adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59387629-3d68-430c-ae55-15f50a016219.json

6190 lines
258 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59387629-3d68-430c-ae55-15f50a016219",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-21T12:57:09.000Z",
"modified": "2017-07-21T12:57:09.000Z",
"name": "ESET",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59387629-3d68-430c-ae55-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-21T12:57:09.000Z",
"modified": "2017-07-21T12:57:09.000Z",
"name": "Stantinko investigation",
"published": "2017-07-21T12:57:16Z",
"object_refs": [
"indicator--5938762a-20f0-435b-bb00-19d30a016219",
"indicator--5938762b-4ac0-4f2c-ac35-15f40a016219",
"indicator--5938762b-a338-4ffe-a659-12090a016219",
"indicator--5938762c-c5ec-4eee-a9e6-120c0a016219",
"indicator--5938762c-db54-429c-b450-1a120a016219",
"indicator--5938762d-154c-462f-a260-19d10a016219",
"indicator--5938762d-5904-48d8-8e07-15f50a016219",
"indicator--5938762e-ba14-423c-81c4-19d20a016219",
"indicator--5938762e-f31c-4729-a027-12080a016219",
"indicator--5938762f-1870-4571-9585-120b0a016219",
"indicator--5938762f-14c4-4322-be63-120c0a016219",
"indicator--59387630-e040-45e0-a8a7-12090a016219",
"indicator--59387630-f4bc-4d89-813c-1a120a016219",
"indicator--59387631-9280-48c4-ac30-15f40a016219",
"indicator--59387631-1c08-4023-bef7-12080a016219",
"indicator--59387632-ffd0-4f9a-8c20-19d10a016219",
"indicator--59387632-1600-40ea-9b70-19d20a016219",
"indicator--59387633-a0cc-48da-a0ad-19d30a016219",
"indicator--59387633-c0b4-46dc-b2be-15f50a016219",
"indicator--59387634-8948-4504-aa43-120b0a016219",
"indicator--59387635-b108-4acf-a24f-120c0a016219",
"indicator--59387635-4440-4a60-bde6-12090a016219",
"indicator--59387636-ed00-437f-95a0-1a120a016219",
"indicator--59387636-b2a0-4161-b45b-15f40a016219",
"indicator--59387637-443c-4b5c-916b-12080a016219",
"indicator--59387637-7e00-46a6-b098-19d10a016219",
"indicator--59387638-a64c-4b83-8cf2-19d20a016219",
"indicator--59387638-b268-438f-9179-19d30a016219",
"indicator--59387639-01f0-4075-8633-15f50a016219",
"indicator--59387639-17ec-40c9-970c-120b0a016219",
"indicator--5938763a-9558-4142-b535-120c0a016219",
"indicator--5938763a-99a8-4405-b1fd-12090a016219",
"indicator--5938763b-f210-49b1-a931-1a120a016219",
"indicator--5938763c-c00c-4916-9272-15f40a016219",
"indicator--5938763c-e680-4a4b-ad6b-12080a016219",
"indicator--5938763d-ad10-4bb3-ab03-19d10a016219",
"indicator--5938763d-2b98-45ad-92f6-19d20a016219",
"indicator--5938763e-5cac-4a91-9f62-19d30a016219",
"indicator--5938763e-6478-4a58-adaf-120c0a016219",
"indicator--5938763f-2ba8-4c05-b24f-15f50a016219",
"indicator--5938763f-2460-4df4-9cab-12090a016219",
"indicator--59387640-f2e8-44de-9698-12080a016219",
"indicator--59387640-251c-4aa3-a78d-120b0a016219",
"indicator--59387641-c0b8-424d-b844-15f40a016219",
"indicator--59387641-0ae4-4e58-a23c-19d10a016219",
"indicator--59387642-a32c-4b1b-83f1-19d20a016219",
"indicator--59387642-7d3c-4c88-9375-19d30a016219",
"observed-data--59387643-4618-4279-b58e-120b0a016219",
"mutex--59387643-4618-4279-b58e-120b0a016219",
"observed-data--59387644-4d6c-45fd-bdd6-12090a016219",
"mutex--59387644-4d6c-45fd-bdd6-12090a016219",
"observed-data--59387644-dfac-4d98-9909-12080a016219",
"mutex--59387644-dfac-4d98-9909-12080a016219",
"observed-data--59387645-75a4-4940-a7f2-120c0a016219",
"mutex--59387645-75a4-4940-a7f2-120c0a016219",
"observed-data--59387645-45e0-47c7-861b-1a120a016219",
"mutex--59387645-45e0-47c7-861b-1a120a016219",
"observed-data--59387646-6488-49b4-96bc-15f50a016219",
"mutex--59387646-6488-49b4-96bc-15f50a016219",
"observed-data--59387646-d168-4193-b0ad-19d20a016219",
"mutex--59387646-d168-4193-b0ad-19d20a016219",
"observed-data--59387647-332c-48d3-a50d-19d30a016219",
"mutex--59387647-332c-48d3-a50d-19d30a016219",
"observed-data--59387647-1c20-4aef-8bd0-120b0a016219",
"mutex--59387647-1c20-4aef-8bd0-120b0a016219",
"observed-data--59387648-71b4-42c0-a073-12080a016219",
"mutex--59387648-71b4-42c0-a073-12080a016219",
"observed-data--59387648-06e8-4079-88c5-12090a016219",
