misp-circl-feed/feeds/circl/stix-2.1/58d3f093-d6f4-44d1-93ac-3449950d210f.json

6548 lines
290 KiB
JSON
Raw Permalink Normal View History

2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--58d3f093-d6f4-44d1-93ac-3449950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58d3f093-d6f4-44d1-93ac-3449950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"name": "OSINT - How Malformed RTF Defeats Security Engines",
"published": "2017-03-23T16:22:03Z",
"object_refs": [
"observed-data--58d3f0a2-7ec0-46c6-b8fb-3450950d210f",
"url--58d3f0a2-7ec0-46c6-b8fb-3450950d210f",
"x-misp-attribute--58d3f194-baf0-4e4d-8d20-4ad3950d210f",
"vulnerability--58d3f1b9-9c30-40d1-be38-4cbb950d210f",
"indicator--58d3f1d4-7d90-432f-bce8-9f00950d210f",
"indicator--58d3f215-52e4-4921-9c65-4148950d210f",
"indicator--58d3f216-fa90-473d-a5ad-4317950d210f",
"indicator--58d3f216-2680-420b-b4a5-4c3e950d210f",
"indicator--58d3f31e-584c-4e36-b11b-9f05950d210f",
"indicator--58d3f31f-77c0-471c-964e-9f05950d210f",
"indicator--58d3f320-b490-472a-8d6e-9f05950d210f",
"indicator--58d3f321-af4c-4e22-95dc-9f05950d210f",
"indicator--58d3f322-7a70-486b-832c-9f05950d210f",
"indicator--58d3f323-c51c-4588-88f0-9f05950d210f",
"indicator--58d3f324-92bc-4e9e-a8a2-9f05950d210f",
"indicator--58d3f325-399c-49a9-86f8-9f05950d210f",
"indicator--58d3f326-9274-450a-9c6e-9f05950d210f",
"indicator--58d3f327-7164-44cd-b6ad-9f05950d210f",
"indicator--58d3f328-4a48-4753-863b-9f05950d210f",
"indicator--58d3f329-1314-4c6e-80d7-9f05950d210f",
"indicator--58d3f32a-d554-4ab3-9424-9f05950d210f",
"indicator--58d3f32b-5c40-4ab8-8f75-9f05950d210f",
"indicator--58d3f32c-10f4-4610-9776-9f05950d210f",
"indicator--58d3f32c-c590-47d0-853a-9f05950d210f",
"indicator--58d3f32d-0d48-4d6b-9a69-9f05950d210f",
"indicator--58d3f32e-88ec-418f-8291-9f05950d210f",
"indicator--58d3f32f-0fd8-483a-b0c8-9f05950d210f",
"indicator--58d3f330-f0d8-4ff5-9a7b-9f05950d210f",
"indicator--58d3f331-270c-4dc5-a268-9f05950d210f",
"indicator--58d3f333-b78c-4a9f-8901-9f05950d210f",
"indicator--58d3f334-7b70-40ea-88f1-9f05950d210f",
"indicator--58d3f335-54d8-458e-9c35-9f05950d210f",
"indicator--58d3f336-8900-4a80-8725-9f05950d210f",
"indicator--58d3f337-f6b0-44b3-8f57-9f05950d210f",
"indicator--58d3f338-ac9c-4a92-9639-9f05950d210f",
"indicator--58d3f339-dfa0-445a-9326-9f05950d210f",
"indicator--58d3f33a-2da4-4c6d-bcfc-9f05950d210f",
"indicator--58d3f33b-b164-45b0-a296-9f05950d210f",
"indicator--58d3f33c-ceb0-4254-80f9-9f05950d210f",
"indicator--58d3f33d-747c-4cb7-b239-9f05950d210f",
"indicator--58d3f33e-2bd4-4888-9b1d-9f05950d210f",
"indicator--58d3f33e-13fc-4eaa-8585-9f05950d210f",
"indicator--58d3f340-22d0-4aa9-a348-9f05950d210f",
"indicator--58d3f341-ad58-491e-9823-9f05950d210f",
"indicator--58d3f342-1444-4e2b-8894-9f05950d210f",
"indicator--58d3f342-08e4-4880-994b-9f05950d210f",
"indicator--58d3f343-f908-4d8a-b069-9f05950d210f",
"indicator--58d3f344-5248-41b7-913e-9f05950d210f",
"indicator--58d3f345-d110-465c-9157-9f05950d210f",
"indicator--58d3f346-e8f0-4a49-bf46-9f05950d210f",
"indicator--58d3f347-9aec-48a4-9925-9f05950d210f",
"indicator--58d3f349-6d20-48eb-a4d3-9f05950d210f",
"indicator--58d3f34a-f088-4db4-a896-9f05950d210f",
"indicator--58d3f34b-b0fc-4ff5-9292-9f05950d210f",
"indicator--58d3f34c-94f0-42c0-ad4c-9f05950d210f",
"indicator--58d3f34d-41c8-468a-aed2-9f05950d210f",
"indicator--58d3f34e-c8b0-4027-8e04-9f05950d210f",
"indicator--58d3f34f-ff70-4a64-af22-9f05950d210f",
"indicator--58d3f350-76c8-4773-853d-9f05950d210f",
"indicator--58d3f351-0488-455f-8212-9f05950d210f",
"indicator--58d3f352-0284-4377-813c-9f05950d210f",
"indicator--58d3f353-6c24-4733-907a-9f05950d210f",
"indicator--58d3f354-7cf4-43bd-9dda-9f05950d210f",
"indicator--58d3f355-ae80-4eac-a39a-9f05950d210f",
"indicator--58d3f356-c4f4-4131-911e-9f05950d210f",
"indicator--58d3f357-1054-4699-9347-9f05950d210f",
"indicator--58d3f358-8c9c-44eb-b43d-9f05950d210f",
"indicator--58d3f359-94f0-479e-81ef-9f05950d210f",
"indicator--58d3f359-c348-4414-96d1-9f05950d210f",
"indicator--58d3f35a-b1e8-4ea8-85b1-9f05950d210f",
"indicator--58d3f473-41a8-43cb-b70e-9f0702de0b81",
"indicator--58d3f474-4948-431f-a3ab-9f0702de0b81",
"observed-data--58d3f475-09c4-4aec-8cd9-9f0702de0b81",
"url--58d3f475-09c4-4aec-8cd9-9f0702de0b81",
"indicator--58d3f476-cce8-4fca-ad70-9f0702de0b81",
"indicator--58d3f477-1068-4f6c-9653-9f0702de0b81",
"observed-data--58d3f477-bcdc-472e-8af9-9f0702de0b81",
"url--58d3f477-bcdc-472e-8af9-9f0702de0b81",
"indicator--58d3f478-906c-4c70-95aa-9f0702de0b81",
"indicator--58d3f479-e5f0-48e0-b87a-9f0702de0b81",
"observed-data--58d3f47a-5340-4d5c-b014-9f0702de0b81",
"url--58d3f47a-5340-4d5c-b014-9f0702de0b81",
"indicator--58d3f47b-7af0-404e-aa7e-9f0702de0b81",
"indicator--58d3f47c-e300-4575-8384-9f0702de0b81",
"observed-data--58d3f47d-06b8-4e6d-8e5c-9f0702de0b81",
"url--58d3f47d-06b8-4e6d-8e5c-9f0702de0b81",
"indicator--58d3f47e-46dc-4f6d-ab77-9f0702de0b81",
"indicator--58d3f47f-edac-4091-80a4-9f0702de0b81",
"observed-data--58d3f47f-02e8-4528-9d5d-9f0702de0b81",
"url--58d3f47f-02e8-4528-9d5d-9f0702de0b81",
"indicator--58d3f480-fd5c-492b-b65c-9f0702de0b81",
"indicator--58d3f481-5c70-4976-9427-9f0702de0b81",
"observed-data--58d3f482-95dc-4161-99f9-9f0702de0b81",
"url--58d3f482-95dc-4161-99f9-9f0702de0b81",
"indicator--58d3f483-15d4-47ba-9207-9f0702de0b81",
"indicator--58d3f484-fe38-437e-9200-9f0702de0b81",
"observed-data--58d3f485-6e70-4db3-9ed5-9f0702de0b81",
"url--58d3f485-6e70-4db3-9ed5-9f0702de0b81",
"indicator--58d3f486-dfa4-4833-ba6a-9f0702de0b81",
"indicator--58d3f487-3070-48cd-a586-9f0702de0b81",
"observed-data--58d3f488-91b4-4fbd-a83b-9f0702de0b81",
"url--58d3f488-91b4-4fbd-a83b-9f0702de0b81",
"indicator--58d3f489-c2d8-4596-815a-9f0702de0b81",
"indicator--58d3f489-a69c-4247-bcc0-9f0702de0b81",
"observed-data--58d3f48a-2f20-4536-8866-9f0702de0b81",
"url--58d3f48a-2f20-4536-8866-9f0702de0b81",
"indicator--58d3f48b-d194-42c9-af6d-9f0702de0b81",
"indicator--58d3f48c-bc18-45fe-b514-9f0702de0b81",
"observed-data--58d3f48d-ed58-4832-b2c9-9f0702de0b81",
"url--58d3f48d-ed58-4832-b2c9-9f0702de0b81",
"indicator--58d3f48e-a8d0-4a80-bb64-9f0702de0b81",
"indicator--58d3f48f-2188-4f91-a5ae-9f0702de0b81",
"observed-data--58d3f490-4c58-4735-bad2-9f0702de0b81",
"url--58d3f490-4c58-4735-bad2-9f0702de0b81",
"indicator--58d3f491-4ddc-4653-8342-9f0702de0b81",
"indicator--58d3f491-950c-4e31-98dd-9f0702de0b81",
"observed-data--58d3f492-19dc-486e-a83e-9f0702de0b81",
"url--58d3f492-19dc-486e-a83e-9f0702de0b81",
"indicator--58d3f493-ba20-472a-8e83-9f0702de0b81",
"indicator--58d3f494-2564-475f-8b0d-9f0702de0b81",
"observed-data--58d3f495-2b6c-40b4-9246-9f0702de0b81",
"url--58d3f495-2b6c-40b4-9246-9f0702de0b81",
"indicator--58d3f496-3e7c-470a-a837-9f0702de0b81",
"indicator--58d3f497-6fa0-46b6-9633-9f0702de0b81",
"observed-data--58d3f498-3080-4592-84bb-9f0702de0b81",
"url--58d3f498-3080-4592-84bb-9f0702de0b81",
"indicator--58d3f499-82e8-4f8c-8f08-9f0702de0b81",
"indicator--58d3f49a-881c-4000-9b66-9f0702de0b81",
"observed-data--58d3f49a-4320-40bb-9485-9f0702de0b81",
"url--58d3f49a-4320-40bb-9485-9f0702de0b81",
"indicator--58d3f49b-83b8-4712-8b2f-9f0702de0b81",
"indicator--58d3f49c-0310-4f19-81c5-9f0702de0b81",
"observed-data--58d3f49d-b5a0-4e7f-960b-9f0702de0b81",
"url--58d3f49d-b5a0-4e7f-960b-9f0702de0b81",
"indicator--58d3f49e-dcb8-4253-ad25-9f0702de0b81",
"indicator--58d3f49f-141c-4677-ba9b-9f0702de0b81",
"observed-data--58d3f4a0-b594-48ef-aaab-9f0702de0b81",
"url--58d3f4a0-b594-48ef-aaab-9f0702de0b81",
"indicator--58d3f4a1-63a8-4fc4-b21b-9f0702de0b81",
"indicator--58d3f4a2-9eb8-4698-bcbb-9f0702de0b81",
"observed-data--58d3f4a3-fa88-4ee5-b387-9f0702de0b81",
"url--58d3f4a3-fa88-4ee5-b387-9f0702de0b81",
"indicator--58d3f4a4-2408-4323-b129-9f0702de0b81",
"indicator--58d3f4a5-64e0-4c3d-9349-9f0702de0b81",
"observed-data--58d3f4a5-e470-42e1-b47d-9f0702de0b81",
"url--58d3f4a5-e470-42e1-b47d-9f0702de0b81",
"indicator--58d3f4a6-ba10-4ebc-afaf-9f0702de0b81",
"indicator--58d3f4a7-18cc-4ead-ba97-9f0702de0b81",
"observed-data--58d3f4a8-c578-407a-b8c7-9f0702de0b81",
"url--58d3f4a8-c578-407a-b8c7-9f0702de0b81",
"indicator--58d3f4a9-c780-4a64-9fd3-9f0702de0b81",
"indicator--58d3f4aa-e0cc-42f0-9616-9f0702de0b81",
"observed-data--58d3f4ab-4168-4134-95c5-9f0702de0b81",
"url--58d3f4ab-4168-4134-95c5-9f0702de0b81",
"indicator--58d3f4ac-c624-4a96-979d-9f0702de0b81",
"indicator--58d3f4ad-8f60-44ab-ae9b-9f0702de0b81",
"observed-data--58d3f4ae-20a0-473a-a4dd-9f0702de0b81",
"url--58d3f4ae-20a0-473a-a4dd-9f0702de0b81",
"indicator--58d3f4af-b314-4f41-818d-9f0702de0b81",
"indicator--58d3f4af-1274-4b40-941e-9f0702de0b81",
"observed-data--58d3f4b0-6334-4fce-9704-9f0702de0b81",
"url--58d3f4b0-6334-4fce-9704-9f0702de0b81",
"indicator--58d3f4b1-ba78-4b17-b845-9f0702de0b81",
"indicator--58d3f4b2-a248-4911-8f00-9f0702de0b81",
"observed-data--58d3f4b3-44bc-420e-a5d9-9f0702de0b81",
"url--58d3f4b3-44bc-420e-a5d9-9f0702de0b81",
"indicator--58d3f4b4-f8e4-4f2b-bf75-9f0702de0b81",
"indicator--58d3f4b5-9f10-4dc4-868c-9f0702de0b81",
"observed-data--58d3f4b6-6eac-4220-8615-9f0702de0b81",
"url--58d3f4b6-6eac-4220-8615-9f0702de0b81",
"indicator--58d3f4b7-2258-49ec-a7a8-9f0702de0b81",
"indicator--58d3f4b8-87cc-41aa-8300-9f0702de0b81",
"observed-data--58d3f4b8-42f8-4743-b13a-9f0702de0b81",
"url--58d3f4b8-42f8-4743-b13a-9f0702de0b81",
"indicator--58d3f4b9-c48c-460a-8ae7-9f0702de0b81",
"indicator--58d3f4ba-7820-495f-9320-9f0702de0b81",
"observed-data--58d3f4bb-d08c-4568-8ae9-9f0702de0b81",
"url--58d3f4bb-d08c-4568-8ae9-9f0702de0b81",
"indicator--58d3f4bc-a700-4b97-b45f-9f0702de0b81",
"indicator--58d3f4bd-e1bc-47c6-a589-9f0702de0b81",
"observed-data--58d3f4be-7f68-4a67-9d7d-9f0702de0b81",
"url--58d3f4be-7f68-4a67-9d7d-9f0702de0b81",
"indicator--58d3f4bf-fcf8-40cb-8b69-9f0702de0b81",
"indicator--58d3f4c0-2198-424d-b375-9f0702de0b81",
"observed-data--58d3f4c1-4074-453b-ab12-9f0702de0b81",
"url--58d3f4c1-4074-453b-ab12-9f0702de0b81",
"indicator--58d3f4c1-d398-4488-8c7a-9f0702de0b81",
"indicator--58d3f4c2-1f0c-4b35-b40e-9f0702de0b81",
"observed-data--58d3f4c3-d014-4bb3-9961-9f0702de0b81",
"url--58d3f4c3-d014-4bb3-9961-9f0702de0b81",
"indicator--58d3f4c4-ef20-4174-affe-9f0702de0b81",
"indicator--58d3f4c5-5984-466b-835e-9f0702de0b81",
"observed-data--58d3f4c6-301c-4652-88c8-9f0702de0b81",
"url--58d3f4c6-301c-4652-88c8-9f0702de0b81",
"indicator--58d3f4c7-5ed0-493a-b5d4-9f0702de0b81",
"indicator--58d3f4c8-78f0-4e7e-8900-9f0702de0b81",
"observed-data--58d3f4c9-8ea4-4eff-b81c-9f0702de0b81",
"url--58d3f4c9-8ea4-4eff-b81c-9f0702de0b81",
"indicator--58d3f4c9-987c-4761-8c25-9f0702de0b81",
"indicator--58d3f4ca-9818-4277-9a2e-9f0702de0b81",
"observed-data--58d3f4cb-0944-496d-95f3-9f0702de0b81",
"url--58d3f4cb-0944-496d-95f3-9f0702de0b81",
"indicator--58d3f4cc-bb1c-4496-ac1d-9f0702de0b81",
"indicator--58d3f4cd-bba4-4e73-b121-9f0702de0b81",
"observed-data--58d3f4ce-f8f0-485e-9bf2-9f0702de0b81",
"url--58d3f4ce-f8f0-485e-9bf2-9f0702de0b81",
"indicator--58d3f4cf-75bc-426d-966d-9f0702de0b81",
"indicator--58d3f4d0-5580-4826-a76c-9f0702de0b81",
"observed-data--58d3f4d1-5b1c-47c3-b2cd-9f0702de0b81",
"url--58d3f4d1-5b1c-47c3-b2cd-9f0702de0b81",
"indicator--58d3f4d2-9d24-427b-a00c-9f0702de0b81",
"indicator--58d3f4d2-9570-4a5e-bf21-9f0702de0b81",
"observed-data--58d3f4d3-357c-4605-8899-9f0702de0b81",
"url--58d3f4d3-357c-4605-8899-9f0702de0b81",
"indicator--58d3f4d4-34a4-4d48-a27e-9f0702de0b81",
"indicator--58d3f4d5-6c54-46fe-8da0-9f0702de0b81",
"observed-data--58d3f4d6-5dbc-4b36-8b92-9f0702de0b81",
"url--58d3f4d6-5dbc-4b36-8b92-9f0702de0b81",
"indicator--58d3f4d7-6668-4ec1-b0c8-9f0702de0b81",
"indicator--58d3f4d8-cd78-4ddc-b420-9f0702de0b81",
"observed-data--58d3f4d9-36f8-4b3a-8da1-9f0702de0b81",
"url--58d3f4d9-36f8-4b3a-8da1-9f0702de0b81",
"indicator--58d3f4da-f654-4570-b92e-9f0702de0b81",
"indicator--58d3f4da-9464-4464-960e-9f0702de0b81",
"observed-data--58d3f4db-4fa4-4638-ae46-9f0702de0b81",
"url--58d3f4db-4fa4-4638-ae46-9f0702de0b81",
"indicator--58d3f4dc-b564-4558-a522-9f0702de0b81",
"indicator--58d3f4dd-5b30-4672-983f-9f0702de0b81",
"observed-data--58d3f4de-675c-49be-bced-9f0702de0b81",
"url--58d3f4de-675c-49be-bced-9f0702de0b81",
"indicator--58d3f4df-d2ac-4989-8f5f-9f0702de0b81",
"indicator--58d3f4e0-144c-428b-97b6-9f0702de0b81",
"observed-data--58d3f4e1-e650-4b87-8236-9f0702de0b81",
"url--58d3f4e1-e650-4b87-8236-9f0702de0b81",
"indicator--58d3f4e2-2764-40dc-b738-9f0702de0b81",
"indicator--58d3f4e3-ac74-476c-88d7-9f0702de0b81",
"observed-data--58d3f4e3-f2b4-4df3-bd6e-9f0702de0b81",
"url--58d3f4e3-f2b4-4df3-bd6e-9f0702de0b81",
"indicator--58d3f4e4-f018-471c-a801-9f0702de0b81",
"indicator--58d3f4e5-d3f4-4911-869f-9f0702de0b81",
"observed-data--58d3f4e6-bf80-47f8-8c5c-9f0702de0b81",
"url--58d3f4e6-bf80-47f8-8c5c-9f0702de0b81",
"indicator--58d3f4e7-b39c-41b3-aa8d-9f0702de0b81",
"indicator--58d3f4e8-26c4-4601-b9e6-9f0702de0b81",
"observed-data--58d3f4e9-b10c-4c7f-9fd2-9f0702de0b81",
"url--58d3f4e9-b10c-4c7f-9fd2-9f0702de0b81",
"indicator--58d3f4ea-da6c-4472-a666-9f0702de0b81",
"indicator--58d3f4eb-893c-4586-b9a4-9f0702de0b81",
"observed-data--58d3f4eb-5e8c-44d4-be1a-9f0702de0b81",
"url--58d3f4eb-5e8c-44d4-be1a-9f0702de0b81",
"indicator--58d3f4ec-7f6c-41b6-acf8-9f0702de0b81",
"indicator--58d3f4ed-5990-40e4-a4eb-9f0702de0b81",
"observed-data--58d3f4ee-ef48-4469-b86b-9f0702de0b81",
"url--58d3f4ee-ef48-4469-b86b-9f0702de0b81",
"indicator--58d3f4ef-0ea0-4202-ae79-9f0702de0b81",
"indicator--58d3f4f0-39c4-4a31-bfd1-9f0702de0b81",
"observed-data--58d3f4f1-139c-435a-8449-9f0702de0b81",
"url--58d3f4f1-139c-435a-8449-9f0702de0b81",
"indicator--58d3f4f2-10ec-4801-b454-9f0702de0b81",
"indicator--58d3f4f3-7c50-4e58-b7b8-9f0702de0b81",
"observed-data--58d3f4f3-64f4-4432-b3f2-9f0702de0b81",
"url--58d3f4f3-64f4-4432-b3f2-9f0702de0b81",
"indicator--58d3f4f4-ce20-4e35-8a8a-9f0702de0b81",
"indicator--58d3f4f5-a34c-4abe-b6b1-9f0702de0b81",
"observed-data--58d3f4f6-d2e4-4f6c-b80a-9f0702de0b81",
"url--58d3f4f6-d2e4-4f6c-b80a-9f0702de0b81",
