f641e15a72faf8d",
|
||
|
"pattern": "[file:hashes.MD5 = 'fb3af07152f2f7a5ce5334a3d37c40e7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762273-7d10-4677-aecd-4b8602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:39.000Z",
|
||
|
"modified": "2016-07-01T07:57:39.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:39Z",
|
||
|
"last_observed": "2016-07-01T07:57:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762273-7d10-4677-aecd-4b8602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762273-7d10-4677-aecd-4b8602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3121985b7f9c6be0309595919a18c6b18b3aa7aa40e570ac15cfc42c93778a50/analysis/1438623255/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762273-7fd4-4b29-add0-4c7302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:39.000Z",
|
||
|
"modified": "2016-07-01T07:57:39.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d7218e80261517badd8090d3a5ba0a1ed21c21a2",
|
||
|
"pattern": "[file:hashes.SHA256 = '46468af518fb86fdf44ed538f0640bf0b6d4d575b6d161ca302680f38fee9b0f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762273-ea5c-4e6e-b158-4c7002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:39.000Z",
|
||
|
"modified": "2016-07-01T07:57:39.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d7218e80261517badd8090d3a5ba0a1ed21c21a2",
|
||
|
"pattern": "[file:hashes.MD5 = '1a1d914e8723a4a2611bb8b8a7f45fb1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762274-b7d4-4843-ad92-442002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:40.000Z",
|
||
|
"modified": "2016-07-01T07:57:40.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:40Z",
|
||
|
"last_observed": "2016-07-01T07:57:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762274-b7d4-4843-ad92-442002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762274-b7d4-4843-ad92-442002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/46468af518fb86fdf44ed538f0640bf0b6d4d575b6d161ca302680f38fee9b0f/analysis/1438623259/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762274-6054-45ef-9aa2-464802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:40.000Z",
|
||
|
"modified": "2016-07-01T07:57:40.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d6d3d9a56513b83db497a8d4701c2ac7270d78eb",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f5b3062f95646b1c59d41c57ca099866e38cc6edea85544d62dfaad6d8eb1c15']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762274-5f04-4cf4-85e7-46d202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:40.000Z",
|
||
|
"modified": "2016-07-01T07:57:40.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d6d3d9a56513b83db497a8d4701c2ac7270d78eb",
|
||
|
"pattern": "[file:hashes.MD5 = '7924dace000fdd279823bd647c962954']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762274-e354-4af4-956e-47d502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:40.000Z",
|
||
|
"modified": "2016-07-01T07:57:40.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:40Z",
|
||
|
"last_observed": "2016-07-01T07:57:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762274-e354-4af4-956e-47d502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762274-e354-4af4-956e-47d502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f5b3062f95646b1c59d41c57ca099866e38cc6edea85544d62dfaad6d8eb1c15/analysis/1440700356/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762274-4f24-4576-84d7-4e0902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:40.000Z",
|
||
|
"modified": "2016-07-01T07:57:40.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d53eb2a6904d1fb7982bb876916cd3723c3dc9b1",
|
||
|
"pattern": "[file:hashes.SHA256 = '8e445b01e4d4066082b8d10c315c546f47c331a80331cd812715a748e60b966b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762275-b268-472d-a65c-40eb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:41.000Z",
|
||
|
"modified": "2016-07-01T07:57:41.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d53eb2a6904d1fb7982bb876916cd3723c3dc9b1",
|
||
|
"pattern": "[file:hashes.MD5 = '3714a1ad2152a5ba179db41aa9430af9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762275-5f7c-4103-bed0-490c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:41.000Z",
|
||
|
"modified": "2016-07-01T07:57:41.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:41Z",
|
||
|
"last_observed": "2016-07-01T07:57:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762275-5f7c-4103-bed0-490c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762275-5f7c-4103-bed0-490c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/8e445b01e4d4066082b8d10c315c546f47c331a80331cd812715a748e60b966b/analysis/1443098794/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762275-a12c-45d7-80c9-423102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:41.000Z",
|
||
|
"modified": "2016-07-01T07:57:41.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ccf0a302eb264cbb5db726d61ad18ebdc0d3d012",
|
||
|
"pattern": "[file:hashes.SHA256 = '4d9bffcae0db007d681dd8d4c1382bc7b12c714802334cc2ad4829ae89cd3556']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762275-2978-46e1-87c7-419402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:41.000Z",
|
||
|
"modified": "2016-07-01T07:57:41.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ccf0a302eb264cbb5db726d61ad18ebdc0d3d012",
|
||
|
"pattern": "[file:hashes.MD5 = '73e12e3e8d3db7f5830f8abcc5d33f96']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762275-dc7c-431b-b719-478602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:41.000Z",
|
||
|
"modified": "2016-07-01T07:57:41.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:41Z",
|
||
|
"last_observed": "2016-07-01T07:57:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762275-dc7c-431b-b719-478602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762275-dc7c-431b-b719-478602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4d9bffcae0db007d681dd8d4c1382bc7b12c714802334cc2ad4829ae89cd3556/analysis/1452003389/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762276-681c-4e23-95ee-487702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:42.000Z",
|
||
|
"modified": "2016-07-01T07:57:42.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ca07bbfc5e8c15c4258f92e6e6c328b86b7b19a5",
|
||
|
"pattern": "[file:hashes.SHA256 = '6601c5b41f02b8833206f09c92ecefe48ed49438cc455bf9c46d5d236278b7a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762276-6e2c-4097-82cf-45b502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:42.000Z",
|
||
|
"modified": "2016-07-01T07:57:42.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ca07bbfc5e8c15c4258f92e6e6c328b86b7b19a5",
|
||
|
"pattern": "[file:hashes.MD5 = '5b8b80e509431d8301c3d3d6b85faa34']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762276-496c-4bd1-87cd-4a3502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:42.000Z",
|
||
|
"modified": "2016-07-01T07:57:42.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:42Z",
|
||
|
"last_observed": "2016-07-01T07:57:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762276-496c-4bd1-87cd-4a3502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762276-496c-4bd1-87cd-4a3502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6601c5b41f02b8833206f09c92ecefe48ed49438cc455bf9c46d5d236278b7a2/analysis/1438623262/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762276-d54c-45e7-b553-44f602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:42.000Z",
|
||
|
"modified": "2016-07-01T07:57:42.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c8395601ea301ba083cb530dad7a44c8048eeb77",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd6db51c20f0e985d80eb5b1924a54c99cc023b7119b44dc13118149d8a7863da']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762277-2838-4e7d-a65a-4d5c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:43.000Z",
|
||
|
"modified": "2016-07-01T07:57:43.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c8395601ea301ba083cb530dad7a44c8048eeb77",
|
||
|
"pattern": "[file:hashes.MD5 = 'e731e44b0c252c4d63756a0993f742a4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762277-6d5c-40a8-bbaa-4e4502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:43.000Z",
|
||
|
"modified": "2016-07-01T07:57:43.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:43Z",
|
||
|
"last_observed": "2016-07-01T07:57:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762277-6d5c-40a8-bbaa-4e4502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762277-6d5c-40a8-bbaa-4e4502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d6db51c20f0e985d80eb5b1924a54c99cc023b7119b44dc13118149d8a7863da/analysis/1465904191/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762277-cccc-4d5e-8cc0-41cc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:43.000Z",
|
||
|
"modified": "2016-07-01T07:57:43.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c7accc1c4ceedc756c30ebb2f1ff9f0dbd0255b0",
|
||
|
"pattern": "[file:hashes.SHA256 = '3608590286c34e0fb8f7f17f78a1ebf837ddbc028617001f2970f18bf5b15150']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762277-39f0-4815-836a-4ef102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:43.000Z",
|
||
|
"modified": "2016-07-01T07:57:43.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c7accc1c4ceedc756c30ebb2f1ff9f0dbd0255b0",
|
||
|
"pattern": "[file:hashes.MD5 = '7002c1dfc79e58455df72ef8e0fd816c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762277-181c-4362-8333-43fc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:43.000Z",
|
||
|
"modified": "2016-07-01T07:57:43.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:43Z",
|
||
|
"last_observed": "2016-07-01T07:57:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762277-181c-4362-8333-43fc02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762277-181c-4362-8333-43fc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3608590286c34e0fb8f7f17f78a1ebf837ddbc028617001f2970f18bf5b15150/analysis/1444149296/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762278-fb68-43ea-9e2a-46aa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:44.000Z",
|
||
|
"modified": "2016-07-01T07:57:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c414ba1dd1f281a63e58c60eb1d8cb4ac3c4e7f0",
|
||
|
"pattern": "[file:hashes.SHA256 = '819486af908d0a08f30d67b43148cb422d2e046caa52e025e330b2332273e812']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762278-348c-4ed4-a3a8-4f7802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:44.000Z",
|
||
|
"modified": "2016-07-01T07:57:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c414ba1dd1f281a63e58c60eb1d8cb4ac3c4e7f0",
|
||
|
"pattern": "[file:hashes.MD5 = 'cef3d70abdf7b4fd6556a302d99b076d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762278-4c84-4483-be3c-401402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:44.000Z",
|
||
|
"modified": "2016-07-01T07:57:44.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:44Z",
|
||
|
"last_observed": "2016-07-01T07:57:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762278-4c84-4483-be3c-401402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762278-4c84-4483-be3c-401402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/819486af908d0a08f30d67b43148cb422d2e046caa52e025e330b2332273e812/analysis/1466160040/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762278-e73c-4266-9b34-4b6702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:44.000Z",
|
||
|
"modified": "2016-07-01T07:57:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c3bc94b065449879c25a541d740346e060d9d6fe",
|
||
|
"pattern": "[file:hashes.SHA256 = '047f6b812932c004f6605202819d5730d88d3ab055160fefe3400599157df241']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762278-2ce8-42b6-bdf8-4c0202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:44.000Z",
|
||
|
"modified": "2016-07-01T07:57:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c3bc94b065449879c25a541d740346e060d9d6fe",
|
||
|
"pattern": "[file:hashes.MD5 = '530bee1c4af626e7079b530295f97e41']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762279-2328-4863-8eb7-404302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:45.000Z",
|
||
|
"modified": "2016-07-01T07:57:45.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:45Z",
|
||
|
"last_observed": "2016-07-01T07:57:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762279-2328-4863-8eb7-404302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762279-2328-4863-8eb7-404302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/047f6b812932c004f6605202819d5730d88d3ab055160fefe3400599157df241/analysis/1459494167/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762279-3110-49a4-96c8-4c5202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:45.000Z",
|
||
|
"modified": "2016-07-01T07:57:45.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c34a68c1a2d2beddbbe8ee8bd125cce14d0dc377",
|
||
|
"pattern": "[file:hashes.SHA256 = '14ba3e8a908dc062ecefdee7c84a365268506c47ea7b00d586a98f7286357c4c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762279-d374-4558-9d88-44f302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:45.000Z",
|
||
|
"modified": "2016-07-01T07:57:45.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c34a68c1a2d2beddbbe8ee8bd125cce14d0dc377",
|
||
|
"pattern": "[file:hashes.MD5 = 'd3c7437e38dd935f608c78c39dfbab8e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762279-94c0-4fbf-b95f-4b2a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:45.000Z",
|
||
|
"modified": "2016-07-01T07:57:45.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:45Z",
|
||
|
"last_observed": "2016-07-01T07:57:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762279-94c0-4fbf-b95f-4b2a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762279-94c0-4fbf-b95f-4b2a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/14ba3e8a908dc062ecefdee7c84a365268506c47ea7b00d586a98f7286357c4c/analysis/1438623252/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227a-d560-471d-88b7-49eb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:46.000Z",
|
||
|
"modified": "2016-07-01T07:57:46.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: be10c837af1f25ee67440f3a33da8c650f5ab54a",
|
||
|
"pattern": "[file:hashes.SHA256 = '94e439f67544b2d70481aeea3a19f45b35d18949fc58fd4176fefe6ef0abbdb4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227a-c844-423e-be0d-433702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:46.000Z",
|
||
|
"modified": "2016-07-01T07:57:46.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: be10c837af1f25ee67440f3a33da8c650f5ab54a",
|
||
|
"pattern": "[file:hashes.MD5 = 'a63d8092fcb55254d08a68831bf122c3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227a-1af0-4c98-aeef-40bb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:46.000Z",
|
||
|
"modified": "2016-07-01T07:57:46.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:46Z",
|
||
|
"last_observed": "2016-07-01T07:57:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227a-1af0-4c98-aeef-40bb02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227a-1af0-4c98-aeef-40bb02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/94e439f67544b2d70481aeea3a19f45b35d18949fc58fd4176fefe6ef0abbdb4/analysis/1465971799/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227a-0c0c-4b5b-b2eb-4a1502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:46.000Z",
|
||
|
"modified": "2016-07-01T07:57:46.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: bca5accb9f1d0806f8603cf74ce0ebe9519f5004",
|
||
|
"pattern": "[file:hashes.SHA256 = '39d4079b158098ec31df14a5353e4288293d320b4a122ce509d11de64d12f51f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227a-27c0-4d21-8f2b-467302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:46.000Z",
|
||
|
"modified": "2016-07-01T07:57:46.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: bca5accb9f1d0806f8603cf74ce0ebe9519f5004",
|
||
|
"pattern": "[file:hashes.MD5 = '1f3d4652082f13a8e534bb3015138f68']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227b-0544-4586-9e26-4af802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:47.000Z",
|
||
|
"modified": "2016-07-01T07:57:47.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:47Z",
|
||
|
"last_observed": "2016-07-01T07:57:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227b-0544-4586-9e26-4af802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227b-0544-4586-9e26-4af802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/39d4079b158098ec31df14a5353e4288293d320b4a122ce509d11de64d12f51f/analysis/1464296513/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227b-5778-4835-9808-4fcb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:47.000Z",
|
||
|
"modified": "2016-07-01T07:57:47.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ba29c29a35d15a668ea2ea79d1d4e56c2d67553f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ffa26fba419e51506411b02a0ed9bcae69de6a1bf14ebf02f493e2b6526d5fd3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227b-f1e0-44d1-850b-43a502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:47.000Z",
|
||
|
"modified": "2016-07-01T07:57:47.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ba29c29a35d15a668ea2ea79d1d4e56c2d67553f",
|
||
|
"pattern": "[file:hashes.MD5 = 'aa6dbad871f201694d2df42eb176f6e4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227b-dbdc-4b69-b100-46a402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:47.000Z",
|
||
|
"modified": "2016-07-01T07:57:47.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:47Z",
|
||
|
"last_observed": "2016-07-01T07:57:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227b-dbdc-4b69-b100-46a402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227b-dbdc-4b69-b100-46a402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ffa26fba419e51506411b02a0ed9bcae69de6a1bf14ebf02f493e2b6526d5fd3/analysis/1455972587/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227b-6f38-4d22-8afd-496d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:47.000Z",
|
||
|
"modified": "2016-07-01T07:57:47.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b719e1d03e860235a68dda4168f29ac4988d25de",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e29506f856c841a42212110ef9a7cb005de7753581b7e4443294a007896fb470']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227c-7e3c-44de-990b-402f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:48.000Z",
|
||
|
"modified": "2016-07-01T07:57:48.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b719e1d03e860235a68dda4168f29ac4988d25de",
|
||
|
"pattern": "[file:hashes.MD5 = 'cef2d7a0ec0e64be9a52c376508fea96']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227c-4de0-45a6-8d9d-4f2c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:48.000Z",
|
||
|
"modified": "2016-07-01T07:57:48.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:48Z",
|
||
|
"last_observed": "2016-07-01T07:57:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227c-4de0-45a6-8d9d-4f2c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227c-4de0-45a6-8d9d-4f2c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e29506f856c841a42212110ef9a7cb005de7753581b7e4443294a007896fb470/analysis/1445263461/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227c-2da0-4c78-87e8-4e2102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:48.000Z",
|
||
|
"modified": "2016-07-01T07:57:48.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b4e867893d9d6f8b52de98ab6b41513d61f20472",
|
||
|
"pattern": "[file:hashes.SHA256 = '00f5c8705613f3d43a6aae49388763c7de1cf12f34a71dddfd40da23ac37cbc6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227c-41a8-4255-885d-441002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:48.000Z",
|
||
|
"modified": "2016-07-01T07:57:48.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b4e867893d9d6f8b52de98ab6b41513d61f20472",
|
||
|
"pattern": "[file:hashes.MD5 = '14fe3c89932f50fcd851daf26e6c8dc1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227d-ecf4-49c5-91ed-4ce602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:49.000Z",