"indicator--58d3f4f7-ded4-4b80-b9bd-9f0702de0b81",
"indicator--58d3f4f8-295c-4535-b5ba-9f0702de0b81",
"observed-data--58d3f4f9-6a74-491b-b612-9f0702de0b81",
"url--58d3f4f9-6a74-491b-b612-9f0702de0b81",
"indicator--58d3f4fa-d49c-4cf7-a12c-9f0702de0b81",
"indicator--58d3f4fb-940c-43f8-a8d0-9f0702de0b81",
"observed-data--58d3f4fc-2318-4024-8936-9f0702de0b81",
"url--58d3f4fc-2318-4024-8936-9f0702de0b81",
"indicator--58d3f4fc-71d4-4903-b449-9f0702de0b81",
"indicator--58d3f4fd-f1b8-4e6a-9127-9f0702de0b81",
"observed-data--58d3f4fe-3c20-47e9-84f6-9f0702de0b81",
"url--58d3f4fe-3c20-47e9-84f6-9f0702de0b81",
"indicator--58d3f4ff-a5e0-4591-a3aa-9f0702de0b81",
"indicator--58d3f501-5324-4530-9b4e-9f0702de0b81",
"observed-data--58d3f501-ccc0-4b1a-b1e1-9f0702de0b81",
"url--58d3f501-ccc0-4b1a-b1e1-9f0702de0b81",
"indicator--58d3f502-0cac-478f-8b4f-9f0702de0b81",
"indicator--58d3f503-e688-4a36-8c4d-9f0702de0b81",
"observed-data--58d3f504-b188-4f0b-9c62-9f0702de0b81",
"url--58d3f504-b188-4f0b-9c62-9f0702de0b81",
"indicator--58d3f505-2ad4-47e3-b8a3-9f0702de0b81",
"indicator--58d3f506-1874-4fc6-84ab-9f0702de0b81",
"observed-data--58d3f507-5540-4cb3-8caa-9f0702de0b81",
"url--58d3f507-5540-4cb3-8caa-9f0702de0b81",
"indicator--58d3f508-819c-4057-bcae-9f0702de0b81",
"indicator--58d3f509-5704-4fc4-9282-9f0702de0b81",
"observed-data--58d3f509-33c8-4d34-91d4-9f0702de0b81",
"url--58d3f509-33c8-4d34-91d4-9f0702de0b81",
"indicator--58d3f50a-058c-45da-9e00-9f0702de0b81",
"indicator--58d3f50b-81e8-4afc-8781-9f0702de0b81",
"observed-data--58d3f50c-75c4-4850-87d5-9f0702de0b81",
"url--58d3f50c-75c4-4850-87d5-9f0702de0b81",
"indicator--58d3f50d-1954-46db-8799-9f0702de0b81",
"indicator--58d3f50e-d3b8-4dd0-b191-9f0702de0b81",
"observed-data--58d3f50f-9e10-4588-956b-9f0702de0b81",
"url--58d3f50f-9e10-4588-956b-9f0702de0b81",
"indicator--58d3f510-2d88-45fc-8e3c-9f0702de0b81",
"indicator--58d3f511-233c-45a7-8baa-9f0702de0b81",
"observed-data--58d3f511-5498-4ea5-ab36-9f0702de0b81",
"url--58d3f511-5498-4ea5-ab36-9f0702de0b81",
"indicator--58d3f512-ece8-4295-a27c-9f0702de0b81",
"indicator--58d3f513-7240-4980-b6f8-9f0702de0b81",
"observed-data--58d3f514-d40c-4065-b661-9f0702de0b81",
"url--58d3f514-d40c-4065-b661-9f0702de0b81",
"indicator--58d3f515-e7c0-45bc-91c2-9f0702de0b81",
"indicator--58d3f516-836c-442c-a32f-9f0702de0b81",
"observed-data--58d3f517-1164-4ebb-b531-9f0702de0b81",
"url--58d3f517-1164-4ebb-b531-9f0702de0b81",
"indicator--58d3f518-ae40-4b54-8a05-9f0702de0b81",
"indicator--58d3f519-f824-448b-bfbf-9f0702de0b81",
"observed-data--58d3f519-8b20-4235-ae02-9f0702de0b81",
"url--58d3f519-8b20-4235-ae02-9f0702de0b81",
"indicator--58d3f51a-de34-4885-885f-9f0702de0b81",
"indicator--58d3f51b-6944-4b48-99ea-9f0702de0b81",
"observed-data--58d3f51c-7490-49b5-9a64-9f0702de0b81",
"url--58d3f51c-7490-49b5-9a64-9f0702de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f0a2-7ec0-46c6-b8fb-3450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"first_observed": "2017-03-23T16:13:41Z",
"last_observed": "2017-03-23T16:13:41Z",
"number_observed": 1,
"object_refs": [
"url--58d3f0a2-7ec0-46c6-b8fb-3450950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f0a2-7ec0-46c6-b8fb-3450950d210f",
"value": "http://blog.talosintelligence.com/2017/03/how-malformed-rtf-defeats-security.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58d3f194-baf0-4e4d-8d20-4ad3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"admiralty-scale:source-reliability=\"b\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Talos has discovered a new spam campaign used to infect targets with the well known Loki Bot stealer. The infection vector is an RTF document abusing an old exploit (CVE-2012-1856), however the most interesting part is the effort put into the generation of the RTF. The document contains several malformations designed to defeat security engines and parsers. The attacker has gone out of their way to attempt to evade content inspection devices like AV or network security devices. According to VirusTotal, the initial detection rate of a malicious RTF document recovered from a recent spam campaign is only 3 out of 45 available engines.\r\n\r\nDespite the known vulnerability, many security products fail to identify the exploit because they are unable to correctly classify the RTF file format and scan the embedded OLE document within in the RTF. Even open-source parsers such as rtfobj.py from oletools have difficulties extracting the embedded OLE:"
},
{
"type": "vulnerability",
"spec_version": "2.1",
"id": "vulnerability--58d3f1b9-9c30-40d1-be38-4cbb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"name": "CVE-2012-1856",
"labels": [
"misp:type=\"vulnerability\"",
"misp:category=\"Payload delivery\""
],
"external_references": [
{
"source_name": "cve",
"external_id": "CVE-2012-1856"
}
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f1d4-7d90-432f-bce8-9f00950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"pattern": "[url:value = 'http://paneltestghelp.xyz:80/eval/server/readonly/fre.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f215-52e4-4921-9c65-4148950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "dropped executables",
"pattern": "[file:hashes.SHA256 = 'da1a6747a3329c3a317d4bd7ecf029e89bd76192075f84834563103a54bac968']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f216-fa90-473d-a5ad-4317950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "dropped executables",
"pattern": "[file:hashes.SHA256 = '2e65f8fc7901505dd4225ec66cca0ef308f2b6fbe48d37f5055775854bf7a5f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f216-2680-420b-b4a5-4c3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "dropped executables",
"pattern": "[file:hashes.SHA256 = 'a3c3abcd461d00e1f928e375770e39e3a33f719d7287a2fee661d82ce8de1c56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f31e-584c-4e36-b11b-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '7b684ad97bb9f5093e5cfb100352ad2f0ec3dfce63232207daf0aa736d6438c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f31f-77c0-471c-964e-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '14a6e04a60b1bb5f4d0fb3fffa240b7b34bf9c0b8504da19caeb31182510c139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f320-b490-472a-8d6e-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '1ae6aa92ce8ee9a2ab78631663fa5a9bdcc14490c4c5fe799b41d26455b5b696']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f321-af4c-4e22-95dc-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '4f2c10b64d4f4b56d56b5a271331c92484b6ddf8c4eb9f56669ed60545a4c06d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f322-7a70-486b-832c-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'b1da2cb4fcee52cdc94c06325c339ac11a3fb1e399e1ed5a2a55107f5f64867f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f323-c51c-4588-88f0-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '41c4483cfcc0b5a10504aa137ec3824d139663b7ec318d5e1fb6c9f5db8af8f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f324-92bc-4e9e-a8a2-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'f07f87ab68482d329eeac5525ea5f189bcd720d2b2d149db61ab81ae04be957a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f325-399c-49a9-86f8-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'be81741ae3c7c2c5000785a2573c901068a2906054690ac22119ac794aa9e8e2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f326-9274-450a-9c6e-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'cd16e420fbc39b63de93198cdb1265c1bfe83119c7d4d75d5501465cdd0847f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f327-7164-44cd-b6ad-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'b330fadeb337e9fb5aa9f8046462e3d1d418946fd6237bc252a80a2d4fb2fff7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f328-4a48-4753-863b-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '629d1afbedd7cc082549d5c3fc3926b6b4e55abc3c07f8d994a791893a2fd530']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f329-1314-4c6e-80d7-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '9f48ce01ac99033c03e9aa983c09fa273eae0e168e55de8cc364311ae4fc88b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f32a-d554-4ab3-9424-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'dd783bcdbc81bc605cf07545a01273596d4e51b198874253815069cd6708b2fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f32b-5c40-4ab8-8f75-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '59011fa80db84cea54bc6ec7f7bc689d916f04e8df9950b259ad524142225731']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f32c-10f4-4610-9776-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '7aa0abedd75c46680ac65814d9433a04bb9f6bc6f094d66cc33a918f32dcb2fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f32c-c590-47d0-853a-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'ad3af8a7ab469fa930d0873475214c3160f52b17c06f296d6ce9cc6fc92e8a79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f32d-0d48-4d6b-9a69-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '89a1264bd7facf02d48aff46724a0215c2fb1974d06451cebefdb2ea7ea9a71a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f32e-88ec-418f-8291-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'c53bf11adb48a00393c30a0902716e0088f650750349f5966ba3b60a0fa17487']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f32f-0fd8-483a-b0c8-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '4a7d6c770c5fdbb32534b535efe0324e3bc25a8bcd3551b7fe0ff3610ee81299']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f330-f0d8-4ff5-9a7b-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '6077c3ed4dc67526f89b2c59fc16b389530a73b326f63fff17ae7c824b7770fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f331-270c-4dc5-a268-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '11836837753c754997adf8ccf4fa8ba824e57725f56fbcd3b0d903e1fa30ac5b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f333-b78c-4a9f-8901-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '737d1468b20dc39300bc2be38285b6482940d2be9ae59b7dc984cf4dc6d82053']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f334-7b70-40ea-88f1-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '415b9e72811cd7c50366d9c9038df02fe3bbfc6446ef42b099d85ea576fbd35d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f335-54d8-458e-9c35-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '84a2ded87681e65be35994ea26f4b2287e52438bbeebaac784c291196a6f94c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f336-8900-4a80-8725-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '9c62f4947a572356f43f71fb55f2b702b78c2e1688c67eff89c36da50137ed21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f337-f6b0-44b3-8f57-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'c201e4bb7b68b4655ab7ac85c8a7c93abe2238ec3d24914d86e8a543b6c6abbd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f338-ac9c-4a92-9639-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '17ae8d128938131ebc944f5d77be7009fd05c8831f88ef3558cc9c00f0633f97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f339-dfa0-445a-9326-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'dbc97df1e5036ac572d8a247a6b073ab1f1dabd20676443598135c6743534028']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f33a-2da4-4c6d-bcfc-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '79316e4c2601a5721d5d6ada0f152790ad44aa9ac5badf17e12c7825fb1f46aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f33b-b164-45b0-a296-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'a406f0208c914ff28f8e30eda539acb6abd23bbdecf704be4b77615a27f62e8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f33c-ceb0-4254-80f9-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '552fe8b5fd175822d4479552078331dbfb16881fea9514377a802f3cce87ac02']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f33d-747c-4cb7-b239-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '27290fd934092cf1ca2a242e6847665a16771376af8f5c81ef1c851463e77709']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f33e-2bd4-4888-9b1d-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '66de8e2f1d5ebbf3f8c511d5cd6394e24be3c694e78d614dfe703f8aa198906f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f33e-13fc-4eaa-8585-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'a0e529ed847b78fd68a871688a7e99e6abc87295c671a3e2d02a61a1e04f5ce9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f340-22d0-4aa9-a348-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '5c1db6ce5989645bbc8cb8489dee2fb99eba7b4093eaad96cd5a6c692a53c245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f341-ad58-491e-9823-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'c343e92d30c1374c631efa8cf612faf5567e8bd66330e1ff58ac9296c3373304']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f342-1444-4e2b-8894-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'ecc9526b380bd109dbcb3d9c4635c1866234d302658758d6ecf4e927a12af9a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f342-08e4-4880-994b-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '450b2d6741a452d3bff491fb3a40ec8e29cbaf24fb1b400863efe1a7f920543e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f343-f908-4d8a-b069-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '99a3939d654e4c424dcf33fbc18c7568d1030981ad1ae8f2a6da2966efbff669']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f344-5248-41b7-913e-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'e7fc4527e4cb65e05069b871e06226ce9c9669649ed9cfbad2dcb41cdd9fe94c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f345-d110-465c-9157-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '1d73428619f69cbdfc5158f1682cc304ba6af2a0b425244bcd8c2c432d4a50d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f346-e8f0-4a49-bf46-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'cbb58841ef2179e52fcfb918d085503ccf4482014fa1f0714e11fd667de974a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f347-9aec-48a4-9925-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '44583aca68ce734bccc79d28f666bdc81a1436c257f035875df15a82f35e6910']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f349-6d20-48eb-a4d3-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '5872ec86add4892f061cc1fd2478da098645876d0b13d3ce3e789f526c5b8ec8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f34a-f088-4db4-a896-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '9eb85367bd59854ccd7b8e13a22deec92bbe746a5de83820d7265055f96da40f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f34b-b0fc-4ff5-9292-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '6d33cd5b7cfcc4a55583adbf75f578d71d6aa572e93c5a7392ece4dc8204d0f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f34c-94f0-42c0-ad4c-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '4d46087599b246cd297883341859561b3b1794419c704b167a28c7891ff5d7b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f34d-41c8-468a-aed2-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '7c5337250b6a1ede2472e4acc74366e8a425eaf2c36e3805d36200ad560d0feb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f34e-c8b0-4027-8e04-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'bc4f30177538628f93d57ae1e59859c50409afefe133956ec801c040ab9253f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f34f-ff70-4a64-af22-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '726f170f13b9a24d409c0c4fbf0a14aff0f3cd1662762230bfaf7a8822257880']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f350-76c8-4773-853d-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '885877989df73bafd087f7c689eedfa5e2fe3620ab62d6ff57a3394702761751']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f351-0488-455f-8212-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '9f40662ebbd3a848219aa47c149c174c292cea5e62dcc0bd26f12e1bf5ba7d7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f352-0284-4377-813c-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '0882c8a38ca485fe9763b0c0c7c5a22c330cebe86101a9e1ffa5a70c4f58faac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f353-6c24-4733-907a-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '156cbbb25240e246a2340e1bca1692b7110277bac30f76dcacd48dd5f2042caa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f354-7cf4-43bd-9dda-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'a28c3c075ecfb982e6e3cb237c0eab1308f023e7bcf207d0fd1f2b4f29791074']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f355-ae80-4eac-a39a-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'e5de4a14367d1a7b599d7afae07aa66c63941238ff25f4f17dea54db6d8ac350']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f356-c4f4-4131-911e-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '5d6b52287f4fdefe0621d9fadd83b0531f56811937b023ce49e426e320b372f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f357-1054-4699-9347-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '599a60601345bf8fc05f27d35f3c3f2ed80b6e7890d5f33a57f75c09a089356a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f358-8c9c-44eb-b43d-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '194549b3fd0be8a701b8433db1b2cff396a4492c342632fa22d6af89570eff46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f359-94f0-479e-81ef-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '673f9469ff150c8c821ea3b5b1cda8175d09719fbd7d1359d334dbf17f74adbe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f359-c348-4414-96d1-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = 'f81be30a7d6792e59f5a0ade225472042c9eb9bf59b03f67e85b0642c16e59ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f35a-b1e8-4ea8-85b1-9f05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:13:41.000Z",
"modified": "2017-03-23T16:13:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format:",
"pattern": "[file:hashes.SHA256 = '5957fe5e38f2b2530569e21f040a92b1fb36816b6d5187d8a0ecf0ba84f36519']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:13:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f473-41a8-43cb-b70e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:43.000Z",
"modified": "2017-03-23T16:14:43.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5957fe5e38f2b2530569e21f040a92b1fb36816b6d5187d8a0ecf0ba84f36519",
"pattern": "[file:hashes.SHA1 = '8f7850d8bfe42451aaf632e36734d2f06e42ca51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f474-4948-431f-a3ab-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:44.000Z",
"modified": "2017-03-23T16:14:44.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5957fe5e38f2b2530569e21f040a92b1fb36816b6d5187d8a0ecf0ba84f36519",
"pattern": "[file:hashes.MD5 = '9e204cd2ff089fb2e9d4cbdc013168f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f475-09c4-4aec-8cd9-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:45.000Z",
"modified": "2017-03-23T16:14:45.000Z",
"first_observed": "2017-03-23T16:14:45Z",
"last_observed": "2017-03-23T16:14:45Z",
"number_observed": 1,
"object_refs": [
"url--58d3f475-09c4-4aec-8cd9-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f475-09c4-4aec-8cd9-9f0702de0b81",
"value": "https://www.virustotal.com/file/5957fe5e38f2b2530569e21f040a92b1fb36816b6d5187d8a0ecf0ba84f36519/analysis/1487240495/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f476-cce8-4fca-ad70-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:46.000Z",
"modified": "2017-03-23T16:14:46.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: f81be30a7d6792e59f5a0ade225472042c9eb9bf59b03f67e85b0642c16e59ce",
"pattern": "[file:hashes.SHA1 = 'b74554d4b0dd17d4b6f752303c606c6db7d491ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f477-1068-4f6c-9653-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:47.000Z",
"modified": "2017-03-23T16:14:47.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: f81be30a7d6792e59f5a0ade225472042c9eb9bf59b03f67e85b0642c16e59ce",
"pattern": "[file:hashes.MD5 = '2ddc4bcef5703502ee4732ccb0fcc6b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f477-bcdc-472e-8af9-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:47.000Z",
"modified": "2017-03-23T16:14:47.000Z",
"first_observed": "2017-03-23T16:14:47Z",
"last_observed": "2017-03-23T16:14:47Z",
"number_observed": 1,
"object_refs": [
"url--58d3f477-bcdc-472e-8af9-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f477-bcdc-472e-8af9-9f0702de0b81",
"value": "https://www.virustotal.com/file/f81be30a7d6792e59f5a0ade225472042c9eb9bf59b03f67e85b0642c16e59ce/analysis/1490260467/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f478-906c-4c70-95aa-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:48.000Z",
"modified": "2017-03-23T16:14:48.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 194549b3fd0be8a701b8433db1b2cff396a4492c342632fa22d6af89570eff46",
"pattern": "[file:hashes.SHA1 = 'a414e57a7f6dc810634cd74e31523c897cebcade']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f479-e5f0-48e0-b87a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:49.000Z",
"modified": "2017-03-23T16:14:49.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 194549b3fd0be8a701b8433db1b2cff396a4492c342632fa22d6af89570eff46",
"pattern": "[file:hashes.MD5 = 'b83a4559bc8f56ba70e54854f7151833']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f47a-5340-4d5c-b014-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:50.000Z",
"modified": "2017-03-23T16:14:50.000Z",
"first_observed": "2017-03-23T16:14:50Z",
"last_observed": "2017-03-23T16:14:50Z",
"number_observed": 1,
"object_refs": [
"url--58d3f47a-5340-4d5c-b014-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f47a-5340-4d5c-b014-9f0702de0b81",
"value": "https://www.virustotal.com/file/194549b3fd0be8a701b8433db1b2cff396a4492c342632fa22d6af89570eff46/analysis/1489752432/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f47b-7af0-404e-aa7e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:51.000Z",
"modified": "2017-03-23T16:14:51.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 599a60601345bf8fc05f27d35f3c3f2ed80b6e7890d5f33a57f75c09a089356a",
"pattern": "[file:hashes.SHA1 = '9acb08a11da72f26f9411685ae68681689ddf0ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f47c-e300-4575-8384-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:52.000Z",
"modified": "2017-03-23T16:14:52.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 599a60601345bf8fc05f27d35f3c3f2ed80b6e7890d5f33a57f75c09a089356a",
"pattern": "[file:hashes.MD5 = 'ce581d3b871320a9fad4105baffc1d6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f47d-06b8-4e6d-8e5c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:53.000Z",
"modified": "2017-03-23T16:14:53.000Z",
"first_observed": "2017-03-23T16:14:53Z",
"last_observed": "2017-03-23T16:14:53Z",
"number_observed": 1,
"object_refs": [
"url--58d3f47d-06b8-4e6d-8e5c-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f47d-06b8-4e6d-8e5c-9f0702de0b81",
"value": "https://www.virustotal.com/file/599a60601345bf8fc05f27d35f3c3f2ed80b6e7890d5f33a57f75c09a089356a/analysis/1488980041/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f47e-46dc-4f6d-ab77-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:54.000Z",
"modified": "2017-03-23T16:14:54.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5d6b52287f4fdefe0621d9fadd83b0531f56811937b023ce49e426e320b372f5",
"pattern": "[file:hashes.SHA1 = '4b58c0437799f442f22a162cad2989eace61b8ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f47f-edac-4091-80a4-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:55.000Z",
"modified": "2017-03-23T16:14:55.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5d6b52287f4fdefe0621d9fadd83b0531f56811937b023ce49e426e320b372f5",
"pattern": "[file:hashes.MD5 = 'efb3eb8e8c4c0061b3aa41f059376d0e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f47f-02e8-4528-9d5d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:55.000Z",
"modified": "2017-03-23T16:14:55.000Z",
"first_observed": "2017-03-23T16:14:55Z",
"last_observed": "2017-03-23T16:14:55Z",
"number_observed": 1,
"object_refs": [
"url--58d3f47f-02e8-4528-9d5d-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f47f-02e8-4528-9d5d-9f0702de0b81",
"value": "https://www.virustotal.com/file/5d6b52287f4fdefe0621d9fadd83b0531f56811937b023ce49e426e320b372f5/analysis/1489722634/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f480-fd5c-492b-b65c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:56.000Z",
"modified": "2017-03-23T16:14:56.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: e5de4a14367d1a7b599d7afae07aa66c63941238ff25f4f17dea54db6d8ac350",
"pattern": "[file:hashes.SHA1 = '3b730baed16931a4f3734755d3c235ea941d93fa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f481-5c70-4976-9427-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:57.000Z",
"modified": "2017-03-23T16:14:57.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: e5de4a14367d1a7b599d7afae07aa66c63941238ff25f4f17dea54db6d8ac350",
"pattern": "[file:hashes.MD5 = '54506270b7e558f783fff7b6cb33c118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f482-95dc-4161-99f9-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:58.000Z",
"modified": "2017-03-23T16:14:58.000Z",
"first_observed": "2017-03-23T16:14:58Z",
"last_observed": "2017-03-23T16:14:58Z",
"number_observed": 1,
"object_refs": [
"url--58d3f482-95dc-4161-99f9-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f482-95dc-4161-99f9-9f0702de0b81",
"value": "https://www.virustotal.com/file/e5de4a14367d1a7b599d7afae07aa66c63941238ff25f4f17dea54db6d8ac350/analysis/1490174058/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f483-15d4-47ba-9207-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:14:59.000Z",
"modified": "2017-03-23T16:14:59.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: a28c3c075ecfb982e6e3cb237c0eab1308f023e7bcf207d0fd1f2b4f29791074",
"pattern": "[file:hashes.SHA1 = 'fb1121a40ad44d1992af96a89803d93b9f2238af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:14:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f484-fe38-437e-9200-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:00.000Z",
"modified": "2017-03-23T16:15:00.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: a28c3c075ecfb982e6e3cb237c0eab1308f023e7bcf207d0fd1f2b4f29791074",
"pattern": "[file:hashes.MD5 = '432bc47556733fc6430556191013f817']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f485-6e70-4db3-9ed5-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:01.000Z",
"modified": "2017-03-23T16:15:01.000Z",
"first_observed": "2017-03-23T16:15:01Z",
"last_observed": "2017-03-23T16:15:01Z",
"number_observed": 1,
"object_refs": [
"url--58d3f485-6e70-4db3-9ed5-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f485-6e70-4db3-9ed5-9f0702de0b81",
"value": "https://www.virustotal.com/file/a28c3c075ecfb982e6e3cb237c0eab1308f023e7bcf207d0fd1f2b4f29791074/analysis/1489656320/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f486-dfa4-4833-ba6a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:02.000Z",
"modified": "2017-03-23T16:15:02.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 156cbbb25240e246a2340e1bca1692b7110277bac30f76dcacd48dd5f2042caa",
"pattern": "[file:hashes.SHA1 = '52594e603c08626f8198804b47c0f33b5a487c5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f487-3070-48cd-a586-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:03.000Z",
"modified": "2017-03-23T16:15:03.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 156cbbb25240e246a2340e1bca1692b7110277bac30f76dcacd48dd5f2042caa",
"pattern": "[file:hashes.MD5 = '9e4a4e881981fdeadcbf3b538d757a08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f488-91b4-4fbd-a83b-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:04.000Z",
"modified": "2017-03-23T16:15:04.000Z",
"first_observed": "2017-03-23T16:15:04Z",
"last_observed": "2017-03-23T16:15:04Z",
"number_observed": 1,
"object_refs": [
"url--58d3f488-91b4-4fbd-a83b-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f488-91b4-4fbd-a83b-9f0702de0b81",