|
||
|
"modified": "2016-07-01T07:57:49.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:49Z",
|
||
|
"last_observed": "2016-07-01T07:57:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227d-ecf4-49c5-91ed-4ce602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227d-ecf4-49c5-91ed-4ce602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/00f5c8705613f3d43a6aae49388763c7de1cf12f34a71dddfd40da23ac37cbc6/analysis/1465917804/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227d-fb70-4c34-b1e9-417002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:49.000Z",
|
||
|
"modified": "2016-07-01T07:57:49.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b35b07ad4f42493ecb19f66aba83da8e74c1bb5a",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ecfad09c3f05db2605707a49b9850d0f418094987689692d1eb45630e2e7870f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227d-1258-417f-b834-4af802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:49.000Z",
|
||
|
"modified": "2016-07-01T07:57:49.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b35b07ad4f42493ecb19f66aba83da8e74c1bb5a",
|
||
|
"pattern": "[file:hashes.MD5 = 'ec3b3edf745181c8bc1a4b5c3386104a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227d-ea24-4608-be52-4e5b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:49.000Z",
|
||
|
"modified": "2016-07-01T07:57:49.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:49Z",
|
||
|
"last_observed": "2016-07-01T07:57:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227d-ea24-4608-be52-4e5b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227d-ea24-4608-be52-4e5b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ecfad09c3f05db2605707a49b9850d0f418094987689692d1eb45630e2e7870f/analysis/1461837628/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227d-c0b4-48e2-befb-41a602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:49.000Z",
|
||
|
"modified": "2016-07-01T07:57:49.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b0b9215e236bb47f5f0a108be97b24d20898d2fc",
|
||
|
"pattern": "[file:hashes.SHA256 = '2e5178486415e4366476721cee5da24c88c8bde8645b4acd6f79cd3339e7b51f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227e-f93c-4d9e-aa3f-4c3402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:50.000Z",
|
||
|
"modified": "2016-07-01T07:57:50.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b0b9215e236bb47f5f0a108be97b24d20898d2fc",
|
||
|
"pattern": "[file:hashes.MD5 = '77bcfabe525cde2aa196201446c97523']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227e-4bc4-40ec-b7e3-4ea302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:50.000Z",
|
||
|
"modified": "2016-07-01T07:57:50.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:50Z",
|
||
|
"last_observed": "2016-07-01T07:57:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227e-4bc4-40ec-b7e3-4ea302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227e-4bc4-40ec-b7e3-4ea302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2e5178486415e4366476721cee5da24c88c8bde8645b4acd6f79cd3339e7b51f/analysis/1465917793/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227e-8c1c-4b45-8dbd-412002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:50.000Z",
|
||
|
"modified": "2016-07-01T07:57:50.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a753de6b2e6d3d5735fc5e90a879f1ad7e93fb0f",
|
||
|
"pattern": "[file:hashes.SHA256 = '2fde6ec829874d2816250bb2f2959fb07ee5bbc789fe785b3ce30c7fb50e6684']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227e-2300-4f5b-8444-457002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:50.000Z",
|
||
|
"modified": "2016-07-01T07:57:50.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a753de6b2e6d3d5735fc5e90a879f1ad7e93fb0f",
|
||
|
"pattern": "[file:hashes.MD5 = 'b6b671d6371ee30bfa208e01b12adc64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227e-3538-4521-b749-49f902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:50.000Z",
|
||
|
"modified": "2016-07-01T07:57:50.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:50Z",
|
||
|
"last_observed": "2016-07-01T07:57:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227e-3538-4521-b749-49f902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227e-3538-4521-b749-49f902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2fde6ec829874d2816250bb2f2959fb07ee5bbc789fe785b3ce30c7fb50e6684/analysis/1465917798/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227f-a0f4-43eb-b20e-4cc202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:51.000Z",
|
||
|
"modified": "2016-07-01T07:57:51.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a5daecfd57f006acd15486bd544f40e4cdce3801",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f7a8c1c7b235309d1f5568d6cb46b69a0a8b142426696a97723447e22d02ea3c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227f-56d8-453f-9b09-4f3c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:51.000Z",
|
||
|
"modified": "2016-07-01T07:57:51.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a5daecfd57f006acd15486bd544f40e4cdce3801",
|
||
|
"pattern": "[file:hashes.MD5 = 'b2b241b8085ed191767e4d7b4b3810b7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776227f-d904-4ac9-98cc-4df702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:51.000Z",
|
||
|
"modified": "2016-07-01T07:57:51.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:51Z",
|
||
|
"last_observed": "2016-07-01T07:57:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776227f-d904-4ac9-98cc-4df702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776227f-d904-4ac9-98cc-4df702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f7a8c1c7b235309d1f5568d6cb46b69a0a8b142426696a97723447e22d02ea3c/analysis/1464296513/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776227f-6ac0-4ce0-a75a-4e1902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:51.000Z",
|
||
|
"modified": "2016-07-01T07:57:51.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 9b0effd20ea7239275b6cf1e02280eb67eced701",
|
||
|
"pattern": "[file:hashes.SHA256 = '85eb95354245be8967c205c0215d4486adcfbdd8fc5b6fb47c927af2e9cefdbc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762280-899c-4c89-b6f3-433402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:52.000Z",
|
||
|
"modified": "2016-07-01T07:57:52.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 9b0effd20ea7239275b6cf1e02280eb67eced701",
|
||
|
"pattern": "[file:hashes.MD5 = '94731a398002fee1791c6f9d457a4e38']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762280-b55c-4d0b-89ce-4b4a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:52.000Z",
|
||
|
"modified": "2016-07-01T07:57:52.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:52Z",
|
||
|
"last_observed": "2016-07-01T07:57:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762280-b55c-4d0b-89ce-4b4a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762280-b55c-4d0b-89ce-4b4a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/85eb95354245be8967c205c0215d4486adcfbdd8fc5b6fb47c927af2e9cefdbc/analysis/1464296513/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762280-1388-439e-97e9-449902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:52.000Z",
|
||
|
"modified": "2016-07-01T07:57:52.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 9957af2dbfa04bca2a5319a216852ce4f4a17682",
|
||
|
"pattern": "[file:hashes.SHA256 = '99b3974bbe0a5aad008fc2351a42b1af8c1246f9b1dbd31df29e3e1ea8600d6d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762280-f78c-43e2-9a0f-4f9a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:52.000Z",
|
||
|
"modified": "2016-07-01T07:57:52.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 9957af2dbfa04bca2a5319a216852ce4f4a17682",
|
||
|
"pattern": "[file:hashes.MD5 = 'e396af43c329af21f07e49b1b083cb36']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762280-f688-49c8-8dad-4fa802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:52.000Z",
|
||
|
"modified": "2016-07-01T07:57:52.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:52Z",
|
||
|
"last_observed": "2016-07-01T07:57:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762280-f688-49c8-8dad-4fa802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762280-f688-49c8-8dad-4fa802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/99b3974bbe0a5aad008fc2351a42b1af8c1246f9b1dbd31df29e3e1ea8600d6d/analysis/1443135430/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762281-56b0-4d3b-af74-438e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:53.000Z",
|
||
|
"modified": "2016-07-01T07:57:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 96d9cf7296f02bf4e49c0540fb84981493b61a93",
|
||
|
"pattern": "[file:hashes.SHA256 = '5a97a9e3172bbf15619c8d5e70a115c3422c0500fdd8e87e557627f188402332']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762281-be18-4605-b5aa-473102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:53.000Z",
|
||
|
"modified": "2016-07-01T07:57:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 96d9cf7296f02bf4e49c0540fb84981493b61a93",
|
||
|
"pattern": "[file:hashes.MD5 = '4e8db9a6fe01bea1de7c68d08ecf6399']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762281-1de0-4d76-8e52-411002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:53.000Z",
|
||
|
"modified": "2016-07-01T07:57:53.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:53Z",
|
||
|
"last_observed": "2016-07-01T07:57:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762281-1de0-4d76-8e52-411002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762281-1de0-4d76-8e52-411002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5a97a9e3172bbf15619c8d5e70a115c3422c0500fdd8e87e557627f188402332/analysis/1440700358/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762281-c154-4ac2-8b6f-474602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:53.000Z",
|
||
|
"modified": "2016-07-01T07:57:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 92731e4ed149c59a25c233635c55a87a8a22b19f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e98756b27d4b2d331ba989cfa700b826441f7fc296222251fee957505a6bfab3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762281-c598-4ddc-a421-4e6402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:53.000Z",
|
||
|
"modified": "2016-07-01T07:57:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 92731e4ed149c59a25c233635c55a87a8a22b19f",
|
||
|
"pattern": "[file:hashes.MD5 = '1db99e5d5e80d4158eead6c99e635115']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762282-3a7c-478b-b862-417702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:54.000Z",
|
||
|
"modified": "2016-07-01T07:57:54.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:54Z",
|
||
|
"last_observed": "2016-07-01T07:57:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762282-3a7c-478b-b862-417702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762282-3a7c-478b-b862-417702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e98756b27d4b2d331ba989cfa700b826441f7fc296222251fee957505a6bfab3/analysis/1465917806/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762282-5748-422d-b730-44f902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:54.000Z",
|
||
|
"modified": "2016-07-01T07:57:54.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8ffd436182f8d2a7ec0a66c0d6d43f71222f62b5",
|
||
|
"pattern": "[file:hashes.SHA256 = '61403c2425a361afee599c8aebe9be77dac437295a078a1b8c04880949a9e565']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762282-5e90-4270-9334-40d702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:54.000Z",
|
||
|
"modified": "2016-07-01T07:57:54.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8ffd436182f8d2a7ec0a66c0d6d43f71222f62b5",
|
||
|
"pattern": "[file:hashes.MD5 = '3be1065b702be5b323d71c10fe76ee48']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762282-477c-4520-94e5-49ef02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:54.000Z",
|
||
|
"modified": "2016-07-01T07:57:54.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:54Z",
|
||
|
"last_observed": "2016-07-01T07:57:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762282-477c-4520-94e5-49ef02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762282-477c-4520-94e5-49ef02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/61403c2425a361afee599c8aebe9be77dac437295a078a1b8c04880949a9e565/analysis/1466159034/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762282-456c-460a-937b-405702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:54.000Z",
|
||
|
"modified": "2016-07-01T07:57:54.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8f8d7cd742fb843ba8cb16c2b2d6349436049ed8",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ca5eaf8771ba370eb4340353a66ebeac4792988e70050efe3582cc0a4a097c81']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762283-0f18-4f47-85cd-45a702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:55.000Z",
|
||
|
"modified": "2016-07-01T07:57:55.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8f8d7cd742fb843ba8cb16c2b2d6349436049ed8",
|
||
|
"pattern": "[file:hashes.MD5 = 'ea6c364154e013e122b2d5e3cacee0f0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762283-0034-44c3-97ba-4f3302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:55.000Z",
|
||
|
"modified": "2016-07-01T07:57:55.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:55Z",
|
||
|
"last_observed": "2016-07-01T07:57:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762283-0034-44c3-97ba-4f3302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762283-0034-44c3-97ba-4f3302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ca5eaf8771ba370eb4340353a66ebeac4792988e70050efe3582cc0a4a097c81/analysis/1465904244/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762283-f808-4710-a4c2-4e3502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:55.000Z",
|
||
|
"modified": "2016-07-01T07:57:55.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 85a6e3a3fcee71ffa2aad90336960132fa8f4c4d",
|
||
|
"pattern": "[file:hashes.SHA256 = '83bb737b98297b91a60e5e976d9efbf53eb7086a38b1a5fb2c352c27cc76fba2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762283-c654-478f-b986-4a0c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:55.000Z",
|
||
|
"modified": "2016-07-01T07:57:55.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 85a6e3a3fcee71ffa2aad90336960132fa8f4c4d",
|
||
|
"pattern": "[file:hashes.MD5 = 'a582b7aed9d8088f03ee19a14a533e3e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762284-59a0-4b28-bc67-490402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:56.000Z",
|
||
|
"modified": "2016-07-01T07:57:56.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:56Z",
|
||
|
"last_observed": "2016-07-01T07:57:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762284-59a0-4b28-bc67-490402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762284-59a0-4b28-bc67-490402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/83bb737b98297b91a60e5e976d9efbf53eb7086a38b1a5fb2c352c27cc76fba2/analysis/1440700361/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762284-6730-42ba-950a-478502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:56.000Z",
|
||
|
"modified": "2016-07-01T07:57:56.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 840de34aa767131eb34069e6f936dea3a48c024e",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bab66b950d0bdb08d9c37b3b7a71391241a58c59e59b58d9a81e78ae0ec44bb5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762284-ebcc-46fa-aa95-494502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:56.000Z",
|
||
|
"modified": "2016-07-01T07:57:56.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 840de34aa767131eb34069e6f936dea3a48c024e",
|
||
|
"pattern": "[file:hashes.MD5 = '7aa681934244e2f0361d34da47db7f08']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762284-eea4-490c-9605-4e6c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:56.000Z",
|
||
|
"modified": "2016-07-01T07:57:56.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:56Z",
|
||
|
"last_observed": "2016-07-01T07:57:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762284-eea4-490c-9605-4e6c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762284-eea4-490c-9605-4e6c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bab66b950d0bdb08d9c37b3b7a71391241a58c59e59b58d9a81e78ae0ec44bb5/analysis/1466601647/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762284-de14-496c-8242-402a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:56.000Z",
|
||
|
"modified": "2016-07-01T07:57:56.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 840563929f13ab05e45a8d3fb2d11e70e3cdccca",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd27946d76f195dc6f6eadbf22ca45f7bd9c1ff49b12a42be9225b6bcb4d959a4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762285-f5bc-444e-bf44-4e8c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:57.000Z",
|
||
|
"modified": "2016-07-01T07:57:57.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 840563929f13ab05e45a8d3fb2d11e70e3cdccca",
|
||
|
"pattern": "[file:hashes.MD5 = '3b5492ae4d6cd92075bc78266c32c6ea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762285-c00c-4199-a593-4f6a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:57.000Z",
|
||
|
"modified": "2016-07-01T07:57:57.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:57Z",
|
||
|
"last_observed": "2016-07-01T07:57:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762285-c00c-4199-a593-4f6a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762285-c00c-4199-a593-4f6a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d27946d76f195dc6f6eadbf22ca45f7bd9c1ff49b12a42be9225b6bcb4d959a4/analysis/1440700359/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762285-0bd4-4fe6-b487-47f202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:57.000Z",
|
||
|
"modified": "2016-07-01T07:57:57.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 78499e4694f847972576960a04f8177691a7c911",
|
||
|
"pattern": "[file:hashes.SHA256 = '9fea0b0a7c1f747f043d9e0713709627afc0c211f394dc42c60f07b1405266cc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762285-8868-41e8-8d28-4da702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:57.000Z",
|
||
|
"modified": "2016-07-01T07:57:57.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 78499e4694f847972576960a04f8177691a7c911",
|
||
|
"pattern": "[file:hashes.MD5 = 'fde05df18596f6f9e5378ab74fdd1148']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762285-6818-4b68-875e-452b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:57.000Z",
|
||
|
"modified": "2016-07-01T07:57:57.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:57Z",
|
||
|
"last_observed": "2016-07-01T07:57:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762285-6818-4b68-875e-452b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762285-6818-4b68-875e-452b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9fea0b0a7c1f747f043d9e0713709627afc0c211f394dc42c60f07b1405266cc/analysis/1465917795/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762286-a3d0-4251-9919-48b302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:58.000Z",
|
||
|
"modified": "2016-07-01T07:57:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 6c68a9df2d710187d067ecb2d0cc04358d570b52",
|
||
|
"pattern": "[file:hashes.SHA256 = '879e92977367026d168ed99d93bfa5cc5171cf3ccbcac382861a3a6a7a7573ad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762286-6074-4f59-bc0d-4ddd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:58.000Z",
|
||
|
"modified": "2016-07-01T07:57:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 6c68a9df2d710187d067ecb2d0cc04358d570b52",
|
||
|
"pattern": "[file:hashes.MD5 = 'b0076d142cb1648e42cbb04c2f7c44af']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762286-8b24-473c-82ca-4e5702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:58.000Z",
|
||
|
"modified": "2016-07-01T07:57:58.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:58Z",
|
||
|
"last_observed": "2016-07-01T07:57:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762286-8b24-473c-82ca-4e5702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762286-8b24-473c-82ca-4e5702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/879e92977367026d168ed99d93bfa5cc5171cf3ccbcac382861a3a6a7a7573ad/analysis/1440700359/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762286-4688-4152-b622-4dcd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:58.000Z",
|
||
|
"modified": "2016-07-01T07:57:58.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 686ada60c898782b57ca993141b64f7c7a531c50",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a55420d39e48de99712cb574b47a6c8a62759be370ed43a301bb5541448c796c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762287-35a0-4b0a-9d29-40c702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:59.000Z",
|
||
|
"modified": "2016-07-01T07:57:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 686ada60c898782b57ca993141b64f7c7a531c50",
|
||
|
"pattern": "[file:hashes.MD5 = 'e1c8a6eafdc3728b07c34c72dfe966d7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762287-5a90-4699-86f8-4c4602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:59.000Z",
|
||
|
"modified": "2016-07-01T07:57:59.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:59Z",
|
||
|
"last_observed": "2016-07-01T07:57:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762287-5a90-4699-86f8-4c4602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762287-5a90-4699-86f8-4c4602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a55420d39e48de99712cb574b47a6c8a62759be370ed43a301bb5541448c796c/analysis/1444899447/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762287-44e4-40e2-9eaa-4f7a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:59.000Z",
|
||
|
"modified": "2016-07-01T07:57:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 66ec04c005d0a1ebc218455915e31d2a2b6dd459",
|
||
|
"pattern": "[file:hashes.SHA256 = '9f323ac67f705dfb332151358b3bf5678ea383fc537f40bae15e6b5df73ff60f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762287-7470-430f-9ff1-400202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:59.000Z",
|
||
|
"modified": "2016-07-01T07:57:59.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 66ec04c005d0a1ebc218455915e31d2a2b6dd459",
|
||
|
"pattern": "[file:hashes.MD5 = 'bd3631c32546500cfd750c298822424d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:57:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762287-8afc-4b4c-9f46-4b6902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:57:59.000Z",
|
||
|
"modified": "2016-07-01T07:57:59.000Z",
|
||
|
"first_observed": "2016-07-01T07:57:59Z",
|
||
|
"last_observed": "2016-07-01T07:57:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762287-8afc-4b4c-9f46-4b6902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762287-8afc-4b4c-9f46-4b6902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9f323ac67f705dfb332151358b3bf5678ea383fc537f40bae15e6b5df73ff60f/analysis/1435817252/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762288-04d8-401a-ba96-414902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:00.000Z",
|
||
|
"modified": "2016-07-01T07:58:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 621698f821a2bafccad026f9f5d2fe1ac46a39ce",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ab975468771459f8fe161d4a77b62a11724c45b1b9b4d0a68b6ffce4c7037661']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762288-20b0-41ff-bc62-428102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:00.000Z",
|
||
|
"modified": "2016-07-01T07:58:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 621698f821a2bafccad026f9f5d2fe1ac46a39ce",
|
||
|
"pattern": "[file:hashes.MD5 = 'd0218ae2498db1105af95e8206b3ec98']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762288-8d64-42d2-bd97-4cea02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:00.000Z",
|
||
|
"modified": "2016-07-01T07:58:00.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:00Z",
|
||
|
"last_observed": "2016-07-01T07:58:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762288-8d64-42d2-bd97-4cea02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762288-8d64-42d2-bd97-4cea02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ab975468771459f8fe161d4a77b62a11724c45b1b9b4d0a68b6ffce4c7037661/analysis/1443128585/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762288-d6a4-4e3e-8edf-4bed02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:00.000Z",
|
||
|
"modified": "2016-07-01T07:58:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5ff776d23e6c6af47619ad2e7333a434b79e19df",
|
||
|
"pattern": "[file:hashes.SHA256 = '09c2c4f3fa2bfcceccbc7508ff249ee03a3ee37fe6dfa8aea83306962cfcdb27']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762288-fefc-421a-b25b-479902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:00.000Z",
|
||
|
"modified": "2016-07-01T07:58:00.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5ff776d23e6c6af47619ad2e7333a434b79e19df",
|
||
|
"pattern": "[file:hashes.MD5 = 'a73f738b47b39925db1e8fdc481eb6be']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762289-2584-4e78-8275-447502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:01.000Z",
|
||
|
"modified": "2016-07-01T07:58:01.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:01Z",
|
||
|
"last_observed": "2016-07-01T07:58:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762289-2584-4e78-8275-447502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762289-2584-4e78-8275-447502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/09c2c4f3fa2bfcceccbc7508ff249ee03a3ee37fe6dfa8aea83306962cfcdb27/analysis/1443852405/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762289-80bc-4a29-a0ef-422102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:01.000Z",
|
||
|
"modified": "2016-07-01T07:58:01.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5d492ae763bfc227db9eea46e560124128ff925b",
|
||
|
"pattern": "[file:hashes.SHA256 = '249b0c43c35497dcd22ce65ab63e6a4d7ae5ecc3751dfd7f5607daed28efc4a7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762289-6e98-4118-93cc-422202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:01.000Z",
|
||
|
"modified": "2016-07-01T07:58:01.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5d492ae763bfc227db9eea46e560124128ff925b",
|
||
|
"pattern": "[file:hashes.MD5 = '0b744aaf5fb92fcf4967b47395db6cdc']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762289-6550-4740-b15f-44c502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:01.000Z",
|
||
|
"modified": "2016-07-01T07:58:01.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:01Z",
|
||
|
"last_observed": "2016-07-01T07:58:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762289-6550-4740-b15f-44c502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762289-6550-4740-b15f-44c502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/249b0c43c35497dcd22ce65ab63e6a4d7ae5ecc3751dfd7f5607daed28efc4a7/analysis/1439635226/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228a-7674-47c8-8918-42f402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:02.000Z",
|
||
|
"modified": "2016-07-01T07:58:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 585550816539b73dfdc3cee80cc60e1cdc1cdb3e",
|
||
|
"pattern": "[file:hashes.SHA256 = '0866a23fa5463cfec96a981d423515d9589155325278953808f28e00dd33e44d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228a-523c-4092-8609-439202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:02.000Z",
|
||
|
"modified": "2016-07-01T07:58:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 585550816539b73dfdc3cee80cc60e1cdc1cdb3e",
|
||
|
"pattern": "[file:hashes.MD5 = 'ee4342fe3f40eca903bb2ab6427890ff']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228a-a5f0-4de2-a150-43a202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:02.000Z",
|
||
|
"modified": "2016-07-01T07:58:02.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:02Z",
|
||
|
"last_observed": "2016-07-01T07:58:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228a-a5f0-4de2-a150-43a202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228a-a5f0-4de2-a150-43a202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0866a23fa5463cfec96a981d423515d9589155325278953808f28e00dd33e44d/analysis/1459494971/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228a-57f0-41b2-89b3-440b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:02.000Z",
|
||
|
"modified": "2016-07-01T07:58:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 547f525f57f3f47222ae3ab253635df936bd355a",
|
||
|
"pattern": "[file:hashes.SHA256 = '3b94674c3b1b6a9a1e997e8b881ff1993d5295e67358d727ffcc24a41bbe25d2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228a-72dc-495a-8175-499d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:02.000Z",
|
||
|
"modified": "2016-07-01T07:58:02.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 547f525f57f3f47222ae3ab253635df936bd355a",
|
||
|
"pattern": "[file:hashes.MD5 = 'b62ee8e5198e77ed3e4d4011872bceaa']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228b-394c-4b32-bd45-402802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:03.000Z",
|
||
|
"modified": "2016-07-01T07:58:03.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:03Z",
|
||
|
"last_observed": "2016-07-01T07:58:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228b-394c-4b32-bd45-402802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228b-394c-4b32-bd45-402802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3b94674c3b1b6a9a1e997e8b881ff1993d5295e67358d727ffcc24a41bbe25d2/analysis/1464296513/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228b-f49c-47ff-8d49-4ed802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:03.000Z",
|
||
|
"modified": "2016-07-01T07:58:03.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 4f35665e689bea4f116505f81ae2906fd1517128",
|
||
|
"pattern": "[file:hashes.SHA256 = '54599bec10e5cc6cabfc5012cbbcaf0fba399be0b08aa862b0b40a7445a7e2bd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228b-a3d4-4f68-a02c-49ae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:03.000Z",
|
||
|
"modified": "2016-07-01T07:58:03.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 4f35665e689bea4f116505f81ae2906fd1517128",
|
||
|
"pattern": "[file:hashes.MD5 = '29a5ce23e9d189fe906a567255f5c04a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228b-e1e8-4087-b7be-4ac502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:03.000Z",
|
||
|
"modified": "2016-07-01T07:58:03.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:03Z",
|
||
|
"last_observed": "2016-07-01T07:58:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228b-e1e8-4087-b7be-4ac502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228b-e1e8-4087-b7be-4ac502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/54599bec10e5cc6cabfc5012cbbcaf0fba399be0b08aa862b0b40a7445a7e2bd/analysis/1465917801/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228c-19cc-4a41-a56d-4e2002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:04.000Z",
|
||
|
"modified": "2016-07-01T07:58:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 46f1b8722f8f094015c749599e94a3e44850df0a",
|
||
|
"pattern": "[file:hashes.SHA256 = '6686a75bfa7ea4af606a73a6ce91f2ec4c064558bb984d4b83b1f4440d68eebb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228c-35c0-4d92-af6f-421e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:04.000Z",
|
||
|
"modified": "2016-07-01T07:58:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 46f1b8722f8f094015c749599e94a3e44850df0a",
|
||
|
"pattern": "[file:hashes.MD5 = '418cd178b9005d67cc51812708e6d2a4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228c-84a8-44ae-a936-4a9d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:04.000Z",
|
||
|
"modified": "2016-07-01T07:58:04.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:04Z",
|
||
|
"last_observed": "2016-07-01T07:58:04Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228c-84a8-44ae-a936-4a9d02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228c-84a8-44ae-a936-4a9d02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/6686a75bfa7ea4af606a73a6ce91f2ec4c064558bb984d4b83b1f4440d68eebb/analysis/1466159066/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228c-39b0-41a7-acf3-49e002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:04.000Z",
|
||
|
"modified": "2016-07-01T07:58:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 443551d822eba6a81b8ac3177e31e210c99934d0",
|
||
|
"pattern": "[file:hashes.SHA256 = '558112831fbb5c76af25cf490ff1f9e87f8eab78f3b2f153701b5f96381e3c21']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228c-7980-4fde-83ee-44b202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:04.000Z",
|
||
|
"modified": "2016-07-01T07:58:04.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 443551d822eba6a81b8ac3177e31e210c99934d0",
|
||
|
"pattern": "[file:hashes.MD5 = '0ebfd7a17f0cd3703f4f97c028c75578']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228d-8724-4b47-950c-4e9502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:05.000Z",
|
||
|
"modified": "2016-07-01T07:58:05.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:05Z",
|
||
|
"last_observed": "2016-07-01T07:58:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228d-8724-4b47-950c-4e9502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228d-8724-4b47-950c-4e9502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/558112831fbb5c76af25cf490ff1f9e87f8eab78f3b2f153701b5f96381e3c21/analysis/1443844670/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228d-b374-4910-a8c7-42b302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:05.000Z",
|
||
|
"modified": "2016-07-01T07:58:05.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 3fbaf98c75992db9db11d29ae20c13b7b0f50470",
|
||
|
"pattern": "[file:hashes.SHA256 = '2d22bd6df33d18d366686c5b8338dad653dfcb20863a546718f11b17b6a60035']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228d-be5c-445b-86c5-497a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:05.000Z",
|
||
|
"modified": "2016-07-01T07:58:05.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 3fbaf98c75992db9db11d29ae20c13b7b0f50470",
|
||
|
"pattern": "[file:hashes.MD5 = '1ac9769978584f97731dae581896d37e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228d-d364-4808-8db7-452502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:05.000Z",
|
||
|
"modified": "2016-07-01T07:58:05.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:05Z",
|
||
|
"last_observed": "2016-07-01T07:58:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228d-d364-4808-8db7-452502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228d-d364-4808-8db7-452502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2d22bd6df33d18d366686c5b8338dad653dfcb20863a546718f11b17b6a60035/analysis/1441637756/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228e-e650-49fa-a108-457602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:06.000Z",
|
||
|
"modified": "2016-07-01T07:58:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 3e10fd3e8d4c4a7900e603aee7660c83441d998e",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e07a04cc550ac83d9d2440a85a93208b87a4ba983bbb329199edce4af7300ef8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228e-16a4-45c6-b641-49aa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:06.000Z",
|
||
|
"modified": "2016-07-01T07:58:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 3e10fd3e8d4c4a7900e603aee7660c83441d998e",
|
||
|
"pattern": "[file:hashes.MD5 = 'e3cbb289deed1c3791fc2f3c5b935100']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228e-6458-4ce4-9353-442a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:06.000Z",
|
||
|
"modified": "2016-07-01T07:58:06.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:06Z",
|
||
|
"last_observed": "2016-07-01T07:58:06Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228e-6458-4ce4-9353-442a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228e-6458-4ce4-9353-442a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e07a04cc550ac83d9d2440a85a93208b87a4ba983bbb329199edce4af7300ef8/analysis/1466160148/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228e-e1c8-4961-b1a2-49cb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:06.000Z",
|
||
|
"modified": "2016-07-01T07:58:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 33f57151a52666ca055f1dc66ef04e2f9cb09918",
|
||
|
"pattern": "[file:hashes.SHA256 = '1b86ccda340fef86eee3303c0d5375badbc2c3e461b2e4df17a7796088ee8bec']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228e-459c-40d0-846b-4b9702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:06.000Z",
|
||
|
"modified": "2016-07-01T07:58:06.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 33f57151a52666ca055f1dc66ef04e2f9cb09918",
|
||
|
"pattern": "[file:hashes.MD5 = '4c8f7c17e2f6a365bde26f8eb718d064']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228f-b8d8-4c97-922b-49fd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:07.000Z",
|
||
|
"modified": "2016-07-01T07:58:07.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:07Z",
|
||
|
"last_observed": "2016-07-01T07:58:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228f-b8d8-4c97-922b-49fd02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228f-b8d8-4c97-922b-49fd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1b86ccda340fef86eee3303c0d5375badbc2c3e461b2e4df17a7796088ee8bec/analysis/1466600988/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228f-4fe8-4053-b362-4ae702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:07.000Z",
|
||
|
"modified": "2016-07-01T07:58:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 321ca51b4c250515bc3075abe735e360a57dee22",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ee87db36cf5155159a744682ea21fab13f3c55ef882816be07ab89867f97ebae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228f-7e0c-4fb4-aab6-414402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:07.000Z",
|
||
|
"modified": "2016-07-01T07:58:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 321ca51b4c250515bc3075abe735e360a57dee22",
|
||
|
"pattern": "[file:hashes.MD5 = '69c30e8b2202df4aa54c9d71ace5ef97']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776228f-475c-4613-b359-4cef02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:07.000Z",
|
||
|
"modified": "2016-07-01T07:58:07.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:07Z",
|
||
|
"last_observed": "2016-07-01T07:58:07Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776228f-475c-4613-b359-4cef02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776228f-475c-4613-b359-4cef02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ee87db36cf5155159a744682ea21fab13f3c55ef882816be07ab89867f97ebae/analysis/1443873639/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776228f-f0ac-4cf8-90fe-4ffe02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:07.000Z",
|
||
|
"modified": "2016-07-01T07:58:07.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2bf06a003a9bd56d2ed91770966a7aee7d9784b9",
|
||
|
"pattern": "[file:hashes.SHA256 = '3d6c77e38b3de171a6093cc320100cedc43ef45687c1d92f7d43fd0972a58fb8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762290-366c-4f4f-a74a-415c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:08.000Z",
|
||
|
"modified": "2016-07-01T07:58:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2bf06a003a9bd56d2ed91770966a7aee7d9784b9",
|
||
|
"pattern": "[file:hashes.MD5 = '3fb8af9e9ae1020ce0e5d12ef50c0d04']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762290-9c58-4cf2-91e7-4e6102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:08.000Z",
|
||
|
"modified": "2016-07-01T07:58:08.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:08Z",
|
||
|