"value": "https://www.virustotal.com/file/156cbbb25240e246a2340e1bca1692b7110277bac30f76dcacd48dd5f2042caa/analysis/1487800971/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f489-c2d8-4596-815a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:05.000Z",
"modified": "2017-03-23T16:15:05.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 0882c8a38ca485fe9763b0c0c7c5a22c330cebe86101a9e1ffa5a70c4f58faac",
"pattern": "[file:hashes.SHA1 = '6d53c60a5ccb6ed9282863979e34dfc18ca2bd22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f489-a69c-4247-bcc0-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:05.000Z",
"modified": "2017-03-23T16:15:05.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 0882c8a38ca485fe9763b0c0c7c5a22c330cebe86101a9e1ffa5a70c4f58faac",
"pattern": "[file:hashes.MD5 = '14c93af313c1c96c57c23b88572f6cc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f48a-2f20-4536-8866-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:06.000Z",
"modified": "2017-03-23T16:15:06.000Z",
"first_observed": "2017-03-23T16:15:06Z",
"last_observed": "2017-03-23T16:15:06Z",
"number_observed": 1,
"object_refs": [
"url--58d3f48a-2f20-4536-8866-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f48a-2f20-4536-8866-9f0702de0b81",
"value": "https://www.virustotal.com/file/0882c8a38ca485fe9763b0c0c7c5a22c330cebe86101a9e1ffa5a70c4f58faac/analysis/1487737901/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f48b-d194-42c9-af6d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:07.000Z",
"modified": "2017-03-23T16:15:07.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9f40662ebbd3a848219aa47c149c174c292cea5e62dcc0bd26f12e1bf5ba7d7c",
"pattern": "[file:hashes.SHA1 = '3b20c41374a6e5ae04600c6cc248e7ebaa47d8af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f48c-bc18-45fe-b514-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:08.000Z",
"modified": "2017-03-23T16:15:08.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9f40662ebbd3a848219aa47c149c174c292cea5e62dcc0bd26f12e1bf5ba7d7c",
"pattern": "[file:hashes.MD5 = 'b4525dae66b645664212c44b2325777d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f48d-ed58-4832-b2c9-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:09.000Z",
"modified": "2017-03-23T16:15:09.000Z",
"first_observed": "2017-03-23T16:15:09Z",
"last_observed": "2017-03-23T16:15:09Z",
"number_observed": 1,
"object_refs": [
"url--58d3f48d-ed58-4832-b2c9-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f48d-ed58-4832-b2c9-9f0702de0b81",
"value": "https://www.virustotal.com/file/9f40662ebbd3a848219aa47c149c174c292cea5e62dcc0bd26f12e1bf5ba7d7c/analysis/1490199819/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f48e-a8d0-4a80-bb64-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:10.000Z",
"modified": "2017-03-23T16:15:10.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 885877989df73bafd087f7c689eedfa5e2fe3620ab62d6ff57a3394702761751",
"pattern": "[file:hashes.SHA1 = '245961eb098174ab176cb042e1d195c5ff8e1c57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f48f-2188-4f91-a5ae-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:11.000Z",
"modified": "2017-03-23T16:15:11.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 885877989df73bafd087f7c689eedfa5e2fe3620ab62d6ff57a3394702761751",
"pattern": "[file:hashes.MD5 = 'b4e93af7aa9c0c6c4231f8d62e56b904']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f490-4c58-4735-bad2-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:12.000Z",
"modified": "2017-03-23T16:15:12.000Z",
"first_observed": "2017-03-23T16:15:12Z",
"last_observed": "2017-03-23T16:15:12Z",
"number_observed": 1,
"object_refs": [
"url--58d3f490-4c58-4735-bad2-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f490-4c58-4735-bad2-9f0702de0b81",
"value": "https://www.virustotal.com/file/885877989df73bafd087f7c689eedfa5e2fe3620ab62d6ff57a3394702761751/analysis/1489710082/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f491-4ddc-4653-8342-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:13.000Z",
"modified": "2017-03-23T16:15:13.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 726f170f13b9a24d409c0c4fbf0a14aff0f3cd1662762230bfaf7a8822257880",
"pattern": "[file:hashes.SHA1 = '248d77facd849c606a09afa3ed23a53c94f49868']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f491-950c-4e31-98dd-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:13.000Z",
"modified": "2017-03-23T16:15:13.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 726f170f13b9a24d409c0c4fbf0a14aff0f3cd1662762230bfaf7a8822257880",
"pattern": "[file:hashes.MD5 = 'c5197060f32efe8f06fbdacd1f7ccc6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f492-19dc-486e-a83e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:14.000Z",
"modified": "2017-03-23T16:15:14.000Z",
"first_observed": "2017-03-23T16:15:14Z",
"last_observed": "2017-03-23T16:15:14Z",
"number_observed": 1,
"object_refs": [
"url--58d3f492-19dc-486e-a83e-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f492-19dc-486e-a83e-9f0702de0b81",
"value": "https://www.virustotal.com/file/726f170f13b9a24d409c0c4fbf0a14aff0f3cd1662762230bfaf7a8822257880/analysis/1489105110/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f493-ba20-472a-8e83-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:15.000Z",
"modified": "2017-03-23T16:15:15.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: bc4f30177538628f93d57ae1e59859c50409afefe133956ec801c040ab9253f5",
"pattern": "[file:hashes.SHA1 = '4335311c55cfdd75b8577fd59aec688461805f00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f494-2564-475f-8b0d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:16.000Z",
"modified": "2017-03-23T16:15:16.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: bc4f30177538628f93d57ae1e59859c50409afefe133956ec801c040ab9253f5",
"pattern": "[file:hashes.MD5 = '4e71b67ada100e0e9a2be1303e97053c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f495-2b6c-40b4-9246-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:17.000Z",
"modified": "2017-03-23T16:15:17.000Z",
"first_observed": "2017-03-23T16:15:17Z",
"last_observed": "2017-03-23T16:15:17Z",
"number_observed": 1,
"object_refs": [
"url--58d3f495-2b6c-40b4-9246-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f495-2b6c-40b4-9246-9f0702de0b81",
"value": "https://www.virustotal.com/file/bc4f30177538628f93d57ae1e59859c50409afefe133956ec801c040ab9253f5/analysis/1490018428/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f496-3e7c-470a-a837-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:18.000Z",
"modified": "2017-03-23T16:15:18.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 7c5337250b6a1ede2472e4acc74366e8a425eaf2c36e3805d36200ad560d0feb",
"pattern": "[file:hashes.SHA1 = 'c884caa2af7e60989b4ea5be649a894b09cff14b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f497-6fa0-46b6-9633-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:19.000Z",
"modified": "2017-03-23T16:15:19.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 7c5337250b6a1ede2472e4acc74366e8a425eaf2c36e3805d36200ad560d0feb",
"pattern": "[file:hashes.MD5 = '91723d3297db56d27f76f11c22465d57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f498-3080-4592-84bb-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:20.000Z",
"modified": "2017-03-23T16:15:20.000Z",
"first_observed": "2017-03-23T16:15:20Z",
"last_observed": "2017-03-23T16:15:20Z",
"number_observed": 1,
"object_refs": [
"url--58d3f498-3080-4592-84bb-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f498-3080-4592-84bb-9f0702de0b81",
"value": "https://www.virustotal.com/file/7c5337250b6a1ede2472e4acc74366e8a425eaf2c36e3805d36200ad560d0feb/analysis/1489081066/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f499-82e8-4f8c-8f08-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:21.000Z",
"modified": "2017-03-23T16:15:21.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 4d46087599b246cd297883341859561b3b1794419c704b167a28c7891ff5d7b1",
"pattern": "[file:hashes.SHA1 = 'fbe3fd88576d2235d66ad349245c3cfc1ff6efb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f49a-881c-4000-9b66-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:22.000Z",
"modified": "2017-03-23T16:15:22.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 4d46087599b246cd297883341859561b3b1794419c704b167a28c7891ff5d7b1",
"pattern": "[file:hashes.MD5 = '376cd33189c74cd3213b6ebf58bedd9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f49a-4320-40bb-9485-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:22.000Z",
"modified": "2017-03-23T16:15:22.000Z",
"first_observed": "2017-03-23T16:15:22Z",
"last_observed": "2017-03-23T16:15:22Z",
"number_observed": 1,
"object_refs": [
"url--58d3f49a-4320-40bb-9485-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f49a-4320-40bb-9485-9f0702de0b81",
"value": "https://www.virustotal.com/file/4d46087599b246cd297883341859561b3b1794419c704b167a28c7891ff5d7b1/analysis/1490178042/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f49b-83b8-4712-8b2f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:23.000Z",
"modified": "2017-03-23T16:15:23.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 6d33cd5b7cfcc4a55583adbf75f578d71d6aa572e93c5a7392ece4dc8204d0f8",
"pattern": "[file:hashes.SHA1 = 'b78dcc00427ab7562330a9fe1345d2f0c579856a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f49c-0310-4f19-81c5-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:24.000Z",
"modified": "2017-03-23T16:15:24.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 6d33cd5b7cfcc4a55583adbf75f578d71d6aa572e93c5a7392ece4dc8204d0f8",
"pattern": "[file:hashes.MD5 = '6f989159f08f3bdee9ddf5aa66a77f38']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f49d-b5a0-4e7f-960b-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:25.000Z",
"modified": "2017-03-23T16:15:25.000Z",
"first_observed": "2017-03-23T16:15:25Z",
"last_observed": "2017-03-23T16:15:25Z",
"number_observed": 1,
"object_refs": [
"url--58d3f49d-b5a0-4e7f-960b-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f49d-b5a0-4e7f-960b-9f0702de0b81",
"value": "https://www.virustotal.com/file/6d33cd5b7cfcc4a55583adbf75f578d71d6aa572e93c5a7392ece4dc8204d0f8/analysis/1490245613/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f49e-dcb8-4253-ad25-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:26.000Z",
"modified": "2017-03-23T16:15:26.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9eb85367bd59854ccd7b8e13a22deec92bbe746a5de83820d7265055f96da40f",
"pattern": "[file:hashes.SHA1 = '953d32f490475fe04e1e07e5cef415297ae3a864']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f49f-141c-4677-ba9b-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:27.000Z",
"modified": "2017-03-23T16:15:27.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9eb85367bd59854ccd7b8e13a22deec92bbe746a5de83820d7265055f96da40f",
"pattern": "[file:hashes.MD5 = '9181db58d9145fb1ccc32ea4667fc226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4a0-b594-48ef-aaab-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:28.000Z",
"modified": "2017-03-23T16:15:28.000Z",
"first_observed": "2017-03-23T16:15:28Z",
"last_observed": "2017-03-23T16:15:28Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4a0-b594-48ef-aaab-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4a0-b594-48ef-aaab-9f0702de0b81",
"value": "https://www.virustotal.com/file/9eb85367bd59854ccd7b8e13a22deec92bbe746a5de83820d7265055f96da40f/analysis/1489660837/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4a1-63a8-4fc4-b21b-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:29.000Z",
"modified": "2017-03-23T16:15:29.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5872ec86add4892f061cc1fd2478da098645876d0b13d3ce3e789f526c5b8ec8",
"pattern": "[file:hashes.SHA1 = 'b8d6186dbbce77bc264c004fbbd6adfb1ec8fb50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4a2-9eb8-4698-bcbb-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:30.000Z",
"modified": "2017-03-23T16:15:30.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5872ec86add4892f061cc1fd2478da098645876d0b13d3ce3e789f526c5b8ec8",
"pattern": "[file:hashes.MD5 = 'ee35461e320213caf8308bd5416d525c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4a3-fa88-4ee5-b387-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:31.000Z",
"modified": "2017-03-23T16:15:31.000Z",
"first_observed": "2017-03-23T16:15:31Z",
"last_observed": "2017-03-23T16:15:31Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4a3-fa88-4ee5-b387-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4a3-fa88-4ee5-b387-9f0702de0b81",
"value": "https://www.virustotal.com/file/5872ec86add4892f061cc1fd2478da098645876d0b13d3ce3e789f526c5b8ec8/analysis/1487038202/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4a4-2408-4323-b129-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:32.000Z",
"modified": "2017-03-23T16:15:32.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 44583aca68ce734bccc79d28f666bdc81a1436c257f035875df15a82f35e6910",
"pattern": "[file:hashes.SHA1 = '81cf84c5f699f618b681a7df64c7b1191db38359']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4a5-64e0-4c3d-9349-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:33.000Z",
"modified": "2017-03-23T16:15:33.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 44583aca68ce734bccc79d28f666bdc81a1436c257f035875df15a82f35e6910",
"pattern": "[file:hashes.MD5 = '0ea4ea09627484cfe037000b1da47e84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4a5-e470-42e1-b47d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:33.000Z",
"modified": "2017-03-23T16:15:33.000Z",
"first_observed": "2017-03-23T16:15:33Z",
"last_observed": "2017-03-23T16:15:33Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4a5-e470-42e1-b47d-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4a5-e470-42e1-b47d-9f0702de0b81",