"last_observed": "2016-07-01T07:58:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762290-9c58-4cf2-91e7-4e6102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762290-9c58-4cf2-91e7-4e6102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3d6c77e38b3de171a6093cc320100cedc43ef45687c1d92f7d43fd0972a58fb8/analysis/1465969532/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762290-eed4-4fc9-b6ec-42de02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:08.000Z",
|
||
|
"modified": "2016-07-01T07:58:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2a84f90ed23a569defee7b37f4650aca4021a767",
|
||
|
"pattern": "[file:hashes.SHA256 = '95b73785629c94ab8156cf1b9f2ecd1f283bebbb44fbce7e873f157a814038df']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762290-d584-4868-9f3a-4b7502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:08.000Z",
|
||
|
"modified": "2016-07-01T07:58:08.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2a84f90ed23a569defee7b37f4650aca4021a767",
|
||
|
"pattern": "[file:hashes.MD5 = 'dc86f57e3aaf77facf347dc0c34714c8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762291-c024-4350-9751-4fdd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:09.000Z",
|
||
|
"modified": "2016-07-01T07:58:09.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:09Z",
|
||
|
"last_observed": "2016-07-01T07:58:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762291-c024-4350-9751-4fdd02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762291-c024-4350-9751-4fdd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/95b73785629c94ab8156cf1b9f2ecd1f283bebbb44fbce7e873f157a814038df/analysis/1438623255/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762291-6388-4409-a066-44c002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:09.000Z",
|
||
|
"modified": "2016-07-01T07:58:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 272c42bcdcc88adba1e01e60a931fbe5f5800883",
|
||
|
"pattern": "[file:hashes.SHA256 = 'dff4ef0ab739b027326120501aa26dcfc76bd347ec95c6f097df4b71400d1a19']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762291-96d8-4e3b-8a92-498002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:09.000Z",
|
||
|
"modified": "2016-07-01T07:58:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 272c42bcdcc88adba1e01e60a931fbe5f5800883",
|
||
|
"pattern": "[file:hashes.MD5 = '1c736d8c04305b77290a477b39cef433']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762291-62b8-46ec-be9d-45b702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:09.000Z",
|
||
|
"modified": "2016-07-01T07:58:09.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:09Z",
|
||
|
"last_observed": "2016-07-01T07:58:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762291-62b8-46ec-be9d-45b702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762291-62b8-46ec-be9d-45b702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/dff4ef0ab739b027326120501aa26dcfc76bd347ec95c6f097df4b71400d1a19/analysis/1463016703/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762291-f75c-4ede-8e40-4a4d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:09.000Z",
|
||
|
"modified": "2016-07-01T07:58:09.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 26f8d64038439c006f12ec34b035b1dee1c56b31",
|
||
|
"pattern": "[file:hashes.SHA256 = '57596c67a356a0bdf87c870118b8ccabe736438f1ae996e0cd15930364ebf52b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762292-9ef8-425d-8eb6-434602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:10.000Z",
|
||
|
"modified": "2016-07-01T07:58:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 26f8d64038439c006f12ec34b035b1dee1c56b31",
|
||
|
"pattern": "[file:hashes.MD5 = '92d20e0db31b7fa027ba209db3f3fd8a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762292-efa8-4b11-bcc6-4a4602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:10.000Z",
|
||
|
"modified": "2016-07-01T07:58:10.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:10Z",
|
||
|
"last_observed": "2016-07-01T07:58:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762292-efa8-4b11-bcc6-4a4602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762292-efa8-4b11-bcc6-4a4602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/57596c67a356a0bdf87c870118b8ccabe736438f1ae996e0cd15930364ebf52b/analysis/1438623250/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762292-e328-4036-baec-458602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:10.000Z",
|
||
|
"modified": "2016-07-01T07:58:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 23d5cc54641f56f554890bbd55d580e5c564e197",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f45ed67db1e2456b4bd578c0fe79dfcb861ef324d2801294eec304d0ea35dfad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762292-1bf8-4603-a54d-4afb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:10.000Z",
|
||
|
"modified": "2016-07-01T07:58:10.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 23d5cc54641f56f554890bbd55d580e5c564e197",
|
||
|
"pattern": "[file:hashes.MD5 = '8a35e0166c3b6c87b97710d42cf8327e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762292-8404-4fd0-9785-484902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:10.000Z",
|
||
|
"modified": "2016-07-01T07:58:10.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:10Z",
|
||
|
"last_observed": "2016-07-01T07:58:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762292-8404-4fd0-9785-484902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762292-8404-4fd0-9785-484902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f45ed67db1e2456b4bd578c0fe79dfcb861ef324d2801294eec304d0ea35dfad/analysis/1441637781/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762293-0644-493d-8d06-411a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:11.000Z",
|
||
|
"modified": "2016-07-01T07:58:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 1e49924afe56e3c782893118a51256ca5f247fba",
|
||
|
"pattern": "[file:hashes.SHA256 = 'bb7f0c896fc064b646b45c8b716b82c999489e94ce8d7f07422b8fc2c2e9bd3b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762293-4a58-41dd-94d6-48ab02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:11.000Z",
|
||
|
"modified": "2016-07-01T07:58:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 1e49924afe56e3c782893118a51256ca5f247fba",
|
||
|
"pattern": "[file:hashes.MD5 = '45da38dcd484a6a307c80e7fa1646316']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762293-e8dc-4ae2-8126-422a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:11.000Z",
|
||
|
"modified": "2016-07-01T07:58:11.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:11Z",
|
||
|
"last_observed": "2016-07-01T07:58:11Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762293-e8dc-4ae2-8126-422a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762293-e8dc-4ae2-8126-422a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/bb7f0c896fc064b646b45c8b716b82c999489e94ce8d7f07422b8fc2c2e9bd3b/analysis/1438077872/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762293-a900-4961-9418-4dd302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:11.000Z",
|
||
|
"modified": "2016-07-01T07:58:11.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 1ae10d6ec5d33b704c32ef52c3ee9671f4298d5f",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd6d6da604eab153b6495978deb8b04b68695155a90d92d08ded45c530ebb90ee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762294-4e9c-429d-bb8a-492c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:12.000Z",
|
||
|
"modified": "2016-07-01T07:58:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 1ae10d6ec5d33b704c32ef52c3ee9671f4298d5f",
|
||
|
"pattern": "[file:hashes.MD5 = 'cc1335d3e5bf654c9048b2c0339e2f10']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762294-7764-4af5-aac1-469502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:12.000Z",
|
||
|
"modified": "2016-07-01T07:58:12.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:12Z",
|
||
|
"last_observed": "2016-07-01T07:58:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762294-7764-4af5-aac1-469502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762294-7764-4af5-aac1-469502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d6d6da604eab153b6495978deb8b04b68695155a90d92d08ded45c530ebb90ee/analysis/1438623251/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762294-0e3c-480e-b660-4bf002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:12.000Z",
|
||
|
"modified": "2016-07-01T07:58:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 14b6f2bc2b869d3417619201c7205e240a93d2ef",
|
||
|
"pattern": "[file:hashes.SHA256 = '54e32ff2917322b52b7ad8fdda2c478f116c434c42e557edbad7cf34652ac674']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762294-b618-44cf-beae-421202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:12.000Z",
|
||
|
"modified": "2016-07-01T07:58:12.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 14b6f2bc2b869d3417619201c7205e240a93d2ef",
|
||
|
"pattern": "[file:hashes.MD5 = 'f44012eb98bb024a1bc872e2fc653cd3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762294-9dc4-4d2f-8d84-444302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:12.000Z",
|
||
|
"modified": "2016-07-01T07:58:12.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:12Z",
|
||
|
"last_observed": "2016-07-01T07:58:12Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762294-9dc4-4d2f-8d84-444302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762294-9dc4-4d2f-8d84-444302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/54e32ff2917322b52b7ad8fdda2c478f116c434c42e557edbad7cf34652ac674/analysis/1438623256/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762295-1530-4722-902f-4a2e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:13.000Z",
|
||
|
"modified": "2016-07-01T07:58:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 0a9dd2b71df68ba088d7d868d7e191875755e34c",
|
||
|
"pattern": "[file:hashes.SHA256 = '86d09d8b4fb86c62da6f543771f37ff2a5c35cbad4c3f7be18f72725348e4673']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762295-cb38-4486-bdd0-482e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:13.000Z",
|
||
|
"modified": "2016-07-01T07:58:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 0a9dd2b71df68ba088d7d868d7e191875755e34c",
|
||
|
"pattern": "[file:hashes.MD5 = '10841f9d4d7aea6ff4c283ddf473b1a1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762295-8e94-4a2e-9823-4f5302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:13.000Z",
|
||
|
"modified": "2016-07-01T07:58:13.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:13Z",
|
||
|
"last_observed": "2016-07-01T07:58:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762295-8e94-4a2e-9823-4f5302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762295-8e94-4a2e-9823-4f5302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/86d09d8b4fb86c62da6f543771f37ff2a5c35cbad4c3f7be18f72725348e4673/analysis/1466600982/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762295-e5bc-45d0-8efc-411202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:13.000Z",
|
||
|
"modified": "2016-07-01T07:58:13.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 09df1b0abd32791c3b0d5d657cd956f81e2dacb2",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ec38b6675f668d57949d0dc9afbc3a277552bcdc9028fef8470e1d34c2c17f97']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762296-f9b0-4afe-91fe-404b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:14.000Z",
|
||
|
"modified": "2016-07-01T07:58:14.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 09df1b0abd32791c3b0d5d657cd956f81e2dacb2",
|
||
|
"pattern": "[file:hashes.MD5 = '73550843b2e7be064ada076e7f4189e5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762296-8bf4-44f7-801f-46f102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:14.000Z",
|
||
|
"modified": "2016-07-01T07:58:14.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:14Z",
|
||
|
"last_observed": "2016-07-01T07:58:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762296-8bf4-44f7-801f-46f102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762296-8bf4-44f7-801f-46f102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/ec38b6675f668d57949d0dc9afbc3a277552bcdc9028fef8470e1d34c2c17f97/analysis/1438623250/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762296-99b4-4a45-9414-49ac02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:14.000Z",
|
||
|
"modified": "2016-07-01T07:58:14.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 01e2e16be5828ca03c6b78f253bd962bfaa5ccbf",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f4cbd70b50ff46f1878632d56070295316b1dc5f3882f17f3b0394ba2ac8027f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762296-f3a8-497e-a278-417c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:14.000Z",
|
||
|
"modified": "2016-07-01T07:58:14.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 01e2e16be5828ca03c6b78f253bd962bfaa5ccbf",
|
||
|
"pattern": "[file:hashes.MD5 = '2579e64c22a943faa14e3a66dc3e88c4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762296-88e8-48ed-9edf-422c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:14.000Z",
|
||
|
"modified": "2016-07-01T07:58:14.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:14Z",
|
||
|
"last_observed": "2016-07-01T07:58:14Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762296-88e8-48ed-9edf-422c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762296-88e8-48ed-9edf-422c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f4cbd70b50ff46f1878632d56070295316b1dc5f3882f17f3b0394ba2ac8027f/analysis/1444741429/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762297-0bb0-4d29-b8e8-488402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:15.000Z",
|
||
|
"modified": "2016-07-01T07:58:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: fbd538cf432f2576b37e2770f860b70b009c3cf3",
|
||
|
"pattern": "[file:hashes.SHA256 = '56a8988874be403cc71d2fc1bd6e8a120372d12cac878ad0d10aef4e22158d17']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762297-8194-4b7e-a919-4d1602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:15.000Z",
|
||
|
"modified": "2016-07-01T07:58:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: fbd538cf432f2576b37e2770f860b70b009c3cf3",
|
||
|
"pattern": "[file:hashes.MD5 = '098263828bbcf56859bb7a6fe27c6d64']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762297-fb08-4b5e-ab26-41e602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:15.000Z",
|
||
|
"modified": "2016-07-01T07:58:15.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:15Z",
|
||
|
"last_observed": "2016-07-01T07:58:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762297-fb08-4b5e-ab26-41e602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762297-fb08-4b5e-ab26-41e602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/56a8988874be403cc71d2fc1bd6e8a120372d12cac878ad0d10aef4e22158d17/analysis/1464085090/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762297-4584-44d3-a6a8-49c502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:15.000Z",
|
||
|
"modified": "2016-07-01T07:58:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: f9af4a51616db485adc577ad600b60e77916cace",
|
||
|
"pattern": "[file:hashes.SHA256 = 'db92444e7ee18777bec85672ddbb6f781577a0f69d28e0959e70602df75cdeae']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762297-47f0-403e-a803-41d402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:15.000Z",
|
||
|
"modified": "2016-07-01T07:58:15.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: f9af4a51616db485adc577ad600b60e77916cace",
|
||
|
"pattern": "[file:hashes.MD5 = '9a971198d8fb325f5a023cb7e207836d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762297-3168-40bd-90fc-4c1202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:15.000Z",
|
||
|
"modified": "2016-07-01T07:58:15.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:15Z",
|
||
|
"last_observed": "2016-07-01T07:58:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762297-3168-40bd-90fc-4c1202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762297-3168-40bd-90fc-4c1202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/db92444e7ee18777bec85672ddbb6f781577a0f69d28e0959e70602df75cdeae/analysis/1464085088/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762298-5a88-4ea0-991e-40c802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:16.000Z",
|
||
|
"modified": "2016-07-01T07:58:16.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eea9fec97dca5d122069adf6dd71628bd6d9c2fd",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f488171a57a3ec74cac3f0e7298b45821c972430a7b8a6146e5abc4914bf2dfb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762298-fb5c-4d53-9311-41a602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:16.000Z",
|
||
|
"modified": "2016-07-01T07:58:16.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eea9fec97dca5d122069adf6dd71628bd6d9c2fd",
|
||
|
"pattern": "[file:hashes.MD5 = 'b976b82b978f687f324619583c61a916']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762298-ed28-41e0-9411-41d202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:16.000Z",
|
||
|
"modified": "2016-07-01T07:58:16.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:16Z",
|
||
|
"last_observed": "2016-07-01T07:58:16Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762298-ed28-41e0-9411-41d202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762298-ed28-41e0-9411-41d202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f488171a57a3ec74cac3f0e7298b45821c972430a7b8a6146e5abc4914bf2dfb/analysis/1465917855/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762298-c554-48d1-87b3-48cf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:16.000Z",
|
||
|
"modified": "2016-07-01T07:58:16.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: edf96c42f4e1cf43fbaab3f0bbf54280fc8e311d",
|
||
|
"pattern": "[file:hashes.SHA256 = '848e78c1a64d4a8ba825147a652e6ed4e17d4475336636588724027a0aed721c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762298-bdd0-4637-a45c-4c5e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:16.000Z",
|
||
|
"modified": "2016-07-01T07:58:16.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: edf96c42f4e1cf43fbaab3f0bbf54280fc8e311d",
|
||
|
"pattern": "[file:hashes.MD5 = '62dcad5e29245c49f6de790b7a72f8eb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762299-7910-4b64-8778-47d302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:17.000Z",
|
||
|
"modified": "2016-07-01T07:58:17.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:17Z",
|
||
|
"last_observed": "2016-07-01T07:58:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762299-7910-4b64-8778-47d302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762299-7910-4b64-8778-47d302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/848e78c1a64d4a8ba825147a652e6ed4e17d4475336636588724027a0aed721c/analysis/1465917771/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762299-a51c-4cde-86f0-4ba002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:17.000Z",
|
||
|
"modified": "2016-07-01T07:58:17.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ede8ec9f3efeb515859becd1f430f82933b42dd9",
|
||
|
"pattern": "[file:hashes.SHA256 = '1552a55c4905879cfb9efec2d00ce596ecceb67a545711079d4fe0918feef3d2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57762299-d8a4-4f9a-b985-4e0202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:17.000Z",
|
||
|
"modified": "2016-07-01T07:58:17.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ede8ec9f3efeb515859becd1f430f82933b42dd9",
|
||
|
"pattern": "[file:hashes.MD5 = '10843b580239b20aabcb8263d2af8121']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--57762299-5eb8-4e84-a698-434002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:17.000Z",
|
||
|
"modified": "2016-07-01T07:58:17.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:17Z",
|
||
|
"last_observed": "2016-07-01T07:58:17Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--57762299-5eb8-4e84-a698-434002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--57762299-5eb8-4e84-a698-434002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1552a55c4905879cfb9efec2d00ce596ecceb67a545711079d4fe0918feef3d2/analysis/1465917852/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229a-b640-495f-af5b-432f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:18.000Z",
|
||
|
"modified": "2016-07-01T07:58:18.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eb1b83825ff28de7f13812bfce273ad7fb1994fb",
|
||
|
"pattern": "[file:hashes.SHA256 = 'f5e0a02e20a56576ee78b3cea09e802674809eead1ba31aa5fa8735745b39640']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229a-dfcc-4bc0-a424-44d702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:18.000Z",
|
||
|
"modified": "2016-07-01T07:58:18.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eb1b83825ff28de7f13812bfce273ad7fb1994fb",
|
||
|
"pattern": "[file:hashes.MD5 = 'ff69f814eef72539dc3d3d9eaabea93d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229a-dbdc-4da9-96a1-471702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:18.000Z",
|
||
|
"modified": "2016-07-01T07:58:18.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:18Z",
|
||
|
"last_observed": "2016-07-01T07:58:18Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229a-dbdc-4da9-96a1-471702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229a-dbdc-4da9-96a1-471702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/f5e0a02e20a56576ee78b3cea09e802674809eead1ba31aa5fa8735745b39640/analysis/1465917808/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229a-3348-43fb-bc46-402202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:18.000Z",
|
||
|
"modified": "2016-07-01T07:58:18.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eb0f02e36e77221366becabc60e78dd43368ab9d",
|
||
|
"pattern": "[file:hashes.SHA256 = '7294a58803953318d11680980a50161ed3fffb4bb9901d14e9865815940187ba']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229a-d984-40f8-a8f1-474f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:18.000Z",
|
||
|
"modified": "2016-07-01T07:58:18.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eb0f02e36e77221366becabc60e78dd43368ab9d",
|
||
|
"pattern": "[file:hashes.MD5 = 'b8a820d6d075f54a573f57281e65a81b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229b-6ed8-487f-84fb-4e4302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:19.000Z",
|
||
|
"modified": "2016-07-01T07:58:19.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:19Z",
|
||
|
"last_observed": "2016-07-01T07:58:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229b-6ed8-487f-84fb-4e4302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229b-6ed8-487f-84fb-4e4302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7294a58803953318d11680980a50161ed3fffb4bb9901d14e9865815940187ba/analysis/1462872124/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229b-50e0-46cc-8866-47fe02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:19.000Z",
|
||
|
"modified": "2016-07-01T07:58:19.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eacadedc31af04ef86470aec62ad3eccc9a35332",
|
||
|
"pattern": "[file:hashes.SHA256 = '7c4a61d1772a5f862b935f7a8d51e7ca0f725844ee631591ad7531fef3f616cf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229b-4738-4db9-81b1-43b702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:19.000Z",
|
||
|
"modified": "2016-07-01T07:58:19.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: eacadedc31af04ef86470aec62ad3eccc9a35332",
|
||
|
"pattern": "[file:hashes.MD5 = '2831e6e87275feb0713a3a39b23e95c5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229b-2884-4028-9dc1-4e9202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:19.000Z",
|
||
|
"modified": "2016-07-01T07:58:19.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:19Z",
|
||
|
"last_observed": "2016-07-01T07:58:19Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229b-2884-4028-9dc1-4e9202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229b-2884-4028-9dc1-4e9202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7c4a61d1772a5f862b935f7a8d51e7ca0f725844ee631591ad7531fef3f616cf/analysis/1466691830/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229b-f830-4870-81eb-457502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:19.000Z",
|
||
|
"modified": "2016-07-01T07:58:19.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: e20b0f03f6708118bca9f408b156b210ba083b54",
|
||
|
"pattern": "[file:hashes.SHA256 = 'fde6d7924bf8856a60ad275ae642eea65f5daa873ab318f73850b2afe03303c7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229c-5958-4aaf-b11c-474f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:20.000Z",
|
||
|
"modified": "2016-07-01T07:58:20.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: e20b0f03f6708118bca9f408b156b210ba083b54",
|
||
|
"pattern": "[file:hashes.MD5 = '197e9f33a45ea9ce685eb911f5e4a292']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229c-c038-4614-9bd1-4ee102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:20.000Z",
|
||
|
"modified": "2016-07-01T07:58:20.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:20Z",
|
||
|
"last_observed": "2016-07-01T07:58:20Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229c-c038-4614-9bd1-4ee102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229c-c038-4614-9bd1-4ee102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fde6d7924bf8856a60ad275ae642eea65f5daa873ab318f73850b2afe03303c7/analysis/1465917854/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229c-9330-46f6-8f0d-4f3902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:20.000Z",
|
||
|
"modified": "2016-07-01T07:58:20.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d83d7de186fa6c7abe4676eb568ba4dc62a7c931",
|
||
|
"pattern": "[file:hashes.SHA256 = '02f04db8341b9dc3bd153a458071bbe4af5c932078476d510b3097bcc3f0b0f8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229c-4a3c-4ff1-b1ba-43b702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:20.000Z",
|
||
|
"modified": "2016-07-01T07:58:20.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d83d7de186fa6c7abe4676eb568ba4dc62a7c931",
|
||
|
"pattern": "[file:hashes.MD5 = 'e83f70834c027ae38a6db74e6ce6b8a5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229d-85cc-47f6-b608-4d6002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:21.000Z",
|
||
|
"modified": "2016-07-01T07:58:21.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:21Z",
|
||
|
"last_observed": "2016-07-01T07:58:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229d-85cc-47f6-b608-4d6002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229d-85cc-47f6-b608-4d6002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/02f04db8341b9dc3bd153a458071bbe4af5c932078476d510b3097bcc3f0b0f8/analysis/1465917840/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229d-b6b4-40f1-b649-447402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:21.000Z",
|
||
|
"modified": "2016-07-01T07:58:21.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d80d5ccb9d37d971a408d3c91f803e40b8421a2c",
|
||
|
"pattern": "[file:hashes.SHA256 = '4570b891fc955f191354f134b17ee22df7025b39dbf9f8150f4f985b5c53cae6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229d-c510-4721-8b4f-482102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:21.000Z",
|
||
|
"modified": "2016-07-01T07:58:21.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: d80d5ccb9d37d971a408d3c91f803e40b8421a2c",
|
||
|
"pattern": "[file:hashes.MD5 = '984d0a7ab1233cf650501347f98aa36d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229d-9fc0-4024-9c61-444a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:21.000Z",
|
||
|
"modified": "2016-07-01T07:58:21.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:21Z",
|
||
|
"last_observed": "2016-07-01T07:58:21Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229d-9fc0-4024-9c61-444a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229d-9fc0-4024-9c61-444a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4570b891fc955f191354f134b17ee22df7025b39dbf9f8150f4f985b5c53cae6/analysis/1465917811/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229d-9d30-4d79-beb5-4ba802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:21.000Z",
|
||
|
"modified": "2016-07-01T07:58:21.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ce234ed0899c8f97e3f2085215b842723a773368",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd532fc4971137c765640e5ceacd1c64c0e003e01c89b8fc4dec532bf2721eee4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229e-c16c-4c0c-94a7-446202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:22.000Z",
|
||
|
"modified": "2016-07-01T07:58:22.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: ce234ed0899c8f97e3f2085215b842723a773368",
|
||
|
"pattern": "[file:hashes.MD5 = 'd6a7c4040154a70433bab41bf4fdb2d5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229e-6860-4cce-b0f6-451b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:22.000Z",
|
||
|
"modified": "2016-07-01T07:58:22.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:22Z",
|
||
|
"last_observed": "2016-07-01T07:58:22Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229e-6860-4cce-b0f6-451b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229e-6860-4cce-b0f6-451b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d532fc4971137c765640e5ceacd1c64c0e003e01c89b8fc4dec532bf2721eee4/analysis/1465917856/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229e-5894-4081-8e42-4a8c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:22.000Z",
|
||
|
"modified": "2016-07-01T07:58:22.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c9b1208be2aa2c5cfbcbfcb9b1a45c36854414b8",
|
||
|
"pattern": "[file:hashes.SHA256 = '84339e1c2922e0742e04573546844151fee8d88e39adcbf6838efa63b6124dda']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229e-478c-4095-9492-475002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:22.000Z",
|
||
|
"modified": "2016-07-01T07:58:22.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c9b1208be2aa2c5cfbcbfcb9b1a45c36854414b8",
|
||
|
"pattern": "[file:hashes.MD5 = 'ecb64638c287b3b99ce24bf58770f28a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229e-dc40-47a3-8291-4d1702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:22.000Z",
|
||
|
"modified": "2016-07-01T07:58:22.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:22Z",
|
||
|
"last_observed": "2016-07-01T07:58:22Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229e-dc40-47a3-8291-4d1702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229e-dc40-47a3-8291-4d1702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/84339e1c2922e0742e04573546844151fee8d88e39adcbf6838efa63b6124dda/analysis/1464689979/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229f-6160-4b1c-8cb0-408e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:23.000Z",
|
||
|
"modified": "2016-07-01T07:58:23.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c5166d1a574bc5e374490846f2584f94f755d90b",
|
||
|
"pattern": "[file:hashes.SHA256 = 'fe4b28afb3b05533ed4637eba53a8103946c44bdf197350a0782bba4cf3ab308']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229f-2f60-4722-a200-4c6e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:23.000Z",
|
||
|
"modified": "2016-07-01T07:58:23.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c5166d1a574bc5e374490846f2584f94f755d90b",
|
||
|
"pattern": "[file:hashes.MD5 = '74d6230b3dac4f8d71b0e326b428f09d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5776229f-4f60-457d-9f45-4d3c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:23.000Z",
|
||
|
"modified": "2016-07-01T07:58:23.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:23Z",
|
||
|
"last_observed": "2016-07-01T07:58:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5776229f-4f60-457d-9f45-4d3c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5776229f-4f60-457d-9f45-4d3c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fe4b28afb3b05533ed4637eba53a8103946c44bdf197350a0782bba4cf3ab308/analysis/1467032247/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5776229f-c8c0-4170-b8c4-424b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:23.000Z",
|
||
|
"modified": "2016-07-01T07:58:23.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c4b06021c6c925c837dab3ba42c6b76eb77ad30b",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a85a3683f73daa7ee3b8df649a753c95b7726424ca9c52c106f186867c065b0e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a0-3b24-4f43-bca8-418702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:24.000Z",
|
||
|
"modified": "2016-07-01T07:58:24.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c4b06021c6c925c837dab3ba42c6b76eb77ad30b",
|
||
|
"pattern": "[file:hashes.MD5 = 'eeadfdc189c028fe94f734d733a3f57c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a0-5650-43bd-8108-47d702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:24.000Z",
|
||
|
"modified": "2016-07-01T07:58:24.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:24Z",
|
||
|
"last_observed": "2016-07-01T07:58:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a0-5650-43bd-8108-47d702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a0-5650-43bd-8108-47d702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a85a3683f73daa7ee3b8df649a753c95b7726424ca9c52c106f186867c065b0e/analysis/1464287522/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a0-588c-449d-9e05-487202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:24.000Z",
|
||
|
"modified": "2016-07-01T07:58:24.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c340534b8eafed85fc6e9950033b0b9e696d5cb0",
|
||
|
"pattern": "[file:hashes.SHA256 = '0a4dea7c273fc70a41cdfce88502bde4f939b55c6b18e2a4ee09294c4f2ddc4a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a0-5ba4-47d8-b395-44e902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:24.000Z",
|
||
|
"modified": "2016-07-01T07:58:24.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: c340534b8eafed85fc6e9950033b0b9e696d5cb0",
|
||
|
"pattern": "[file:hashes.MD5 = 'ed6ffcca5b7986bc7711ce5c75fc23b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a0-410c-4f1c-ab79-438802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:24.000Z",
|
||
|
"modified": "2016-07-01T07:58:24.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:24Z",
|
||
|
"last_observed": "2016-07-01T07:58:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a0-410c-4f1c-ab79-438802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a0-410c-4f1c-ab79-438802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0a4dea7c273fc70a41cdfce88502bde4f939b55c6b18e2a4ee09294c4f2ddc4a/analysis/1465917666/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a1-9d44-423d-ac0c-4d1602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:25.000Z",
|
||
|
"modified": "2016-07-01T07:58:25.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b84ef6480d888b560b071e1f97e78f06080dae89",
|
||
|
"pattern": "[file:hashes.SHA256 = '0cedf55e022b16c4faea40bf550ebacdd32f2b5d04193e30ad6cf6de306ac21c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a1-7968-49c1-9318-4a5c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:25.000Z",
|
||
|
"modified": "2016-07-01T07:58:25.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b84ef6480d888b560b071e1f97e78f06080dae89",
|
||
|
"pattern": "[file:hashes.MD5 = 'b2605bd5a0c2fdb453d6301d96230267']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a1-3568-4c4b-8cbe-4b8c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:25.000Z",
|
||
|
"modified": "2016-07-01T07:58:25.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:25Z",
|
||
|
"last_observed": "2016-07-01T07:58:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a1-3568-4c4b-8cbe-4b8c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a1-3568-4c4b-8cbe-4b8c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0cedf55e022b16c4faea40bf550ebacdd32f2b5d04193e30ad6cf6de306ac21c/analysis/1465917804/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a1-b1f8-4299-b4c3-435702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:25.000Z",
|
||
|
"modified": "2016-07-01T07:58:25.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b55dac24f646dd5e0ea856d6ed7891ad8c8acdc1",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a049ec0773f3434da54ec5f0543efc7818b797895d4c41aaaf454d464807020b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a2-393c-440f-b507-4cc802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:26.000Z",
|
||
|
"modified": "2016-07-01T07:58:26.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b55dac24f646dd5e0ea856d6ed7891ad8c8acdc1",
|
||
|
"pattern": "[file:hashes.MD5 = '945af7344cbbc06090abe00b6dba0a16']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a2-7ab0-4466-840b-43ca02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:26.000Z",
|
||
|
"modified": "2016-07-01T07:58:26.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:26Z",
|
||
|
"last_observed": "2016-07-01T07:58:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a2-7ab0-4466-840b-43ca02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a2-7ab0-4466-840b-43ca02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a049ec0773f3434da54ec5f0543efc7818b797895d4c41aaaf454d464807020b/analysis/1465917763/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a2-0328-493e-b171-4b1002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:26.000Z",
|
||
|
"modified": "2016-07-01T07:58:26.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b4afc5e0002201ce052466cba9061018474b1de0",
|
||
|
"pattern": "[file:hashes.SHA256 = '982d388476f84b48a2dbc1934fd67b89a927508d2597211e1c7180999132835c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a2-b378-4dde-b38c-476d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:26.000Z",
|
||
|
"modified": "2016-07-01T07:58:26.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b4afc5e0002201ce052466cba9061018474b1de0",
|
||
|
"pattern": "[file:hashes.MD5 = '693baba1c2100df93803c96fc98faf44']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a2-efd8-4221-ad51-40bd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:26.000Z",
|
||
|
"modified": "2016-07-01T07:58:26.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:26Z",
|
||
|
"last_observed": "2016-07-01T07:58:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a2-efd8-4221-ad51-40bd02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a2-efd8-4221-ad51-40bd02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/982d388476f84b48a2dbc1934fd67b89a927508d2597211e1c7180999132835c/analysis/1465917844/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a3-4ea8-4b56-a320-457902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:27.000Z",
|
||
|
"modified": "2016-07-01T07:58:27.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b2700f16e4494ef7eba26b88a800728621adffea",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c30afd3c20fc1dc512f7a6f27cceac5ba131d560fc3b4469ad88ecea0793a31c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a3-f844-4c8e-ba22-4a2a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:27.000Z",
|
||
|
"modified": "2016-07-01T07:58:27.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: b2700f16e4494ef7eba26b88a800728621adffea",
|
||
|
"pattern": "[file:hashes.MD5 = '6f2cf323019ea29390140fe09efd5732']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a3-5208-4ea4-94db-42b302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:27.000Z",
|
||
|
"modified": "2016-07-01T07:58:27.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:27Z",
|
||
|
"last_observed": "2016-07-01T07:58:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a3-5208-4ea4-94db-42b302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a3-5208-4ea4-94db-42b302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c30afd3c20fc1dc512f7a6f27cceac5ba131d560fc3b4469ad88ecea0793a31c/analysis/1465917809/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a3-fa50-4e64-a160-42e102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:27.000Z",
|
||
|
"modified": "2016-07-01T07:58:27.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: aecf66120861b71c92a2d1f0015fc9228c02ee88",