"value": "https://www.virustotal.com/file/44583aca68ce734bccc79d28f666bdc81a1436c257f035875df15a82f35e6910/analysis/1486569365/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4a6-ba10-4ebc-afaf-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:34.000Z",
"modified": "2017-03-23T16:15:34.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: cbb58841ef2179e52fcfb918d085503ccf4482014fa1f0714e11fd667de974a0",
"pattern": "[file:hashes.SHA1 = 'acd37c026021a7d834afd1eea693d200ed3966a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4a7-18cc-4ead-ba97-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:35.000Z",
"modified": "2017-03-23T16:15:35.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: cbb58841ef2179e52fcfb918d085503ccf4482014fa1f0714e11fd667de974a0",
"pattern": "[file:hashes.MD5 = '25b3494084faf4d320c4688c63b9608a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4a8-c578-407a-b8c7-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:36.000Z",
"modified": "2017-03-23T16:15:36.000Z",
"first_observed": "2017-03-23T16:15:36Z",
"last_observed": "2017-03-23T16:15:36Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4a8-c578-407a-b8c7-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4a8-c578-407a-b8c7-9f0702de0b81",
"value": "https://www.virustotal.com/file/cbb58841ef2179e52fcfb918d085503ccf4482014fa1f0714e11fd667de974a0/analysis/1490244446/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4a9-c780-4a64-9fd3-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:37.000Z",
"modified": "2017-03-23T16:15:37.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 1d73428619f69cbdfc5158f1682cc304ba6af2a0b425244bcd8c2c432d4a50d7",
"pattern": "[file:hashes.SHA1 = '53fab257bf206ba8741cf002f64bce68dba4bc8f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4aa-e0cc-42f0-9616-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:38.000Z",
"modified": "2017-03-23T16:15:38.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 1d73428619f69cbdfc5158f1682cc304ba6af2a0b425244bcd8c2c432d4a50d7",
"pattern": "[file:hashes.MD5 = '59073cdda35e5646469f9557ed187fe8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4ab-4168-4134-95c5-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:39.000Z",
"modified": "2017-03-23T16:15:39.000Z",
"first_observed": "2017-03-23T16:15:39Z",
"last_observed": "2017-03-23T16:15:39Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4ab-4168-4134-95c5-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4ab-4168-4134-95c5-9f0702de0b81",
"value": "https://www.virustotal.com/file/1d73428619f69cbdfc5158f1682cc304ba6af2a0b425244bcd8c2c432d4a50d7/analysis/1487713727/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ac-c624-4a96-979d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:40.000Z",
"modified": "2017-03-23T16:15:40.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: e7fc4527e4cb65e05069b871e06226ce9c9669649ed9cfbad2dcb41cdd9fe94c",
"pattern": "[file:hashes.SHA1 = 'ade5df4cc9fefe20e524fe822cfc799f0f9c5ac7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ad-8f60-44ab-ae9b-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:41.000Z",
"modified": "2017-03-23T16:15:41.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: e7fc4527e4cb65e05069b871e06226ce9c9669649ed9cfbad2dcb41cdd9fe94c",
"pattern": "[file:hashes.MD5 = '00f9cd32ba4d79d5c8d1821d82834e66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4ae-20a0-473a-a4dd-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:42.000Z",
"modified": "2017-03-23T16:15:42.000Z",
"first_observed": "2017-03-23T16:15:42Z",
"last_observed": "2017-03-23T16:15:42Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4ae-20a0-473a-a4dd-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4ae-20a0-473a-a4dd-9f0702de0b81",
"value": "https://www.virustotal.com/file/e7fc4527e4cb65e05069b871e06226ce9c9669649ed9cfbad2dcb41cdd9fe94c/analysis/1487565053/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4af-b314-4f41-818d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:43.000Z",
"modified": "2017-03-23T16:15:43.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 99a3939d654e4c424dcf33fbc18c7568d1030981ad1ae8f2a6da2966efbff669",
"pattern": "[file:hashes.SHA1 = 'c3d5baad23b756093fc67b7db7830f6c37c23a59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4af-1274-4b40-941e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:43.000Z",
"modified": "2017-03-23T16:15:43.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 99a3939d654e4c424dcf33fbc18c7568d1030981ad1ae8f2a6da2966efbff669",
"pattern": "[file:hashes.MD5 = '978679966dc7797816f3ad0a6f63e70e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4b0-6334-4fce-9704-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:44.000Z",
"modified": "2017-03-23T16:15:44.000Z",
"first_observed": "2017-03-23T16:15:44Z",
"last_observed": "2017-03-23T16:15:44Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4b0-6334-4fce-9704-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4b0-6334-4fce-9704-9f0702de0b81",
"value": "https://www.virustotal.com/file/99a3939d654e4c424dcf33fbc18c7568d1030981ad1ae8f2a6da2966efbff669/analysis/1489681560/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4b1-ba78-4b17-b845-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:45.000Z",
"modified": "2017-03-23T16:15:45.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 450b2d6741a452d3bff491fb3a40ec8e29cbaf24fb1b400863efe1a7f920543e",
"pattern": "[file:hashes.SHA1 = 'a14565053de9facb97c6d1d283b37fc6333078fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4b2-a248-4911-8f00-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:46.000Z",
"modified": "2017-03-23T16:15:46.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 450b2d6741a452d3bff491fb3a40ec8e29cbaf24fb1b400863efe1a7f920543e",
"pattern": "[file:hashes.MD5 = 'bc652907773d5d2f15e2b9f922fb87ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4b3-44bc-420e-a5d9-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:47.000Z",
"modified": "2017-03-23T16:15:47.000Z",
"first_observed": "2017-03-23T16:15:47Z",
"last_observed": "2017-03-23T16:15:47Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4b3-44bc-420e-a5d9-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4b3-44bc-420e-a5d9-9f0702de0b81",
"value": "https://www.virustotal.com/file/450b2d6741a452d3bff491fb3a40ec8e29cbaf24fb1b400863efe1a7f920543e/analysis/1486718178/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4b4-f8e4-4f2b-bf75-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:48.000Z",
"modified": "2017-03-23T16:15:48.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: ecc9526b380bd109dbcb3d9c4635c1866234d302658758d6ecf4e927a12af9a1",
"pattern": "[file:hashes.SHA1 = '6cd11dbf35ebf83f1c416324d9d883e2c593dbc1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4b5-9f10-4dc4-868c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:49.000Z",
"modified": "2017-03-23T16:15:49.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: ecc9526b380bd109dbcb3d9c4635c1866234d302658758d6ecf4e927a12af9a1",
"pattern": "[file:hashes.MD5 = '72c326f6915bde95d89898a7e8e298da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4b6-6eac-4220-8615-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:50.000Z",
"modified": "2017-03-23T16:15:50.000Z",
"first_observed": "2017-03-23T16:15:50Z",
"last_observed": "2017-03-23T16:15:50Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4b6-6eac-4220-8615-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4b6-6eac-4220-8615-9f0702de0b81",
"value": "https://www.virustotal.com/file/ecc9526b380bd109dbcb3d9c4635c1866234d302658758d6ecf4e927a12af9a1/analysis/1489592673/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4b7-2258-49ec-a7a8-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:51.000Z",
"modified": "2017-03-23T16:15:51.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: c343e92d30c1374c631efa8cf612faf5567e8bd66330e1ff58ac9296c3373304",
"pattern": "[file:hashes.SHA1 = '9adcc8a2ce8cc94968d43b51f8c867b46b1c0c7c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4b8-87cc-41aa-8300-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:52.000Z",
"modified": "2017-03-23T16:15:52.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: c343e92d30c1374c631efa8cf612faf5567e8bd66330e1ff58ac9296c3373304",
"pattern": "[file:hashes.MD5 = '50f00680e95100a3b808d1675875873a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4b8-42f8-4743-b13a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:52.000Z",
"modified": "2017-03-23T16:15:52.000Z",
"first_observed": "2017-03-23T16:15:52Z",
"last_observed": "2017-03-23T16:15:52Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4b8-42f8-4743-b13a-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4b8-42f8-4743-b13a-9f0702de0b81",
"value": "https://www.virustotal.com/file/c343e92d30c1374c631efa8cf612faf5567e8bd66330e1ff58ac9296c3373304/analysis/1490174627/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4b9-c48c-460a-8ae7-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:53.000Z",
"modified": "2017-03-23T16:15:53.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5c1db6ce5989645bbc8cb8489dee2fb99eba7b4093eaad96cd5a6c692a53c245",
"pattern": "[file:hashes.SHA1 = 'cd65ed59eddc98cb4cc3dc56ba3796427908c893']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ba-7820-495f-9320-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:54.000Z",
"modified": "2017-03-23T16:15:54.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 5c1db6ce5989645bbc8cb8489dee2fb99eba7b4093eaad96cd5a6c692a53c245",
"pattern": "[file:hashes.MD5 = '51186182ad3a1698119204f5194a1213']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4bb-d08c-4568-8ae9-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:55.000Z",
"modified": "2017-03-23T16:15:55.000Z",
"first_observed": "2017-03-23T16:15:55Z",
"last_observed": "2017-03-23T16:15:55Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4bb-d08c-4568-8ae9-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4bb-d08c-4568-8ae9-9f0702de0b81",
"value": "https://www.virustotal.com/file/5c1db6ce5989645bbc8cb8489dee2fb99eba7b4093eaad96cd5a6c692a53c245/analysis/1489482718/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4bc-a700-4b97-b45f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:56.000Z",
"modified": "2017-03-23T16:15:56.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: a0e529ed847b78fd68a871688a7e99e6abc87295c671a3e2d02a61a1e04f5ce9",
"pattern": "[file:hashes.SHA1 = 'da86b97fe62db0c32274961b27a407510c2b2c79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4bd-e1bc-47c6-a589-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:57.000Z",
"modified": "2017-03-23T16:15:57.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: a0e529ed847b78fd68a871688a7e99e6abc87295c671a3e2d02a61a1e04f5ce9",
"pattern": "[file:hashes.MD5 = '7d0a63918683e92163a34d89e39d0032']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4be-7f68-4a67-9d7d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:58.000Z",
"modified": "2017-03-23T16:15:58.000Z",
"first_observed": "2017-03-23T16:15:58Z",
"last_observed": "2017-03-23T16:15:58Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4be-7f68-4a67-9d7d-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4be-7f68-4a67-9d7d-9f0702de0b81",
"value": "https://www.virustotal.com/file/a0e529ed847b78fd68a871688a7e99e6abc87295c671a3e2d02a61a1e04f5ce9/analysis/1489161096/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4bf-fcf8-40cb-8b69-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:15:59.000Z",
"modified": "2017-03-23T16:15:59.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 66de8e2f1d5ebbf3f8c511d5cd6394e24be3c694e78d614dfe703f8aa198906f",
"pattern": "[file:hashes.SHA1 = '1bcb8314231b2346e22b5384947aee5b7500fd5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:15:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c0-2198-424d-b375-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:00.000Z",
"modified": "2017-03-23T16:16:00.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 66de8e2f1d5ebbf3f8c511d5cd6394e24be3c694e78d614dfe703f8aa198906f",
"pattern": "[file:hashes.MD5 = 'd5afa01d01ee54e8567d889f691fce8e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4c1-4074-453b-ab12-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:01.000Z",
"modified": "2017-03-23T16:16:01.000Z",
"first_observed": "2017-03-23T16:16:01Z",
"last_observed": "2017-03-23T16:16:01Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4c1-4074-453b-ab12-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4c1-4074-453b-ab12-9f0702de0b81",
"value": "https://www.virustotal.com/file/66de8e2f1d5ebbf3f8c511d5cd6394e24be3c694e78d614dfe703f8aa198906f/analysis/1490280326/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c1-d398-4488-8c7a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:01.000Z",
"modified": "2017-03-23T16:16:01.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 27290fd934092cf1ca2a242e6847665a16771376af8f5c81ef1c851463e77709",
"pattern": "[file:hashes.SHA1 = '25a387375f6055a2b7e48efeda4ca1c608795ce4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c2-1f0c-4b35-b40e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:02.000Z",
"modified": "2017-03-23T16:16:02.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 27290fd934092cf1ca2a242e6847665a16771376af8f5c81ef1c851463e77709",
"pattern": "[file:hashes.MD5 = 'e565863cae9c7e131a6558bfbb5d797d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4c3-d014-4bb3-9961-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:03.000Z",
"modified": "2017-03-23T16:16:03.000Z",
"first_observed": "2017-03-23T16:16:03Z",
"last_observed": "2017-03-23T16:16:03Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4c3-d014-4bb3-9961-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4c3-d014-4bb3-9961-9f0702de0b81",
"value": "https://www.virustotal.com/file/27290fd934092cf1ca2a242e6847665a16771376af8f5c81ef1c851463e77709/analysis/1487844593/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c4-ef20-4174-affe-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:04.000Z",