|
||
|
"pattern": "[file:hashes.SHA256 = '195b415a7f3d60c4cb04543acf2e374d6b63844514f150c2ee7b7c31bba4d1f6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a3-f3c0-4c2f-a75f-494d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:27.000Z",
|
||
|
"modified": "2016-07-01T07:58:27.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: aecf66120861b71c92a2d1f0015fc9228c02ee88",
|
||
|
"pattern": "[file:hashes.MD5 = 'c867fd6d0dd0b31a3181a299235245c5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a4-6ac8-4611-a7cb-497302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:28.000Z",
|
||
|
"modified": "2016-07-01T07:58:28.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:28Z",
|
||
|
"last_observed": "2016-07-01T07:58:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a4-6ac8-4611-a7cb-497302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a4-6ac8-4611-a7cb-497302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/195b415a7f3d60c4cb04543acf2e374d6b63844514f150c2ee7b7c31bba4d1f6/analysis/1465917783/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a4-9fe8-41f6-9c4e-47e802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:28.000Z",
|
||
|
"modified": "2016-07-01T07:58:28.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: acc2250be782063f268b87bd0f798549c5838b95",
|
||
|
"pattern": "[file:hashes.SHA256 = '088b42edbf55247a6c5c80d1744bf94f4aa1753a3ae1bcddb5d5328d6850ffad']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a4-0d5c-4d5c-b136-4d2402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:28.000Z",
|
||
|
"modified": "2016-07-01T07:58:28.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: acc2250be782063f268b87bd0f798549c5838b95",
|
||
|
"pattern": "[file:hashes.MD5 = '1b74b14fd21dea539fe35f435908800e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a4-28b8-4072-b389-489602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:28.000Z",
|
||
|
"modified": "2016-07-01T07:58:28.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:28Z",
|
||
|
"last_observed": "2016-07-01T07:58:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a4-28b8-4072-b389-489602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a4-28b8-4072-b389-489602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/088b42edbf55247a6c5c80d1744bf94f4aa1753a3ae1bcddb5d5328d6850ffad/analysis/1465904188/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a4-14d8-4a6b-8835-4f8902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:28.000Z",
|
||
|
"modified": "2016-07-01T07:58:28.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a9239572afe4fbdfe077a262c9699eb1d22a9c87",
|
||
|
"pattern": "[file:hashes.SHA256 = '7dfc9d6f073fd02e2b15753b8381a62cb24ea5bc54484e778ade52e5e6c7f3b4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a5-3d30-4570-b749-447802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:29.000Z",
|
||
|
"modified": "2016-07-01T07:58:29.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a9239572afe4fbdfe077a262c9699eb1d22a9c87",
|
||
|
"pattern": "[file:hashes.MD5 = '16bf086b5206ae84a286b5526f340cdd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a5-2ea8-41d6-bc61-432a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:29.000Z",
|
||
|
"modified": "2016-07-01T07:58:29.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:29Z",
|
||
|
"last_observed": "2016-07-01T07:58:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a5-2ea8-41d6-bc61-432a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a5-2ea8-41d6-bc61-432a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/7dfc9d6f073fd02e2b15753b8381a62cb24ea5bc54484e778ade52e5e6c7f3b4/analysis/1463376439/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a5-f948-4a8c-975f-48d602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:29.000Z",
|
||
|
"modified": "2016-07-01T07:58:29.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a5359856742d09d1596e5c7fde407856d72046db",
|
||
|
"pattern": "[file:hashes.SHA256 = '05c445dfd87d78c117d727b355a60e754fb94c5c36e12037c61324c07a17418a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a5-34f0-4333-b5f6-484602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:29.000Z",
|
||
|
"modified": "2016-07-01T07:58:29.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: a5359856742d09d1596e5c7fde407856d72046db",
|
||
|
"pattern": "[file:hashes.MD5 = '464df4a43d5c816a70eac3030ff3eb9d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a6-27d4-4740-a7f9-42c602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:30.000Z",
|
||
|
"modified": "2016-07-01T07:58:30.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:30Z",
|
||
|
"last_observed": "2016-07-01T07:58:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a6-27d4-4740-a7f9-42c602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a6-27d4-4740-a7f9-42c602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/05c445dfd87d78c117d727b355a60e754fb94c5c36e12037c61324c07a17418a/analysis/1465917781/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a6-3da8-4f76-87ff-4e1702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:30.000Z",
|
||
|
"modified": "2016-07-01T07:58:30.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8d40a65a2bca1378eb6e009c1842aa0e45ae289e",
|
||
|
"pattern": "[file:hashes.SHA256 = '3eb37ef5395caca801e00c3f0dec8718259996eca538ddab81b363ff50e0923e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a6-e14c-4430-a097-418d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:30.000Z",
|
||
|
"modified": "2016-07-01T07:58:30.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8d40a65a2bca1378eb6e009c1842aa0e45ae289e",
|
||
|
"pattern": "[file:hashes.MD5 = 'c3ed581088415c35c99ba0644a1069f6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a6-5060-4860-b2a1-4aa302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:30.000Z",
|
||
|
"modified": "2016-07-01T07:58:30.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:30Z",
|
||
|
"last_observed": "2016-07-01T07:58:30Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a6-5060-4860-b2a1-4aa302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a6-5060-4860-b2a1-4aa302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3eb37ef5395caca801e00c3f0dec8718259996eca538ddab81b363ff50e0923e/analysis/1464085093/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a6-a5d0-49e9-8fc9-467a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:30.000Z",
|
||
|
"modified": "2016-07-01T07:58:30.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8c4dd73cdd48908ddf5039c5a99e719dfd44ff41",
|
||
|
"pattern": "[file:hashes.SHA256 = '547ac6f9278454a3960f1e7529e7096d38a2e86e3e7a6b43d1926fb3ba6bd34d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a7-82a0-4d36-ab26-436e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:31.000Z",
|
||
|
"modified": "2016-07-01T07:58:31.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 8c4dd73cdd48908ddf5039c5a99e719dfd44ff41",
|
||
|
"pattern": "[file:hashes.MD5 = '5b4e1816c3e23e2b521a7199d4e7175c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a7-6570-4503-bbd7-40e802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:31.000Z",
|
||
|
"modified": "2016-07-01T07:58:31.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:31Z",
|
||
|
"last_observed": "2016-07-01T07:58:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a7-6570-4503-bbd7-40e802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a7-6570-4503-bbd7-40e802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/547ac6f9278454a3960f1e7529e7096d38a2e86e3e7a6b43d1926fb3ba6bd34d/analysis/1465917777/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a7-8f3c-4248-997c-47b002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:31.000Z",
|
||
|
"modified": "2016-07-01T07:58:31.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 88fd1ee6fb78385a1c5e462dd0768bc34b8188a3",
|
||
|
"pattern": "[file:hashes.SHA256 = '39181696e1cca1abe15b313441f32fd109aebf7e47e7532896e70dc07b3da73b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a7-f718-499b-b46b-4bc702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:31.000Z",
|
||
|
"modified": "2016-07-01T07:58:31.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 88fd1ee6fb78385a1c5e462dd0768bc34b8188a3",
|
||
|
"pattern": "[file:hashes.MD5 = '659eac660fa72e8d7a0aa5700d4a1263']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a7-58e8-4406-9c95-4b9402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:31.000Z",
|
||
|
"modified": "2016-07-01T07:58:31.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:31Z",
|
||
|
"last_observed": "2016-07-01T07:58:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a7-58e8-4406-9c95-4b9402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a7-58e8-4406-9c95-4b9402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/39181696e1cca1abe15b313441f32fd109aebf7e47e7532896e70dc07b3da73b/analysis/1465917693/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a8-0edc-47a2-81b9-4a7f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:32.000Z",
|
||
|
"modified": "2016-07-01T07:58:32.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 88af035dc34f730c884b5a11c8be666974a1a6eb",
|
||
|
"pattern": "[file:hashes.SHA256 = '32466c21805d48c89c6a7f0b52cb7feb337a9dc134bf00f210cb573bbfa62c81']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a8-b08c-42d4-9cf6-4ab502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:32.000Z",
|
||
|
"modified": "2016-07-01T07:58:32.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 88af035dc34f730c884b5a11c8be666974a1a6eb",
|
||
|
"pattern": "[file:hashes.MD5 = 'a3b04c7f9f7c628aec09fa18e1473595']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a8-5a54-49f2-af0a-4cb602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:32.000Z",
|
||
|
"modified": "2016-07-01T07:58:32.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:32Z",
|
||
|
"last_observed": "2016-07-01T07:58:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a8-5a54-49f2-af0a-4cb602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a8-5a54-49f2-af0a-4cb602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/32466c21805d48c89c6a7f0b52cb7feb337a9dc134bf00f210cb573bbfa62c81/analysis/1464689967/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a8-1fcc-4890-96cd-4b7802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:32.000Z",
|
||
|
"modified": "2016-07-01T07:58:32.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 85c03c6fa5e3803e55a46f17d6981992181de57b",
|
||
|
"pattern": "[file:hashes.SHA256 = '25bce963e0bd5837e72d6a0b5bedd1340a72bbc72f54a69c9655d7a140f21223']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a9-8164-49c0-a961-427d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:33.000Z",
|
||
|
"modified": "2016-07-01T07:58:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 85c03c6fa5e3803e55a46f17d6981992181de57b",
|
||
|
"pattern": "[file:hashes.MD5 = '7915d8b07e20e10d0975ee10c6d735d4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a9-db84-4384-bbc3-48b202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:33.000Z",
|
||
|
"modified": "2016-07-01T07:58:33.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:33Z",
|
||
|
"last_observed": "2016-07-01T07:58:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a9-db84-4384-bbc3-48b202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a9-db84-4384-bbc3-48b202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/25bce963e0bd5837e72d6a0b5bedd1340a72bbc72f54a69c9655d7a140f21223/analysis/1465917843/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a9-4bf0-42a0-8f1a-4da502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:33.000Z",
|
||
|
"modified": "2016-07-01T07:58:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 852dc73ca9e6d92b3da96500d27ab44b7f9a4ea4",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e7fe700f61fa77780f7381a5fb353f14be50deac2e3f5034abbd0925df8d7d0e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622a9-5588-4de3-98b9-40cf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:33.000Z",
|
||
|
"modified": "2016-07-01T07:58:33.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 852dc73ca9e6d92b3da96500d27ab44b7f9a4ea4",
|
||
|
"pattern": "[file:hashes.MD5 = '19fe8b4fa47e3891f97ee1eaba3d0757']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622a9-6da4-4e0f-bd6b-4add02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:33.000Z",
|
||
|
"modified": "2016-07-01T07:58:33.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:33Z",
|
||
|
"last_observed": "2016-07-01T07:58:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622a9-6da4-4e0f-bd6b-4add02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622a9-6da4-4e0f-bd6b-4add02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e7fe700f61fa77780f7381a5fb353f14be50deac2e3f5034abbd0925df8d7d0e/analysis/1465917806/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622aa-4a20-488a-beee-45f402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:34.000Z",
|
||
|
"modified": "2016-07-01T07:58:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 80091e1b7b4dd404c83a9c54fda9e6951b2689b1",
|
||
|
"pattern": "[file:hashes.SHA256 = '430fbf2130dfb3e4d8bc90c439e0af52c525492a7b258003b54d0f3fed848986']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622aa-ab1c-4fdc-8da9-443502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:34.000Z",
|
||
|
"modified": "2016-07-01T07:58:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 80091e1b7b4dd404c83a9c54fda9e6951b2689b1",
|
||
|
"pattern": "[file:hashes.MD5 = 'd284505fe407d63922e64a14b6066217']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622aa-ba70-4725-91b7-4b4b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:34.000Z",
|
||
|
"modified": "2016-07-01T07:58:34.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:34Z",
|
||
|
"last_observed": "2016-07-01T07:58:34Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622aa-ba70-4725-91b7-4b4b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622aa-ba70-4725-91b7-4b4b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/430fbf2130dfb3e4d8bc90c439e0af52c525492a7b258003b54d0f3fed848986/analysis/1465917695/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622aa-5630-4b39-bbee-485902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:34.000Z",
|
||
|
"modified": "2016-07-01T07:58:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 7abf407b9a19dd9ee528fa6e5a099ea1c8ba2f98",
|
||
|
"pattern": "[file:hashes.SHA256 = '066581a7edd22f0124f5d07627cff3c41f7ce52b0839562e08b115368a3f4f99']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622aa-8a0c-472c-ab66-406802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:34.000Z",
|
||
|
"modified": "2016-07-01T07:58:34.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 7abf407b9a19dd9ee528fa6e5a099ea1c8ba2f98",
|
||
|
"pattern": "[file:hashes.MD5 = 'f9ed71c16d09bdb7779c9686d5f1cfee']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622ab-7d80-4427-880a-456102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:35.000Z",
|
||
|
"modified": "2016-07-01T07:58:35.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:35Z",
|
||
|
"last_observed": "2016-07-01T07:58:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622ab-7d80-4427-880a-456102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622ab-7d80-4427-880a-456102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/066581a7edd22f0124f5d07627cff3c41f7ce52b0839562e08b115368a3f4f99/analysis/1464287459/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ab-9388-44d3-8680-481c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:35.000Z",
|
||
|
"modified": "2016-07-01T07:58:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 7674f680fd0c24c222c027976c40ffe1e08c6f2e",
|
||
|
"pattern": "[file:hashes.SHA256 = 'dc02ed8a999720412a6008a708bc2de0bdee1f70497f3442e5ff7df89abe2a47']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ab-f3ac-48a9-981f-4f2302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:35.000Z",
|
||
|
"modified": "2016-07-01T07:58:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 7674f680fd0c24c222c027976c40ffe1e08c6f2e",
|
||
|
"pattern": "[file:hashes.MD5 = '54f3c8365bcf2f25ae29e0536512287a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622ab-d820-4817-8c24-492a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:35.000Z",
|
||
|
"modified": "2016-07-01T07:58:35.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:35Z",
|
||
|
"last_observed": "2016-07-01T07:58:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622ab-d820-4817-8c24-492a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622ab-d820-4817-8c24-492a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/dc02ed8a999720412a6008a708bc2de0bdee1f70497f3442e5ff7df89abe2a47/analysis/1464690264/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ab-4d60-4a1b-bf2a-464a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:35.000Z",
|
||
|
"modified": "2016-07-01T07:58:35.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 713855aa5680154324bfcbac638aa1c12681e3c3",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c38fc700108deee5f7105af647cc196b38e101418e1928b519b6f0442378fa47']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ac-1f80-465e-a9d6-442002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:36.000Z",
|
||
|
"modified": "2016-07-01T07:58:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 713855aa5680154324bfcbac638aa1c12681e3c3",
|
||
|
"pattern": "[file:hashes.MD5 = '507f89f8ab0f118a7fef7d55c2705dc3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622ac-437c-4cf0-8eb5-428602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:36.000Z",
|
||
|
"modified": "2016-07-01T07:58:36.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:36Z",
|
||
|
"last_observed": "2016-07-01T07:58:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622ac-437c-4cf0-8eb5-428602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622ac-437c-4cf0-8eb5-428602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c38fc700108deee5f7105af647cc196b38e101418e1928b519b6f0442378fa47/analysis/1465917765/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ac-90b0-4162-b35d-44e802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:36.000Z",
|
||
|
"modified": "2016-07-01T07:58:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 6a2d12adc541c9c5aaa1096d7e59c72c489cdd59",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c88ca07beb89048af96f7bd2ded56c7c686ed24d6a7b2e4056e34906896bb76c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ac-a678-4f1c-97a1-491d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:36.000Z",
|
||
|
"modified": "2016-07-01T07:58:36.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 6a2d12adc541c9c5aaa1096d7e59c72c489cdd59",
|
||
|
"pattern": "[file:hashes.MD5 = '8a185209735c9ccbb356ede183d503a9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622ad-4d34-4ccf-b447-402e02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:37.000Z",
|
||
|
"modified": "2016-07-01T07:58:37.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:37Z",
|
||
|
"last_observed": "2016-07-01T07:58:37Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622ad-4d34-4ccf-b447-402e02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622ad-4d34-4ccf-b447-402e02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c88ca07beb89048af96f7bd2ded56c7c686ed24d6a7b2e4056e34906896bb76c/analysis/1464689962/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ad-96ac-4195-8bc8-41d702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:37.000Z",
|
||
|
"modified": "2016-07-01T07:58:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 67e9e098c2b39b5847f6cd3aa5a3f86917602f5f",
|
||
|
"pattern": "[file:hashes.SHA256 = '86934ca44a1b0283bfe6365e4076df06468d6ea9c5acd06bf2701ce67fe016e0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ad-c11c-4bd3-9b01-41bb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:37.000Z",
|
||
|
"modified": "2016-07-01T07:58:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 67e9e098c2b39b5847f6cd3aa5a3f86917602f5f",
|
||
|
"pattern": "[file:hashes.MD5 = '7c67b627365ce30cd46b99721ac1e209']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622ad-d774-401c-afd2-4c7702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:37.000Z",
|
||
|
"modified": "2016-07-01T07:58:37.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:37Z",
|
||
|
"last_observed": "2016-07-01T07:58:37Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622ad-d774-401c-afd2-4c7702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622ad-d774-401c-afd2-4c7702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/86934ca44a1b0283bfe6365e4076df06468d6ea9c5acd06bf2701ce67fe016e0/analysis/1465917772/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ad-cc18-4cb3-ad7b-407d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:37.000Z",
|
||
|
"modified": "2016-07-01T07:58:37.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 66a7642abaf3d05d5ab14e83dfd52eca0c17acc6",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c53809c4c96b6dbef2fedf753ac70feab0280ab1e48ea28fc0e9c5552a62ba24']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ae-789c-4079-9a13-4e4c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:38.000Z",
|
||
|
"modified": "2016-07-01T07:58:38.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 66a7642abaf3d05d5ab14e83dfd52eca0c17acc6",
|
||
|
"pattern": "[file:hashes.MD5 = 'a8461f8fe316ccadef669c3c77578f8f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622ae-eecc-47ca-8df9-461102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:38.000Z",
|
||
|
"modified": "2016-07-01T07:58:38.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:38Z",
|
||
|
"last_observed": "2016-07-01T07:58:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622ae-eecc-47ca-8df9-461102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622ae-eecc-47ca-8df9-461102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c53809c4c96b6dbef2fedf753ac70feab0280ab1e48ea28fc0e9c5552a62ba24/analysis/1465917842/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ae-f46c-4de6-8ebd-4e9502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:38.000Z",
|
||
|
"modified": "2016-07-01T07:58:38.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 623185a651a1962538141d7ffefdc2f2445a9201",
|
||
|
"pattern": "[file:hashes.SHA256 = '5e4c5451e8751d411c252fa357afd20c4223320b523d295bd6667fe40c80ae6f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ae-7284-4c3f-a15a-451102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:38.000Z",
|
||
|
"modified": "2016-07-01T07:58:38.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 623185a651a1962538141d7ffefdc2f2445a9201",
|
||
|
"pattern": "[file:hashes.MD5 = 'f9eacb4527d3571c31c31912e609afaf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622af-3650-495b-add5-454002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:39.000Z",
|
||
|
"modified": "2016-07-01T07:58:39.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:39Z",
|
||
|
"last_observed": "2016-07-01T07:58:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622af-3650-495b-add5-454002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622af-3650-495b-add5-454002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/5e4c5451e8751d411c252fa357afd20c4223320b523d295bd6667fe40c80ae6f/analysis/1465917692/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622af-1cac-45ac-8281-459202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:39.000Z",
|
||
|
"modified": "2016-07-01T07:58:39.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5bcc6da122b3aa88c766d80eb7774c2c6e9e25d5",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e63babeb4e3e53dd0ff0369d1f113d7b8680a175d4048b36b8be2b05f320d0d1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622af-4c70-41d9-b113-4de602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:39.000Z",
|
||
|
"modified": "2016-07-01T07:58:39.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5bcc6da122b3aa88c766d80eb7774c2c6e9e25d5",
|
||
|
"pattern": "[file:hashes.MD5 = '9408f9f702ded7196070a254dece8c39']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622af-0bd8-4195-8a09-4fb102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:39.000Z",
|
||
|
"modified": "2016-07-01T07:58:39.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:39Z",
|
||
|
"last_observed": "2016-07-01T07:58:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622af-0bd8-4195-8a09-4fb102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622af-0bd8-4195-8a09-4fb102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e63babeb4e3e53dd0ff0369d1f113d7b8680a175d4048b36b8be2b05f320d0d1/analysis/1465904181/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622af-4cc0-45c8-8fdb-47cb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:39.000Z",
|
||
|
"modified": "2016-07-01T07:58:39.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5aaa055fa5eb9a436ca0e643bf2ada268bcd6f33",
|
||
|
"pattern": "[file:hashes.SHA256 = '086c526a5dcf91cc71ab2efd4e6c862f73e0c37d79d555324865f1c4af137425']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b0-57cc-46e7-8972-4fad02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:40.000Z",
|
||
|
"modified": "2016-07-01T07:58:40.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5aaa055fa5eb9a436ca0e643bf2ada268bcd6f33",
|
||
|
"pattern": "[file:hashes.MD5 = 'f6154d0fd947692eac03ec34a5b4fb40']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b0-65f8-44aa-9163-455b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:40.000Z",
|
||
|
"modified": "2016-07-01T07:58:40.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:40Z",
|
||
|
"last_observed": "2016-07-01T07:58:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b0-65f8-44aa-9163-455b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b0-65f8-44aa-9163-455b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/086c526a5dcf91cc71ab2efd4e6c862f73e0c37d79d555324865f1c4af137425/analysis/1465917814/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b0-37e0-456c-9d50-48c202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:40.000Z",
|
||
|
"modified": "2016-07-01T07:58:40.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5a6b14fad221ab65a086b1ee7c97eb63ff38480e",
|
||
|
"pattern": "[file:hashes.SHA256 = '533d14f6e1cb7153e4adfa90ce4c5e14ee8fc32f1549d3a8508e4ce61001f4c7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b0-a740-40e7-99f3-483d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:40.000Z",
|
||
|
"modified": "2016-07-01T07:58:40.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5a6b14fad221ab65a086b1ee7c97eb63ff38480e",
|
||
|
"pattern": "[file:hashes.MD5 = '8efbe52b9788467c73a3f8e146997a7b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b0-10e0-4044-9d83-48df02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:40.000Z",
|
||
|
"modified": "2016-07-01T07:58:40.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:40Z",
|
||
|
"last_observed": "2016-07-01T07:58:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b0-10e0-4044-9d83-48df02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b0-10e0-4044-9d83-48df02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/533d14f6e1cb7153e4adfa90ce4c5e14ee8fc32f1549d3a8508e4ce61001f4c7/analysis/1465917768/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b1-4970-497e-b600-48ce02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:41.000Z",
|
||
|
"modified": "2016-07-01T07:58:41.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 58952be65d0ed53490f69f566485c699f246dcc0",
|
||
|
"pattern": "[file:hashes.SHA256 = '89ef03d32b17b83f200df55276f9eec665baaf62c137b77fdfb207216eeaedea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b1-78ac-42fe-9c51-4a2602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:41.000Z",
|
||
|
"modified": "2016-07-01T07:58:41.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 58952be65d0ed53490f69f566485c699f246dcc0",
|
||
|
"pattern": "[file:hashes.MD5 = '9da24a08192ac2705b50b9716c6bbbec']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b1-5170-44ac-a2f8-498502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:41.000Z",
|
||
|
"modified": "2016-07-01T07:58:41.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:41Z",
|
||
|
"last_observed": "2016-07-01T07:58:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b1-5170-44ac-a2f8-498502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b1-5170-44ac-a2f8-498502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/89ef03d32b17b83f200df55276f9eec665baaf62c137b77fdfb207216eeaedea/analysis/1465917845/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b1-76c4-4cd9-8806-48c502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:41.000Z",
|
||
|
"modified": "2016-07-01T07:58:41.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 583036a7c9b210508c222c7dfdd9b8321feca7df",
|
||
|
"pattern": "[file:hashes.SHA256 = '49ac7de9541282c3c172d18a5a1ff2839e932d4ddd1b2d1da66b4997b1192c96']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b1-1fa4-4fd6-9b6d-45b102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:41.000Z",
|
||
|
"modified": "2016-07-01T07:58:41.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 583036a7c9b210508c222c7dfdd9b8321feca7df",
|
||
|
"pattern": "[file:hashes.MD5 = '059cbb0d73e9b5cfb20e74105583d5e3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b2-4f1c-4d02-b21a-464202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:42.000Z",
|
||
|
"modified": "2016-07-01T07:58:42.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:42Z",
|
||
|
"last_observed": "2016-07-01T07:58:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b2-4f1c-4d02-b21a-464202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b2-4f1c-4d02-b21a-464202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/49ac7de9541282c3c172d18a5a1ff2839e932d4ddd1b2d1da66b4997b1192c96/analysis/1455541801/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b2-3ce4-40b4-ba8b-415202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:42.000Z",
|
||
|
"modified": "2016-07-01T07:58:42.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5617c1414cb79411c64883ee72d219d52123fa30",
|
||
|
"pattern": "[file:hashes.SHA256 = '2bc8de5baa6a4647a729a9f506a2b3d788f7d68d283e32bdbfd50518b70d90ac']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b2-538c-44bd-842d-419702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:42.000Z",
|
||
|
"modified": "2016-07-01T07:58:42.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5617c1414cb79411c64883ee72d219d52123fa30",
|
||
|
"pattern": "[file:hashes.MD5 = '01d65c1799211d71562b2c2415123e50']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b2-0450-4461-9bfc-451002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:42.000Z",
|
||
|
"modified": "2016-07-01T07:58:42.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:42Z",
|
||
|
"last_observed": "2016-07-01T07:58:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b2-0450-4461-9bfc-451002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b2-0450-4461-9bfc-451002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2bc8de5baa6a4647a729a9f506a2b3d788f7d68d283e32bdbfd50518b70d90ac/analysis/1465917779/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b2-3d44-4a01-9833-48b802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:42.000Z",
|
||
|
"modified": "2016-07-01T07:58:42.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 0641f22e1b4e15cc23660b2e8bbf42623e997dfb",
|
||
|
"pattern": "[file:hashes.SHA256 = 'abf5c8045c16ad7cf8d38856c4855e55f26e8474e094a8f723086fc1fe2fb178']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b3-2694-4cae-b6cd-47d302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:43.000Z",
|
||
|
"modified": "2016-07-01T07:58:43.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 0641f22e1b4e15cc23660b2e8bbf42623e997dfb",
|
||
|
"pattern": "[file:hashes.MD5 = '4ec2ebcd8ad554509f461b2fcc0b5b10']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b3-181c-45b6-99af-4c7b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:43.000Z",
|
||
|
"modified": "2016-07-01T07:58:43.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:43Z",
|
||
|
"last_observed": "2016-07-01T07:58:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b3-181c-45b6-99af-4c7b02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b3-181c-45b6-99af-4c7b02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/abf5c8045c16ad7cf8d38856c4855e55f26e8474e094a8f723086fc1fe2fb178/analysis/1465917698/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b3-b8ac-41c8-bf8c-439802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:43.000Z",
|
||
|
"modified": "2016-07-01T07:58:43.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 0af1a6d6c487e78aa252ae2f5921606a8a379206",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e7f1bac834d9eacdcaf3d032b1823759c5846cb717f2c45238614938992911bf']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b3-8714-4346-8151-4dcf02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:43.000Z",
|
||
|
"modified": "2016-07-01T07:58:43.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 0af1a6d6c487e78aa252ae2f5921606a8a379206",
|
||
|
"pattern": "[file:hashes.MD5 = 'da1f7f80f587e4240f584a6326af1144']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b3-676c-4fd6-bc91-4db502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:43.000Z",
|
||
|
"modified": "2016-07-01T07:58:43.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:43Z",
|
||
|
"last_observed": "2016-07-01T07:58:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b3-676c-4fd6-bc91-4db502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b3-676c-4fd6-bc91-4db502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e7f1bac834d9eacdcaf3d032b1823759c5846cb717f2c45238614938992911bf/analysis/1464171395/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b4-4d6c-44d2-8e2b-455002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:44.000Z",
|
||
|
"modified": "2016-07-01T07:58:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 100241519698bb013f668ff49d3d0d4fdab6a584",
|
||
|
"pattern": "[file:hashes.SHA256 = 'caf4bd7752434c48d8d5bc013f1f45e093a6fd93515edc03e514de6c65f05bf8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b4-9358-460e-9766-46ad02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:44.000Z",
|
||
|
"modified": "2016-07-01T07:58:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 100241519698bb013f668ff49d3d0d4fdab6a584",
|
||
|
"pattern": "[file:hashes.MD5 = '9c3183188447fc313e57d9da3cdf70b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b4-e598-497c-ae50-4ed902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:44.000Z",
|
||
|
"modified": "2016-07-01T07:58:44.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:44Z",
|
||
|
"last_observed": "2016-07-01T07:58:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b4-e598-497c-ae50-4ed902de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b4-e598-497c-ae50-4ed902de0b81",
|
||
|
"value": "https://www.virustotal.com/file/caf4bd7752434c48d8d5bc013f1f45e093a6fd93515edc03e514de6c65f05bf8/analysis/1465917707/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b4-5744-4de8-9f77-473b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:44.000Z",
|
||
|
"modified": "2016-07-01T07:58:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 14014f810a0c07b6dde48b7a8954b56c409ae7f3",
|
||
|
"pattern": "[file:hashes.SHA256 = 'aebb3dc4b7730106593deeb73c51035434e045c613497b831ae7e900c25ef27c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b4-ca98-40df-be39-4d0702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:44.000Z",
|
||
|
"modified": "2016-07-01T07:58:44.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 14014f810a0c07b6dde48b7a8954b56c409ae7f3",
|
||
|
"pattern": "[file:hashes.MD5 = 'e248c3683ad05b867fa9b27f38ed386a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b5-1134-482a-b348-4ac702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:45.000Z",
|
||
|
"modified": "2016-07-01T07:58:45.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:45Z",
|
||
|
"last_observed": "2016-07-01T07:58:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b5-1134-482a-b348-4ac702de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b5-1134-482a-b348-4ac702de0b81",
|
||
|
"value": "https://www.virustotal.com/file/aebb3dc4b7730106593deeb73c51035434e045c613497b831ae7e900c25ef27c/analysis/1465904185/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b5-90b0-43f3-a0ae-44ff02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:45.000Z",
|
||
|
"modified": "2016-07-01T07:58:45.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 16c6d317fd7c361623c62cf5652a6b7937f58e0a",
|
||
|
"pattern": "[file:hashes.SHA256 = 'fead428af4a66cbfa8dbdeb696692b0bb83f0f0d59d438abddc576ee50a8b736']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b5-5b54-406c-b964-4dd402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:45.000Z",
|
||
|
"modified": "2016-07-01T07:58:45.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 16c6d317fd7c361623c62cf5652a6b7937f58e0a",
|
||
|
"pattern": "[file:hashes.MD5 = '967634bc2a1a5ebdbc8bb4ea753b4d99']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b5-a438-46f1-9978-4ef802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:45.000Z",
|
||
|
"modified": "2016-07-01T07:58:45.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:45Z",
|
||
|
"last_observed": "2016-07-01T07:58:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b5-a438-46f1-9978-4ef802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b5-a438-46f1-9978-4ef802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/fead428af4a66cbfa8dbdeb696692b0bb83f0f0d59d438abddc576ee50a8b736/analysis/1464287357/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b5-9f24-4fbd-be61-41df02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:45.000Z",
|
||
|
"modified": "2016-07-01T07:58:45.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 22c565e2cfb8adadd022b0ec281bb2b6ed62dca2",
|
||
|
"pattern": "[file:hashes.SHA256 = '407e72df6bb28c4e1bb3f697f92e7632540933988d28d7536fdbae922332c32e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b5-4894-4a4a-a718-442802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:45.000Z",
|
||
|
"modified": "2016-07-01T07:58:45.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 22c565e2cfb8adadd022b0ec281bb2b6ed62dca2",
|
||
|
"pattern": "[file:hashes.MD5 = '2f895e683413231e8793e265dbde2f45']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b6-c0c8-4d2e-8304-4dae02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:46.000Z",
|
||
|
"modified": "2016-07-01T07:58:46.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:46Z",
|
||
|
"last_observed": "2016-07-01T07:58:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b6-c0c8-4d2e-8304-4dae02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b6-c0c8-4d2e-8304-4dae02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/407e72df6bb28c4e1bb3f697f92e7632540933988d28d7536fdbae922332c32e/analysis/1465917703/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b6-1740-4c7e-b243-414302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:46.000Z",
|
||
|
"modified": "2016-07-01T07:58:46.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 23ce92fd1d4d2d42389a66869434fb578aa3f539",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd5357548d145fd81fe8da50771195a6058f48275bf1fe1d1c70113a7c1364f7e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b6-a400-4afe-8fb4-409402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:46.000Z",
|
||
|
"modified": "2016-07-01T07:58:46.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 23ce92fd1d4d2d42389a66869434fb578aa3f539",
|
||
|
"pattern": "[file:hashes.MD5 = 'c7b71c6db80426c6d4bed182c1795990']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b6-ec54-46bb-934b-4e6c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:46.000Z",
|
||
|
"modified": "2016-07-01T07:58:46.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:46Z",