"modified": "2017-03-23T16:16:04.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 552fe8b5fd175822d4479552078331dbfb16881fea9514377a802f3cce87ac02",
"pattern": "[file:hashes.SHA1 = 'f822cafde38c48c813a1e98c628f23e0a082c02d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c5-5984-466b-835e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:05.000Z",
"modified": "2017-03-23T16:16:05.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 552fe8b5fd175822d4479552078331dbfb16881fea9514377a802f3cce87ac02",
"pattern": "[file:hashes.MD5 = '15b201d48cbf5f94644fe4d30d741bd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4c6-301c-4652-88c8-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:06.000Z",
"modified": "2017-03-23T16:16:06.000Z",
"first_observed": "2017-03-23T16:16:06Z",
"last_observed": "2017-03-23T16:16:06Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4c6-301c-4652-88c8-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4c6-301c-4652-88c8-9f0702de0b81",
"value": "https://www.virustotal.com/file/552fe8b5fd175822d4479552078331dbfb16881fea9514377a802f3cce87ac02/analysis/1490261112/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c7-5ed0-493a-b5d4-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:07.000Z",
"modified": "2017-03-23T16:16:07.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: a406f0208c914ff28f8e30eda539acb6abd23bbdecf704be4b77615a27f62e8d",
"pattern": "[file:hashes.SHA1 = 'f3e1fe6ea74b283f6e8b10b211891a24ea13de29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c8-78f0-4e7e-8900-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:08.000Z",
"modified": "2017-03-23T16:16:08.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: a406f0208c914ff28f8e30eda539acb6abd23bbdecf704be4b77615a27f62e8d",
"pattern": "[file:hashes.MD5 = '1cdc6f8d329741d6a5525528278fc609']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4c9-8ea4-4eff-b81c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:09.000Z",
"modified": "2017-03-23T16:16:09.000Z",
"first_observed": "2017-03-23T16:16:09Z",
"last_observed": "2017-03-23T16:16:09Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4c9-8ea4-4eff-b81c-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4c9-8ea4-4eff-b81c-9f0702de0b81",
"value": "https://www.virustotal.com/file/a406f0208c914ff28f8e30eda539acb6abd23bbdecf704be4b77615a27f62e8d/analysis/1486569476/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4c9-987c-4761-8c25-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:09.000Z",
"modified": "2017-03-23T16:16:09.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 79316e4c2601a5721d5d6ada0f152790ad44aa9ac5badf17e12c7825fb1f46aa",
"pattern": "[file:hashes.SHA1 = 'f103a119a779b4071309b4768ea4930a321cd07a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ca-9818-4277-9a2e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:10.000Z",
"modified": "2017-03-23T16:16:10.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 79316e4c2601a5721d5d6ada0f152790ad44aa9ac5badf17e12c7825fb1f46aa",
"pattern": "[file:hashes.MD5 = '7948214cc9830abc636eb1fa71ea6827']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4cb-0944-496d-95f3-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:11.000Z",
"modified": "2017-03-23T16:16:11.000Z",
"first_observed": "2017-03-23T16:16:11Z",
"last_observed": "2017-03-23T16:16:11Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4cb-0944-496d-95f3-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4cb-0944-496d-95f3-9f0702de0b81",
"value": "https://www.virustotal.com/file/79316e4c2601a5721d5d6ada0f152790ad44aa9ac5badf17e12c7825fb1f46aa/analysis/1489420783/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4cc-bb1c-4496-ac1d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:12.000Z",
"modified": "2017-03-23T16:16:12.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: dbc97df1e5036ac572d8a247a6b073ab1f1dabd20676443598135c6743534028",
"pattern": "[file:hashes.SHA1 = 'd11c3e0003c5cec7363c6fd58d09d72726971d19']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4cd-bba4-4e73-b121-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:13.000Z",
"modified": "2017-03-23T16:16:13.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: dbc97df1e5036ac572d8a247a6b073ab1f1dabd20676443598135c6743534028",
"pattern": "[file:hashes.MD5 = '9f721ef90d7ec58d48f25eb68b16aae7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4ce-f8f0-485e-9bf2-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:14.000Z",
"modified": "2017-03-23T16:16:14.000Z",
"first_observed": "2017-03-23T16:16:14Z",
"last_observed": "2017-03-23T16:16:14Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4ce-f8f0-485e-9bf2-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4ce-f8f0-485e-9bf2-9f0702de0b81",
"value": "https://www.virustotal.com/file/dbc97df1e5036ac572d8a247a6b073ab1f1dabd20676443598135c6743534028/analysis/1490246791/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4cf-75bc-426d-966d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:15.000Z",
"modified": "2017-03-23T16:16:15.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 17ae8d128938131ebc944f5d77be7009fd05c8831f88ef3558cc9c00f0633f97",
"pattern": "[file:hashes.SHA1 = '18d9199cc35cd76003ee065b769a6bb9a1ed9d0f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4d0-5580-4826-a76c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:16.000Z",
"modified": "2017-03-23T16:16:16.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 17ae8d128938131ebc944f5d77be7009fd05c8831f88ef3558cc9c00f0633f97",
"pattern": "[file:hashes.MD5 = '6993c2e110a8b4c4f12e07ac4afdad30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4d1-5b1c-47c3-b2cd-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:17.000Z",
"modified": "2017-03-23T16:16:17.000Z",
"first_observed": "2017-03-23T16:16:17Z",
"last_observed": "2017-03-23T16:16:17Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4d1-5b1c-47c3-b2cd-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4d1-5b1c-47c3-b2cd-9f0702de0b81",
"value": "https://www.virustotal.com/file/17ae8d128938131ebc944f5d77be7009fd05c8831f88ef3558cc9c00f0633f97/analysis/1489232312/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4d2-9d24-427b-a00c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:18.000Z",
"modified": "2017-03-23T16:16:18.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: c201e4bb7b68b4655ab7ac85c8a7c93abe2238ec3d24914d86e8a543b6c6abbd",
"pattern": "[file:hashes.SHA1 = 'bd69ba1cc4a7c5d9eb14582f94573434312ce691']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4d2-9570-4a5e-bf21-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:18.000Z",
"modified": "2017-03-23T16:16:18.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: c201e4bb7b68b4655ab7ac85c8a7c93abe2238ec3d24914d86e8a543b6c6abbd",
"pattern": "[file:hashes.MD5 = 'a1ffba962b2e96bb0213fde45485d839']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4d3-357c-4605-8899-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:19.000Z",
"modified": "2017-03-23T16:16:19.000Z",
"first_observed": "2017-03-23T16:16:19Z",
"last_observed": "2017-03-23T16:16:19Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4d3-357c-4605-8899-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4d3-357c-4605-8899-9f0702de0b81",
"value": "https://www.virustotal.com/file/c201e4bb7b68b4655ab7ac85c8a7c93abe2238ec3d24914d86e8a543b6c6abbd/analysis/1487706989/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4d4-34a4-4d48-a27e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:20.000Z",
"modified": "2017-03-23T16:16:20.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9c62f4947a572356f43f71fb55f2b702b78c2e1688c67eff89c36da50137ed21",
"pattern": "[file:hashes.SHA1 = 'f9675515ac8fc84a2fd29e62d2f1b9a420ecf6ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4d5-6c54-46fe-8da0-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:21.000Z",
"modified": "2017-03-23T16:16:21.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9c62f4947a572356f43f71fb55f2b702b78c2e1688c67eff89c36da50137ed21",
"pattern": "[file:hashes.MD5 = '69d71124701a58d254effc455474175e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4d6-5dbc-4b36-8b92-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:22.000Z",
"modified": "2017-03-23T16:16:22.000Z",
"first_observed": "2017-03-23T16:16:22Z",
"last_observed": "2017-03-23T16:16:22Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4d6-5dbc-4b36-8b92-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4d6-5dbc-4b36-8b92-9f0702de0b81",
"value": "https://www.virustotal.com/file/9c62f4947a572356f43f71fb55f2b702b78c2e1688c67eff89c36da50137ed21/analysis/1489498491/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4d7-6668-4ec1-b0c8-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:23.000Z",
"modified": "2017-03-23T16:16:23.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 84a2ded87681e65be35994ea26f4b2287e52438bbeebaac784c291196a6f94c6",
"pattern": "[file:hashes.SHA1 = '6660780579e0f416901921ef910a0a5d05fc11e4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4d8-cd78-4ddc-b420-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:24.000Z",
"modified": "2017-03-23T16:16:24.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 84a2ded87681e65be35994ea26f4b2287e52438bbeebaac784c291196a6f94c6",
"pattern": "[file:hashes.MD5 = 'ab377c359cf4328ce8e0996a44aa2ddd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4d9-36f8-4b3a-8da1-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:25.000Z",
"modified": "2017-03-23T16:16:25.000Z",
"first_observed": "2017-03-23T16:16:25Z",
"last_observed": "2017-03-23T16:16:25Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4d9-36f8-4b3a-8da1-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4d9-36f8-4b3a-8da1-9f0702de0b81",
"value": "https://www.virustotal.com/file/84a2ded87681e65be35994ea26f4b2287e52438bbeebaac784c291196a6f94c6/analysis/1490174459/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4da-f654-4570-b92e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:26.000Z",
"modified": "2017-03-23T16:16:26.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 415b9e72811cd7c50366d9c9038df02fe3bbfc6446ef42b099d85ea576fbd35d",
"pattern": "[file:hashes.SHA1 = '82cf01470fa321496bd7b6229e5d03589f7a7cca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4da-9464-4464-960e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:26.000Z",
"modified": "2017-03-23T16:16:26.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 415b9e72811cd7c50366d9c9038df02fe3bbfc6446ef42b099d85ea576fbd35d",
"pattern": "[file:hashes.MD5 = '6379f5b1f34f72a0268f843c47f85f32']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4db-4fa4-4638-ae46-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:27.000Z",
"modified": "2017-03-23T16:16:27.000Z",
"first_observed": "2017-03-23T16:16:27Z",
"last_observed": "2017-03-23T16:16:27Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4db-4fa4-4638-ae46-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4db-4fa4-4638-ae46-9f0702de0b81",
"value": "https://www.virustotal.com/file/415b9e72811cd7c50366d9c9038df02fe3bbfc6446ef42b099d85ea576fbd35d/analysis/1490245303/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4dc-b564-4558-a522-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:28.000Z",
"modified": "2017-03-23T16:16:28.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 737d1468b20dc39300bc2be38285b6482940d2be9ae59b7dc984cf4dc6d82053",
"pattern": "[file:hashes.SHA1 = '03094768ec13f6d326caa3560ecc60e28d0a7845']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4dd-5b30-4672-983f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:29.000Z",
"modified": "2017-03-23T16:16:29.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 737d1468b20dc39300bc2be38285b6482940d2be9ae59b7dc984cf4dc6d82053",
"pattern": "[file:hashes.MD5 = '8eb9d5405f1746025318c4cf52e7759d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4de-675c-49be-bced-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:30.000Z",
"modified": "2017-03-23T16:16:30.000Z",
"first_observed": "2017-03-23T16:16:30Z",
"last_observed": "2017-03-23T16:16:30Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4de-675c-49be-bced-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4de-675c-49be-bced-9f0702de0b81",
"value": "https://www.virustotal.com/file/737d1468b20dc39300bc2be38285b6482940d2be9ae59b7dc984cf4dc6d82053/analysis/1486541106/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4df-d2ac-4989-8f5f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:31.000Z",
"modified": "2017-03-23T16:16:31.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 11836837753c754997adf8ccf4fa8ba824e57725f56fbcd3b0d903e1fa30ac5b",
"pattern": "[file:hashes.SHA1 = '4ea0a2b4f90358c3147b5cbc6613506ed7ef00bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4e0-144c-428b-97b6-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:32.000Z",
"modified": "2017-03-23T16:16:32.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 11836837753c754997adf8ccf4fa8ba824e57725f56fbcd3b0d903e1fa30ac5b",
"pattern": "[file:hashes.MD5 = '92b4f31afa1471d510d48ed6c285ed61']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4e1-e650-4b87-8236-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:33.000Z",
"modified": "2017-03-23T16:16:33.000Z",
"first_observed": "2017-03-23T16:16:33Z",
"last_observed": "2017-03-23T16:16:33Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4e1-e650-4b87-8236-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4e1-e650-4b87-8236-9f0702de0b81",
"value": "https://www.virustotal.com/file/11836837753c754997adf8ccf4fa8ba824e57725f56fbcd3b0d903e1fa30ac5b/analysis/1487931205/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4e2-2764-40dc-b738-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:34.000Z",
"modified": "2017-03-23T16:16:34.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 6077c3ed4dc67526f89b2c59fc16b389530a73b326f63fff17ae7c824b7770fd",
"pattern": "[file:hashes.SHA1 = '57f56d5a295058f22d6dbe99863f5db842091c15']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4e3-ac74-476c-88d7-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:35.000Z",
"modified": "2017-03-23T16:16:35.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 6077c3ed4dc67526f89b2c59fc16b389530a73b326f63fff17ae7c824b7770fd",
"pattern": "[file:hashes.MD5 = 'a2b79d655e1f000510f1f73de236960f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4e3-f2b4-4df3-bd6e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:35.000Z",
"modified": "2017-03-23T16:16:35.000Z",
"first_observed": "2017-03-23T16:16:35Z",
"last_observed": "2017-03-23T16:16:35Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4e3-f2b4-4df3-bd6e-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4e3-f2b4-4df3-bd6e-9f0702de0b81",
"value": "https://www.virustotal.com/file/6077c3ed4dc67526f89b2c59fc16b389530a73b326f63fff17ae7c824b7770fd/analysis/1486984912/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4e4-f018-471c-a801-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:36.000Z",
"modified": "2017-03-23T16:16:36.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 4a7d6c770c5fdbb32534b535efe0324e3bc25a8bcd3551b7fe0ff3610ee81299",
"pattern": "[file:hashes.SHA1 = '0599357139722cbf3b634b957073ce66f501a7b3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4e5-d3f4-4911-869f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:37.000Z",
"modified": "2017-03-23T16:16:37.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 4a7d6c770c5fdbb32534b535efe0324e3bc25a8bcd3551b7fe0ff3610ee81299",
"pattern": "[file:hashes.MD5 = '7e05a8f63ad73092e0a3f66bdb6b7dae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4e6-bf80-47f8-8c5c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:38.000Z",
"modified": "2017-03-23T16:16:38.000Z",
"first_observed": "2017-03-23T16:16:38Z",
"last_observed": "2017-03-23T16:16:38Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4e6-bf80-47f8-8c5c-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4e6-bf80-47f8-8c5c-9f0702de0b81",
"value": "https://www.virustotal.com/file/4a7d6c770c5fdbb32534b535efe0324e3bc25a8bcd3551b7fe0ff3610ee81299/analysis/1490173985/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4e7-b39c-41b3-aa8d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:39.000Z",
"modified": "2017-03-23T16:16:39.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: c53bf11adb48a00393c30a0902716e0088f650750349f5966ba3b60a0fa17487",
"pattern": "[file:hashes.SHA1 = '3976d852993a9febbc512870ee177acec4ebf3a9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4e8-26c4-4601-b9e6-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:40.000Z",
"modified": "2017-03-23T16:16:40.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: c53bf11adb48a00393c30a0902716e0088f650750349f5966ba3b60a0fa17487",
"pattern": "[file:hashes.MD5 = '2412d1e94a5eacf0d066c2330cc2585c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4e9-b10c-4c7f-9fd2-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:41.000Z",
"modified": "2017-03-23T16:16:41.000Z",
"first_observed": "2017-03-23T16:16:41Z",
"last_observed": "2017-03-23T16:16:41Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4e9-b10c-4c7f-9fd2-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4e9-b10c-4c7f-9fd2-9f0702de0b81",
"value": "https://www.virustotal.com/file/c53bf11adb48a00393c30a0902716e0088f650750349f5966ba3b60a0fa17487/analysis/1489993470/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ea-da6c-4472-a666-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:42.000Z",
"modified": "2017-03-23T16:16:42.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 89a1264bd7facf02d48aff46724a0215c2fb1974d06451cebefdb2ea7ea9a71a",
"pattern": "[file:hashes.SHA1 = '524a23cabe678f6042e4c872a1454d1714b02ccc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4eb-893c-4586-b9a4-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:43.000Z",
"modified": "2017-03-23T16:16:43.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 89a1264bd7facf02d48aff46724a0215c2fb1974d06451cebefdb2ea7ea9a71a",
"pattern": "[file:hashes.MD5 = 'e692a01b1aa01e20ef6f281a6182ca7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4eb-5e8c-44d4-be1a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:43.000Z",
"modified": "2017-03-23T16:16:43.000Z",
"first_observed": "2017-03-23T16:16:43Z",
"last_observed": "2017-03-23T16:16:43Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4eb-5e8c-44d4-be1a-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4eb-5e8c-44d4-be1a-9f0702de0b81",
"value": "https://www.virustotal.com/file/89a1264bd7facf02d48aff46724a0215c2fb1974d06451cebefdb2ea7ea9a71a/analysis/1489658266/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ec-7f6c-41b6-acf8-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:44.000Z",
"modified": "2017-03-23T16:16:44.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: ad3af8a7ab469fa930d0873475214c3160f52b17c06f296d6ce9cc6fc92e8a79",
"pattern": "[file:hashes.SHA1 = '91b157648296683f50551f60c6653ebb452f902b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ed-5990-40e4-a4eb-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:45.000Z",
"modified": "2017-03-23T16:16:45.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: ad3af8a7ab469fa930d0873475214c3160f52b17c06f296d6ce9cc6fc92e8a79",
"pattern": "[file:hashes.MD5 = 'abf4e672f6c7f353f6a0ca0a6c9e23b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4ee-ef48-4469-b86b-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:46.000Z",
"modified": "2017-03-23T16:16:46.000Z",
"first_observed": "2017-03-23T16:16:46Z",
"last_observed": "2017-03-23T16:16:46Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4ee-ef48-4469-b86b-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4ee-ef48-4469-b86b-9f0702de0b81",
"value": "https://www.virustotal.com/file/ad3af8a7ab469fa930d0873475214c3160f52b17c06f296d6ce9cc6fc92e8a79/analysis/1489568479/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ef-0ea0-4202-ae79-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:47.000Z",
"modified": "2017-03-23T16:16:47.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 7aa0abedd75c46680ac65814d9433a04bb9f6bc6f094d66cc33a918f32dcb2fa",
"pattern": "[file:hashes.SHA1 = 'fd2eb0321699cf9b46ad8ace68beb4247f1bd9bb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4f0-39c4-4a31-bfd1-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:48.000Z",
"modified": "2017-03-23T16:16:48.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 7aa0abedd75c46680ac65814d9433a04bb9f6bc6f094d66cc33a918f32dcb2fa",
"pattern": "[file:hashes.MD5 = '9f8144db1ffecbcc7c69bae783d85d9d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4f1-139c-435a-8449-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:49.000Z",
"modified": "2017-03-23T16:16:49.000Z",
"first_observed": "2017-03-23T16:16:49Z",
"last_observed": "2017-03-23T16:16:49Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4f1-139c-435a-8449-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4f1-139c-435a-8449-9f0702de0b81",
"value": "https://www.virustotal.com/file/7aa0abedd75c46680ac65814d9433a04bb9f6bc6f094d66cc33a918f32dcb2fa/analysis/1489645405/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4f2-10ec-4801-b454-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:50.000Z",
"modified": "2017-03-23T16:16:50.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 59011fa80db84cea54bc6ec7f7bc689d916f04e8df9950b259ad524142225731",
"pattern": "[file:hashes.SHA1 = '6180bb93948116371cd0a060ec11186fb4845595']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4f3-7c50-4e58-b7b8-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:51.000Z",
"modified": "2017-03-23T16:16:51.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 59011fa80db84cea54bc6ec7f7bc689d916f04e8df9950b259ad524142225731",
"pattern": "[file:hashes.MD5 = '1b187f7e1eb6c256f6c7e00ae387a478']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4f3-64f4-4432-b3f2-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:51.000Z",
"modified": "2017-03-23T16:16:51.000Z",
"first_observed": "2017-03-23T16:16:51Z",
"last_observed": "2017-03-23T16:16:51Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4f3-64f4-4432-b3f2-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4f3-64f4-4432-b3f2-9f0702de0b81",
"value": "https://www.virustotal.com/file/59011fa80db84cea54bc6ec7f7bc689d916f04e8df9950b259ad524142225731/analysis/1490158625/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4f4-ce20-4e35-8a8a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:52.000Z",
"modified": "2017-03-23T16:16:52.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: dd783bcdbc81bc605cf07545a01273596d4e51b198874253815069cd6708b2fa",
"pattern": "[file:hashes.SHA1 = 'a9b7cc4a0f3f043b0775d53a60b45ed34d5144d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4f5-a34c-4abe-b6b1-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:53.000Z",
"modified": "2017-03-23T16:16:53.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: dd783bcdbc81bc605cf07545a01273596d4e51b198874253815069cd6708b2fa",
"pattern": "[file:hashes.MD5 = '0eae6cd107eef9b21b009dbf8f1991a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4f6-d2e4-4f6c-b80a-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:54.000Z",
"modified": "2017-03-23T16:16:54.000Z",
"first_observed": "2017-03-23T16:16:54Z",
"last_observed": "2017-03-23T16:16:54Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4f6-d2e4-4f6c-b80a-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4f6-d2e4-4f6c-b80a-9f0702de0b81",
"value": "https://www.virustotal.com/file/dd783bcdbc81bc605cf07545a01273596d4e51b198874253815069cd6708b2fa/analysis/1487997184/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4f7-ded4-4b80-b9bd-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:55.000Z",
"modified": "2017-03-23T16:16:55.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9f48ce01ac99033c03e9aa983c09fa273eae0e168e55de8cc364311ae4fc88b9",
"pattern": "[file:hashes.SHA1 = '6f7d89a5014f839457b59e1fcf3849d57df4d34f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4f8-295c-4535-b5ba-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:56.000Z",
"modified": "2017-03-23T16:16:56.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 9f48ce01ac99033c03e9aa983c09fa273eae0e168e55de8cc364311ae4fc88b9",
"pattern": "[file:hashes.MD5 = '79f72ea2fee5d8c5e488a20f188d9e3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4f9-6a74-491b-b612-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:57.000Z",
"modified": "2017-03-23T16:16:57.000Z",
"first_observed": "2017-03-23T16:16:57Z",
"last_observed": "2017-03-23T16:16:57Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4f9-6a74-491b-b612-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4f9-6a74-491b-b612-9f0702de0b81",
"value": "https://www.virustotal.com/file/9f48ce01ac99033c03e9aa983c09fa273eae0e168e55de8cc364311ae4fc88b9/analysis/1487844739/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4fa-d49c-4cf7-a12c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:58.000Z",
"modified": "2017-03-23T16:16:58.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 629d1afbedd7cc082549d5c3fc3926b6b4e55abc3c07f8d994a791893a2fd530",
"pattern": "[file:hashes.SHA1 = 'fd86a08c0705b06fe4d2a16090af943ea4139a95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4fb-940c-43f8-a8d0-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:16:59.000Z",
"modified": "2017-03-23T16:16:59.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 629d1afbedd7cc082549d5c3fc3926b6b4e55abc3c07f8d994a791893a2fd530",
"pattern": "[file:hashes.MD5 = '1bc15ec752aedd92a46534362f6c0e82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:16:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4fc-2318-4024-8936-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:00.000Z",
"modified": "2017-03-23T16:17:00.000Z",
"first_observed": "2017-03-23T16:17:00Z",
"last_observed": "2017-03-23T16:17:00Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4fc-2318-4024-8936-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4fc-2318-4024-8936-9f0702de0b81",
"value": "https://www.virustotal.com/file/629d1afbedd7cc082549d5c3fc3926b6b4e55abc3c07f8d994a791893a2fd530/analysis/1487910889/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4fc-71d4-4903-b449-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:00.000Z",
"modified": "2017-03-23T16:17:00.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: b330fadeb337e9fb5aa9f8046462e3d1d418946fd6237bc252a80a2d4fb2fff7",
"pattern": "[file:hashes.SHA1 = 'd2cd8cb500e9baae94c2df1e9a3bdf4c1c42ba1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4fd-f1b8-4e6a-9127-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:01.000Z",
"modified": "2017-03-23T16:17:01.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: b330fadeb337e9fb5aa9f8046462e3d1d418946fd6237bc252a80a2d4fb2fff7",
"pattern": "[file:hashes.MD5 = 'ad311fbba70dd1fdc5b069f57b6afe5e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f4fe-3c20-47e9-84f6-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:02.000Z",
"modified": "2017-03-23T16:17:02.000Z",
"first_observed": "2017-03-23T16:17:02Z",
"last_observed": "2017-03-23T16:17:02Z",
"number_observed": 1,
"object_refs": [
"url--58d3f4fe-3c20-47e9-84f6-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f4fe-3c20-47e9-84f6-9f0702de0b81",
"value": "https://www.virustotal.com/file/b330fadeb337e9fb5aa9f8046462e3d1d418946fd6237bc252a80a2d4fb2fff7/analysis/1487717141/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f4ff-a5e0-4591-a3aa-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:03.000Z",