|
||
|
"last_observed": "2016-07-01T07:58:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b6-ec54-46bb-934b-4e6c02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b6-ec54-46bb-934b-4e6c02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d5357548d145fd81fe8da50771195a6058f48275bf1fe1d1c70113a7c1364f7e/analysis/1465917677/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b6-1bb8-4781-a15c-4f2502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:46.000Z",
|
||
|
"modified": "2016-07-01T07:58:46.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 261a8fc8e0e396298120a7bc15c32a37f3ce5b94",
|
||
|
"pattern": "[file:hashes.SHA256 = '4ba74d802fbc2c7dc0cdfb6e4787c3722d07260a700b74f19d9cb9653ee3e829']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b7-c6ac-4e1a-ab65-485f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:47.000Z",
|
||
|
"modified": "2016-07-01T07:58:47.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 261a8fc8e0e396298120a7bc15c32a37f3ce5b94",
|
||
|
"pattern": "[file:hashes.MD5 = 'd78555d218feedda07a80301b24ddc80']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b7-16b0-40c2-aee9-46a602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:47.000Z",
|
||
|
"modified": "2016-07-01T07:58:47.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:47Z",
|
||
|
"last_observed": "2016-07-01T07:58:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b7-16b0-40c2-aee9-46a602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b7-16b0-40c2-aee9-46a602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/4ba74d802fbc2c7dc0cdfb6e4787c3722d07260a700b74f19d9cb9653ee3e829/analysis/1460118531/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b7-72f0-45bf-8e92-4feb02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:47.000Z",
|
||
|
"modified": "2016-07-01T07:58:47.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2a9c8639215faf08593f17b930f83757324dfbee",
|
||
|
"pattern": "[file:hashes.SHA256 = '1fe26d2a2d80341fd83ada8dbe070ec332655d78057c96002dcc123132629c6e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b7-0cf4-484b-aaf7-4e5502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:47.000Z",
|
||
|
"modified": "2016-07-01T07:58:47.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2a9c8639215faf08593f17b930f83757324dfbee",
|
||
|
"pattern": "[file:hashes.MD5 = '33224dadb742e76d60af558fc95f2bca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b7-58b4-4dcf-8c00-4d8602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:47.000Z",
|
||
|
"modified": "2016-07-01T07:58:47.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:47Z",
|
||
|
"last_observed": "2016-07-01T07:58:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b7-58b4-4dcf-8c00-4d8602de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b7-58b4-4dcf-8c00-4d8602de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1fe26d2a2d80341fd83ada8dbe070ec332655d78057c96002dcc123132629c6e/analysis/1465795899/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b8-3ebc-408d-a18f-4c4402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:48.000Z",
|
||
|
"modified": "2016-07-01T07:58:48.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2ad7262ad52320399aa54cd8482c30e7a480bebc",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c743f174642b49512e336f439a6124338f65f07ad3841305052440451cb19b20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b8-b848-4cb9-a4eb-427a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:48.000Z",
|
||
|
"modified": "2016-07-01T07:58:48.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2ad7262ad52320399aa54cd8482c30e7a480bebc",
|
||
|
"pattern": "[file:hashes.MD5 = 'e0b3f4899e4cec7e153223c2912c7f8e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b8-33ac-419a-8ea5-4dc202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:48.000Z",
|
||
|
"modified": "2016-07-01T07:58:48.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:48Z",
|
||
|
"last_observed": "2016-07-01T07:58:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b8-33ac-419a-8ea5-4dc202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b8-33ac-419a-8ea5-4dc202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c743f174642b49512e336f439a6124338f65f07ad3841305052440451cb19b20/analysis/1465917769/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b8-2450-4e39-b670-467a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:48.000Z",
|
||
|
"modified": "2016-07-01T07:58:48.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2eb5a075b710155c409e727e7f74fdc3be63b58c",
|
||
|
"pattern": "[file:hashes.SHA256 = '63b08d4c30088e235b2d04df2b0c8150d5fda879706c89bfcdb256fa6b9e7e29']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b8-6fb4-4ac1-99f1-47d302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:48.000Z",
|
||
|
"modified": "2016-07-01T07:58:48.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 2eb5a075b710155c409e727e7f74fdc3be63b58c",
|
||
|
"pattern": "[file:hashes.MD5 = 'e9e0ec12c25c581ca185c807c0ae9317']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b9-5104-47e1-8258-4baa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:49.000Z",
|
||
|
"modified": "2016-07-01T07:58:49.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:49Z",
|
||
|
"last_observed": "2016-07-01T07:58:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b9-5104-47e1-8258-4baa02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b9-5104-47e1-8258-4baa02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/63b08d4c30088e235b2d04df2b0c8150d5fda879706c89bfcdb256fa6b9e7e29/analysis/1465917815/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b9-12bc-4083-8d37-4b8002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:49.000Z",
|
||
|
"modified": "2016-07-01T07:58:49.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 325b1075b4544ecc2c5741a7a06a9df00f0965da",
|
||
|
"pattern": "[file:hashes.SHA256 = '89ece58a51c037d9ceff3091b37d2c38c8177258307d0a77c6394e42eb646cb6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b9-d774-487d-97e7-4bfa02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:49.000Z",
|
||
|
"modified": "2016-07-01T07:58:49.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 325b1075b4544ecc2c5741a7a06a9df00f0965da",
|
||
|
"pattern": "[file:hashes.MD5 = '40998bdd299187737a5bb441c5919889']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622b9-a3e8-4159-8f2f-418202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:49.000Z",
|
||
|
"modified": "2016-07-01T07:58:49.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:49Z",
|
||
|
"last_observed": "2016-07-01T07:58:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622b9-a3e8-4159-8f2f-418202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622b9-a3e8-4159-8f2f-418202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/89ece58a51c037d9ceff3091b37d2c38c8177258307d0a77c6394e42eb646cb6/analysis/1465917782/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622b9-1148-4072-8fad-43b402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:49.000Z",
|
||
|
"modified": "2016-07-01T07:58:49.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 336d5957909487990033a3432d0347be34db044a",
|
||
|
"pattern": "[file:hashes.SHA256 = '634887e293b4653fa86b439b884871aaa4615dab6adbe484841925e3c5ba32ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ba-bad0-41e8-b8a5-406902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:50.000Z",
|
||
|
"modified": "2016-07-01T07:58:50.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 336d5957909487990033a3432d0347be34db044a",
|
||
|
"pattern": "[file:hashes.MD5 = '9846f4228dd3efadeb9948c706481e8b']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622ba-e364-497f-ada0-466502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:50.000Z",
|
||
|
"modified": "2016-07-01T07:58:50.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:50Z",
|
||
|
"last_observed": "2016-07-01T07:58:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622ba-e364-497f-ada0-466502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622ba-e364-497f-ada0-466502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/634887e293b4653fa86b439b884871aaa4615dab6adbe484841925e3c5ba32ef/analysis/1465917847/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ba-e208-4e77-b67b-43df02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:50.000Z",
|
||
|
"modified": "2016-07-01T07:58:50.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 368b746daf5448812b231aed67bd795dfb5a605d",
|
||
|
"pattern": "[file:hashes.SHA256 = '1b767dca990a25bdc658096eb950dc9edc3268bd234d96ecdff0a7896ca2d736']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622ba-499c-4f96-8f91-495502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:50.000Z",
|
||
|
"modified": "2016-07-01T07:58:50.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 368b746daf5448812b231aed67bd795dfb5a605d",
|
||
|
"pattern": "[file:hashes.MD5 = 'deba4837490e7a0ed519ec3c0c934838']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622bb-4f2c-41d7-8c5b-45df02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:51.000Z",
|
||
|
"modified": "2016-07-01T07:58:51.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:51Z",
|
||
|
"last_observed": "2016-07-01T07:58:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622bb-4f2c-41d7-8c5b-45df02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622bb-4f2c-41d7-8c5b-45df02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/1b767dca990a25bdc658096eb950dc9edc3268bd234d96ecdff0a7896ca2d736/analysis/1465917701/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bb-a60c-4861-9dd8-400102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:51.000Z",
|
||
|
"modified": "2016-07-01T07:58:51.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 38d16c19b54bf2c94e0ad81fca207de062181b31",
|
||
|
"pattern": "[file:hashes.SHA256 = '0c3fa4e20b75bffab5c5ec34d3cd1d7e796a733ea52d63a92abd185920c7e2e8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bb-6e8c-4220-807b-474202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:51.000Z",
|
||
|
"modified": "2016-07-01T07:58:51.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 38d16c19b54bf2c94e0ad81fca207de062181b31",
|
||
|
"pattern": "[file:hashes.MD5 = '1ebaad5db5690d1455475178fdc23c1e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622bb-8b10-441c-8a6d-429a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:51.000Z",
|
||
|
"modified": "2016-07-01T07:58:51.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:51Z",
|
||
|
"last_observed": "2016-07-01T07:58:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622bb-8b10-441c-8a6d-429a02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622bb-8b10-441c-8a6d-429a02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0c3fa4e20b75bffab5c5ec34d3cd1d7e796a733ea52d63a92abd185920c7e2e8/analysis/1465904248/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bb-ef04-4f29-96fe-419f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:51.000Z",
|
||
|
"modified": "2016-07-01T07:58:51.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 4880a13c4e1cde0343c233f5e107abf4e3d00664",
|
||
|
"pattern": "[file:hashes.SHA256 = '2e3145be669421d5bf5b8ebe69f8042415e3ff9daf37ae845b7f1c3ccad9c1c3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bb-dacc-4204-9ff3-497c02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:51.000Z",
|
||
|
"modified": "2016-07-01T07:58:51.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 4880a13c4e1cde0343c233f5e107abf4e3d00664",
|
||
|
"pattern": "[file:hashes.MD5 = '8607bf62c8d5b70477f6c153c03b94c0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622bc-2fb0-4f20-ae75-434202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:52.000Z",
|
||
|
"modified": "2016-07-01T07:58:52.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:52Z",
|
||
|
"last_observed": "2016-07-01T07:58:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622bc-2fb0-4f20-ae75-434202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622bc-2fb0-4f20-ae75-434202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/2e3145be669421d5bf5b8ebe69f8042415e3ff9daf37ae845b7f1c3ccad9c1c3/analysis/1465917703/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bc-029c-4187-b10c-448702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:52.000Z",
|
||
|
"modified": "2016-07-01T07:58:52.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 49f0569886e5e6ba4b32b7f118dc35f9e5916dc2",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a15b4eb9b43ababbdae401cd95053e0e3382dc3576bd45ca489bb8cc71a4b37d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bc-2abc-4546-a5b4-4d6f02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:52.000Z",
|
||
|
"modified": "2016-07-01T07:58:52.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 49f0569886e5e6ba4b32b7f118dc35f9e5916dc2",
|
||
|
"pattern": "[file:hashes.MD5 = 'ecc165426ab068666a3512b57f2d325f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622bc-81b4-4573-b1ea-4c8402de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:52.000Z",
|
||
|
"modified": "2016-07-01T07:58:52.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:52Z",
|
||
|
"last_observed": "2016-07-01T07:58:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622bc-81b4-4573-b1ea-4c8402de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622bc-81b4-4573-b1ea-4c8402de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a15b4eb9b43ababbdae401cd95053e0e3382dc3576bd45ca489bb8cc71a4b37d/analysis/1465917841/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bc-6014-4cea-98b9-47d802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:52.000Z",
|
||
|
"modified": "2016-07-01T07:58:52.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 4eecebf5c9720c8e85347e0dcf55a844a6d01b08",
|
||
|
"pattern": "[file:hashes.SHA256 = '17c71da48ab0a71bfb92e18f99ef16b35b76314d2dde269f3a7eeb6bed7e276d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bd-e4c4-40f3-a15c-44bd02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:53.000Z",
|
||
|
"modified": "2016-07-01T07:58:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 4eecebf5c9720c8e85347e0dcf55a844a6d01b08",
|
||
|
"pattern": "[file:hashes.MD5 = 'fb0b5c29358b84dfc4d5e85943e63b1f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622bd-e5a0-463c-b21f-40da02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:53.000Z",
|
||
|
"modified": "2016-07-01T07:58:53.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:53Z",
|
||
|
"last_observed": "2016-07-01T07:58:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622bd-e5a0-463c-b21f-40da02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622bd-e5a0-463c-b21f-40da02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/17c71da48ab0a71bfb92e18f99ef16b35b76314d2dde269f3a7eeb6bed7e276d/analysis/1465917812/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bd-1154-4e54-8e6b-46dc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:53.000Z",
|
||
|
"modified": "2016-07-01T07:58:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5374b898dbb618aa84d92f7a3e9d166e9e819960",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a14d838a141c2773e232ee53c378beb4f20c2014718c4f778fc8f2aef4c7ddf3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bd-c310-4fb7-b738-4be902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:53.000Z",
|
||
|
"modified": "2016-07-01T07:58:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 5374b898dbb618aa84d92f7a3e9d166e9e819960",
|
||
|
"pattern": "[file:hashes.MD5 = 'df6974e9f5e51db85103087a68ec7891']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622bd-e908-49b5-88f2-471802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:53.000Z",
|
||
|
"modified": "2016-07-01T07:58:53.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:53Z",
|
||
|
"last_observed": "2016-07-01T07:58:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622bd-e908-49b5-88f2-471802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622bd-e908-49b5-88f2-471802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/a14d838a141c2773e232ee53c378beb4f20c2014718c4f778fc8f2aef4c7ddf3/analysis/1465917696/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622bd-895c-448c-8b12-42e202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:53.000Z",
|
||
|
"modified": "2016-07-01T07:58:53.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 54ac8caeae8046e01301379602041c74ee527dfc",
|
||
|
"pattern": "[file:hashes.SHA256 = '9c76ebe64957feea4b9c335ae7baf8e8d33c8aecafe14ec4ba342045bcec25b9']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--577622be-f260-40cb-b733-410702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:54.000Z",
|
||
|
"modified": "2016-07-01T07:58:54.000Z",
|
||
|
"description": "SHA1 hashes of all known variants - Xchecked via VT: 54ac8caeae8046e01301379602041c74ee527dfc",
|
||
|
"pattern": "[file:hashes.MD5 = '7bee7ddaad98657d3def9e02db36f9d6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-01T07:58:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--577622be-4840-4e44-83a1-49cc02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-01T07:58:54.000Z",
|
||
|
"modified": "2016-07-01T07:58:54.000Z",
|
||
|
"first_observed": "2016-07-01T07:58:54Z",
|
||
|
"last_observed": "2016-07-01T07:58:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--577622be-4840-4e44-83a1-49cc02de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--577622be-4840-4e44-83a1-49cc02de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9c76ebe64957feea4b9c335ae7baf8e8d33c8aecafe14ec4ba342045bcec25b9/analysis/1465917705/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5777fb83-d690-4e69-9033-4bf2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-02T17:36:03.000Z",
|
||
|
"modified": "2016-07-02T17:36:03.000Z",
|
||
|
"pattern": "[url:value = 'http://reckless.dk/wp-includes/class-pomo.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-02T17:36:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5777fb83-178c-4459-b097-4f46950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-02T17:36:03.000Z",
|
||
|
"modified": "2016-07-02T17:36:03.000Z",
|
||
|
"pattern": "[url:value = 'http://reckless.dk/wp-includes/class.wp-db.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-02T17:36:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5777fb84-6014-4eee-beb9-4d85950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-02T17:36:04.000Z",
|
||
|
"modified": "2016-07-02T17:36:04.000Z",
|
||
|
"pattern": "[url:value = 'http://fishstalk.esy.es/wp-content/plugins/bbpress/includes/common/menu.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-02T17:36:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5777fb84-717c-45e9-b992-4f51950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-02T17:36:04.000Z",
|
||
|
"modified": "2016-07-02T17:36:04.000Z",
|
||
|
"pattern": "[url:value = 'http://fishstalk.esy.es/wp-includes/SimplePie/Net/IPv4.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-02T17:36:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5777fb84-8ebc-4e3d-814d-4b86950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-02T17:36:04.000Z",
|
||
|
"modified": "2016-07-02T17:36:04.000Z",
|
||
|
"pattern": "[url:value = 'http://77-ufo.com/wp-includes/class-menu.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-02T17:36:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5777fb84-9610-454e-84c4-4cfe950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-02T17:36:04.000Z",
|
||
|
"modified": "2016-07-02T17:36:04.000Z",
|
||
|
"pattern": "[url:value = 'http://77-ufo.com/pma/db_table.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-02T17:36:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5777fb84-aea0-4fa2-8248-432e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-07-02T17:36:04.000Z",
|
||
|
"modified": "2016-07-02T17:36:04.000Z",
|
||
|
"pattern": "[url:value = 'http://scientific.otzo.com/rss.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-07-02T17:36:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|