"modified": "2017-03-23T16:17:03.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: cd16e420fbc39b63de93198cdb1265c1bfe83119c7d4d75d5501465cdd0847f1",
"pattern": "[file:hashes.SHA1 = '19013eb9d291e421261473ca5d1fa166ff92554d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f501-5324-4530-9b4e-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:05.000Z",
"modified": "2017-03-23T16:17:05.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: cd16e420fbc39b63de93198cdb1265c1bfe83119c7d4d75d5501465cdd0847f1",
"pattern": "[file:hashes.MD5 = '24681993ce5ae4126905dd051fb29caa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f501-ccc0-4b1a-b1e1-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:05.000Z",
"modified": "2017-03-23T16:17:05.000Z",
"first_observed": "2017-03-23T16:17:05Z",
"last_observed": "2017-03-23T16:17:05Z",
"number_observed": 1,
"object_refs": [
"url--58d3f501-ccc0-4b1a-b1e1-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f501-ccc0-4b1a-b1e1-9f0702de0b81",
"value": "https://www.virustotal.com/file/cd16e420fbc39b63de93198cdb1265c1bfe83119c7d4d75d5501465cdd0847f1/analysis/1489124421/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f502-0cac-478f-8b4f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:06.000Z",
"modified": "2017-03-23T16:17:06.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: be81741ae3c7c2c5000785a2573c901068a2906054690ac22119ac794aa9e8e2",
"pattern": "[file:hashes.SHA1 = '37bc0b13f3d040a071cc0a7a119c65a0709a8258']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f503-e688-4a36-8c4d-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:07.000Z",
"modified": "2017-03-23T16:17:07.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: be81741ae3c7c2c5000785a2573c901068a2906054690ac22119ac794aa9e8e2",
"pattern": "[file:hashes.MD5 = '4dd24284c7e6d95d58f5b7a8004b23ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f504-b188-4f0b-9c62-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:08.000Z",
"modified": "2017-03-23T16:17:08.000Z",
"first_observed": "2017-03-23T16:17:08Z",
"last_observed": "2017-03-23T16:17:08Z",
"number_observed": 1,
"object_refs": [
"url--58d3f504-b188-4f0b-9c62-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f504-b188-4f0b-9c62-9f0702de0b81",
"value": "https://www.virustotal.com/file/be81741ae3c7c2c5000785a2573c901068a2906054690ac22119ac794aa9e8e2/analysis/1489638430/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f505-2ad4-47e3-b8a3-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:09.000Z",
"modified": "2017-03-23T16:17:09.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: f07f87ab68482d329eeac5525ea5f189bcd720d2b2d149db61ab81ae04be957a",
"pattern": "[file:hashes.SHA1 = '3141e21f51171c12d2ffb5cf3d913b2ddd8fab14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f506-1874-4fc6-84ab-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:10.000Z",
"modified": "2017-03-23T16:17:10.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: f07f87ab68482d329eeac5525ea5f189bcd720d2b2d149db61ab81ae04be957a",
"pattern": "[file:hashes.MD5 = '7fde245137e0ed3a335a4c3086e0911e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f507-5540-4cb3-8caa-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:11.000Z",
"modified": "2017-03-23T16:17:11.000Z",
"first_observed": "2017-03-23T16:17:11Z",
"last_observed": "2017-03-23T16:17:11Z",
"number_observed": 1,
"object_refs": [
"url--58d3f507-5540-4cb3-8caa-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f507-5540-4cb3-8caa-9f0702de0b81",
"value": "https://www.virustotal.com/file/f07f87ab68482d329eeac5525ea5f189bcd720d2b2d149db61ab81ae04be957a/analysis/1486655768/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f508-819c-4057-bcae-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:12.000Z",
"modified": "2017-03-23T16:17:12.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 41c4483cfcc0b5a10504aa137ec3824d139663b7ec318d5e1fb6c9f5db8af8f9",
"pattern": "[file:hashes.SHA1 = '6bfc8580d74920f484441b7146ca31b26ae494f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f509-5704-4fc4-9282-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:13.000Z",
"modified": "2017-03-23T16:17:13.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 41c4483cfcc0b5a10504aa137ec3824d139663b7ec318d5e1fb6c9f5db8af8f9",
"pattern": "[file:hashes.MD5 = 'bfa4002b794ab5900866d10fc44997f8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f509-33c8-4d34-91d4-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:13.000Z",
"modified": "2017-03-23T16:17:13.000Z",
"first_observed": "2017-03-23T16:17:13Z",
"last_observed": "2017-03-23T16:17:13Z",
"number_observed": 1,
"object_refs": [
"url--58d3f509-33c8-4d34-91d4-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f509-33c8-4d34-91d4-9f0702de0b81",
"value": "https://www.virustotal.com/file/41c4483cfcc0b5a10504aa137ec3824d139663b7ec318d5e1fb6c9f5db8af8f9/analysis/1490279633/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f50a-058c-45da-9e00-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:14.000Z",
"modified": "2017-03-23T16:17:14.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: b1da2cb4fcee52cdc94c06325c339ac11a3fb1e399e1ed5a2a55107f5f64867f",
"pattern": "[file:hashes.SHA1 = '28651d200780f28b1289f41ac0aab5619cdbb090']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f50b-81e8-4afc-8781-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:15.000Z",
"modified": "2017-03-23T16:17:15.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: b1da2cb4fcee52cdc94c06325c339ac11a3fb1e399e1ed5a2a55107f5f64867f",
"pattern": "[file:hashes.MD5 = 'f7b6f70ba69fbfce3d5670f3bcc3f13d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f50c-75c4-4850-87d5-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:16.000Z",
"modified": "2017-03-23T16:17:16.000Z",
"first_observed": "2017-03-23T16:17:16Z",
"last_observed": "2017-03-23T16:17:16Z",
"number_observed": 1,
"object_refs": [
"url--58d3f50c-75c4-4850-87d5-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f50c-75c4-4850-87d5-9f0702de0b81",
"value": "https://www.virustotal.com/file/b1da2cb4fcee52cdc94c06325c339ac11a3fb1e399e1ed5a2a55107f5f64867f/analysis/1490174190/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f50d-1954-46db-8799-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:17.000Z",
"modified": "2017-03-23T16:17:17.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 4f2c10b64d4f4b56d56b5a271331c92484b6ddf8c4eb9f56669ed60545a4c06d",
"pattern": "[file:hashes.SHA1 = 'b535f6fdcb4ca3da7fb6a28677fe7430ca6b8089']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f50e-d3b8-4dd0-b191-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:18.000Z",
"modified": "2017-03-23T16:17:18.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 4f2c10b64d4f4b56d56b5a271331c92484b6ddf8c4eb9f56669ed60545a4c06d",
"pattern": "[file:hashes.MD5 = '46e5de82b73e15609028e11c38918ed9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f50f-9e10-4588-956b-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:19.000Z",
"modified": "2017-03-23T16:17:19.000Z",
"first_observed": "2017-03-23T16:17:19Z",
"last_observed": "2017-03-23T16:17:19Z",
"number_observed": 1,
"object_refs": [
"url--58d3f50f-9e10-4588-956b-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f50f-9e10-4588-956b-9f0702de0b81",
"value": "https://www.virustotal.com/file/4f2c10b64d4f4b56d56b5a271331c92484b6ddf8c4eb9f56669ed60545a4c06d/analysis/1490244732/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f510-2d88-45fc-8e3c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:20.000Z",
"modified": "2017-03-23T16:17:20.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 1ae6aa92ce8ee9a2ab78631663fa5a9bdcc14490c4c5fe799b41d26455b5b696",
"pattern": "[file:hashes.SHA1 = 'ea1f99b2bd8eae0d7dd35f78013cfe9ec8aa2be1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f511-233c-45a7-8baa-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:21.000Z",
"modified": "2017-03-23T16:17:21.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 1ae6aa92ce8ee9a2ab78631663fa5a9bdcc14490c4c5fe799b41d26455b5b696",
"pattern": "[file:hashes.MD5 = 'e93338fb2a8653089b236a3c051b5c21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f511-5498-4ea5-ab36-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:21.000Z",
"modified": "2017-03-23T16:17:21.000Z",
"first_observed": "2017-03-23T16:17:21Z",
"last_observed": "2017-03-23T16:17:21Z",
"number_observed": 1,
"object_refs": [
"url--58d3f511-5498-4ea5-ab36-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f511-5498-4ea5-ab36-9f0702de0b81",
"value": "https://www.virustotal.com/file/1ae6aa92ce8ee9a2ab78631663fa5a9bdcc14490c4c5fe799b41d26455b5b696/analysis/1489752442/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f512-ece8-4295-a27c-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:22.000Z",
"modified": "2017-03-23T16:17:22.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 14a6e04a60b1bb5f4d0fb3fffa240b7b34bf9c0b8504da19caeb31182510c139",
"pattern": "[file:hashes.SHA1 = '059f7a95d4621a0a2370f14617e75cbb673e0fb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f513-7240-4980-b6f8-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:23.000Z",
"modified": "2017-03-23T16:17:23.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 14a6e04a60b1bb5f4d0fb3fffa240b7b34bf9c0b8504da19caeb31182510c139",
"pattern": "[file:hashes.MD5 = 'fe16d984a645b66f50b204b5de79590e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f514-d40c-4065-b661-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:24.000Z",
"modified": "2017-03-23T16:17:24.000Z",
"first_observed": "2017-03-23T16:17:24Z",
"last_observed": "2017-03-23T16:17:24Z",
"number_observed": 1,
"object_refs": [
"url--58d3f514-d40c-4065-b661-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f514-d40c-4065-b661-9f0702de0b81",
"value": "https://www.virustotal.com/file/14a6e04a60b1bb5f4d0fb3fffa240b7b34bf9c0b8504da19caeb31182510c139/analysis/1487931142/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f515-e7c0-45bc-91c2-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:25.000Z",
"modified": "2017-03-23T16:17:25.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 7b684ad97bb9f5093e5cfb100352ad2f0ec3dfce63232207daf0aa736d6438c9",
"pattern": "[file:hashes.SHA1 = 'e0c7dc12e146b5ffc948cb913599817e1c50796e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f516-836c-442c-a32f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:26.000Z",
"modified": "2017-03-23T16:17:26.000Z",
"description": "malicious samples with similar malformations of the RTF file format: - Xchecked via VT: 7b684ad97bb9f5093e5cfb100352ad2f0ec3dfce63232207daf0aa736d6438c9",
"pattern": "[file:hashes.MD5 = 'ce4a4bccdad5b85ea2138893c9070232']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f517-1164-4ebb-b531-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:27.000Z",
"modified": "2017-03-23T16:17:27.000Z",
"first_observed": "2017-03-23T16:17:27Z",
"last_observed": "2017-03-23T16:17:27Z",
"number_observed": 1,
"object_refs": [
"url--58d3f517-1164-4ebb-b531-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f517-1164-4ebb-b531-9f0702de0b81",
"value": "https://www.virustotal.com/file/7b684ad97bb9f5093e5cfb100352ad2f0ec3dfce63232207daf0aa736d6438c9/analysis/1486619722/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f518-ae40-4b54-8a05-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:28.000Z",
"modified": "2017-03-23T16:17:28.000Z",
"description": "dropped executables - Xchecked via VT: a3c3abcd461d00e1f928e375770e39e3a33f719d7287a2fee661d82ce8de1c56",
"pattern": "[file:hashes.SHA1 = '942c04608285c4540def1704961a906f86df04ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f519-f824-448b-bfbf-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:29.000Z",
"modified": "2017-03-23T16:17:29.000Z",
"description": "dropped executables - Xchecked via VT: a3c3abcd461d00e1f928e375770e39e3a33f719d7287a2fee661d82ce8de1c56",
"pattern": "[file:hashes.MD5 = '77c1e477fd120dd7cd8093d9eb355a46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f519-8b20-4235-ae02-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:29.000Z",
"modified": "2017-03-23T16:17:29.000Z",
"first_observed": "2017-03-23T16:17:29Z",
"last_observed": "2017-03-23T16:17:29Z",
"number_observed": 1,
"object_refs": [
"url--58d3f519-8b20-4235-ae02-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f519-8b20-4235-ae02-9f0702de0b81",
"value": "https://www.virustotal.com/file/a3c3abcd461d00e1f928e375770e39e3a33f719d7287a2fee661d82ce8de1c56/analysis/1489664454/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f51a-de34-4885-885f-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:30.000Z",
"modified": "2017-03-23T16:17:30.000Z",
"description": "dropped executables - Xchecked via VT: da1a6747a3329c3a317d4bd7ecf029e89bd76192075f84834563103a54bac968",
"pattern": "[file:hashes.SHA1 = '5d1862dc83c051b255ebdc238eab861466c48680']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58d3f51b-6944-4b48-99ea-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:31.000Z",
"modified": "2017-03-23T16:17:31.000Z",
"description": "dropped executables - Xchecked via VT: da1a6747a3329c3a317d4bd7ecf029e89bd76192075f84834563103a54bac968",
"pattern": "[file:hashes.MD5 = 'efcc5cfb3e0c1a52889642c5d02aa301']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-03-23T16:17:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58d3f51c-7490-49b5-9a64-9f0702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-03-23T16:17:32.000Z",
"modified": "2017-03-23T16:17:32.000Z",
"first_observed": "2017-03-23T16:17:32Z",
"last_observed": "2017-03-23T16:17:32Z",
"number_observed": 1,
"object_refs": [
"url--58d3f51c-7490-49b5-9a64-9f0702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58d3f51c-7490-49b5-9a64-9f0702de0b81",
"value": "https://www.virustotal.com/file/da1a6747a3329c3a317d4bd7ecf029e89bd76192075f84834563103a54bac968/analysis/1489664348/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}