"mutex--59387648-06e8-4079-88c5-12090a016219",
"indicator--59387649-2b80-499a-b2eb-15f40a016219",
"indicator--59387649-8428-4477-9082-19d10a016219",
"indicator--5938764a-7558-4515-9f18-15f50a016219",
"indicator--5938764a-d4bc-44ac-86e6-1a120a016219",
"indicator--5938764b-e45c-4a68-b4e0-120c0a016219",
"indicator--5938764b-6644-4ede-b10d-120b0a016219",
"indicator--5938764c-6ea4-42e6-9b3b-12080a016219",
"indicator--5938764d-7a44-488e-bf0f-15f40a016219",
"indicator--5938764d-c6bc-4e99-91d4-19d10a016219",
"indicator--5938764e-dc60-41ff-958e-15f50a016219",
"indicator--5938764e-b940-43ee-b10e-12090a016219",
"indicator--5938764f-587c-48b1-90a1-19d30a016219",
"indicator--5938764f-10dc-439f-b0ab-19d20a016219",
"indicator--59387650-0134-4c70-b3e3-120b0a016219",
"indicator--59387650-8fe0-4914-a114-12080a016219",
"indicator--59387651-f56c-4a29-a298-15f40a016219",
"indicator--59387651-532c-4011-9a2c-19d10a016219",
"x-misp-attribute--59387652-9268-4f56-ace9-12090a016219",
"x-misp-attribute--59387652-eca0-4662-95b8-120c0a016219",
"x-misp-attribute--59387653-66dc-4a40-8ae8-19d30a016219",
"x-misp-attribute--59387653-e838-4c20-a890-15f50a016219",
"x-misp-attribute--59387654-6db8-4c07-9269-19d20a016219",
"x-misp-attribute--59387654-3864-444f-b909-12080a016219",
"x-misp-attribute--59387655-f1fc-443a-af30-15f40a016219",
"x-misp-attribute--59387656-9008-45a1-b7b8-19d10a016219",
"x-misp-attribute--59387656-d250-4af7-b994-120c0a016219",
"x-misp-attribute--59387657-f7cc-46ed-b0bc-19d30a016219",
"x-misp-attribute--59387657-cff8-40b5-a906-120b0a016219",
"x-misp-attribute--59387658-c1d8-4e62-b26d-1a120a016219",
"x-misp-attribute--59387658-8374-4d67-9a79-19d20a016219",
"x-misp-attribute--59387659-def4-4811-84e4-12090a016219",
"x-misp-attribute--59387659-232c-443b-84d0-15f40a016219",
"x-misp-attribute--5938765a-f970-442d-ade8-19d10a016219",
"x-misp-attribute--5938765a-84f0-4957-80d2-12080a016219",
"x-misp-attribute--5938765b-c024-43d7-aadb-120c0a016219",
"x-misp-attribute--5938765b-6fb8-4e01-a018-15f50a016219",
"x-misp-attribute--5938765c-8670-4d6b-868d-12090a016219",
"x-misp-attribute--5938765c-920c-45d6-a70c-15f40a016219",
"x-misp-attribute--5938765d-3100-4884-8a2e-19d10a016219",
"indicator--5938765d-dfdc-46b9-a1e7-1a120a016219",
"indicator--5938765e-abd4-47ce-99ef-19d30a016219",
"indicator--5938765f-c2e4-47ba-a940-120b0a016219",
"indicator--5938765f-1860-4473-bc9e-19d20a016219",
"indicator--59387660-9ff4-4a35-a75f-120c0a016219",
"indicator--59387660-9b9c-49c1-8888-12080a016219",
"indicator--59387661-0c3c-4405-9d6c-15f50a016219",
"indicator--59387661-c19c-411a-bc63-12090a016219",
"indicator--59387662-d3a4-4c23-8cf8-19d10a016219",
"indicator--59387662-54e0-43ac-b7be-19d30a016219",
"indicator--59387663-52c8-4c83-86cb-1a120a016219",
"indicator--59387663-73a8-4928-9aa6-15f40a016219",
"indicator--59387664-9b80-4c16-b078-12080a016219",
"indicator--59387664-513c-457c-93eb-19d20a016219",
"indicator--59387665-8380-427c-8f67-120b0a016219",
"indicator--59387665-45e8-40b5-b77a-12090a016219",
"indicator--59387666-79d8-4f61-a087-19d10a016219",
"indicator--59387667-e2c4-47fc-be6c-19d30a016219",
"indicator--59387667-5a70-46f1-8fd3-15f40a016219",
"indicator--59387668-f53c-42ae-af8c-15f50a016219",
"indicator--59387668-6584-40de-9f0c-1a120a016219",
"indicator--59387669-dbb0-4d65-8c0a-12080a016219",
"indicator--59387669-5b5c-4e23-89a9-19d20a016219",
"indicator--5938766a-393c-452d-86d0-19d10a016219",
"indicator--5938766a-5af0-48e7-976c-12090a016219",
"indicator--5938766b-5df0-4c9d-b995-120b0a016219",
"indicator--5938766b-9ca0-4324-910c-120c0a016219",
"indicator--5938766c-c47c-46e7-a758-19d20a016219",
"indicator--5938766c-3380-4137-adbe-15f40a016219",
"indicator--5938766d-adb4-4daa-817d-12080a016219",
"indicator--5938766d-fe5c-40ad-ad9b-15f50a016219",
"indicator--5938766e-2c14-42ff-8178-1a120a016219",
"indicator--5938766e-b2d4-47ea-a3b4-19d30a016219",
"indicator--5938766f-5fc4-44a4-a1c3-19d20a016219",
"indicator--59387670-f6fc-4d85-a8e1-120c0a016219",
"indicator--59387670-bb54-40f7-9098-15f40a016219",
"indicator--59387671-dbb8-461d-bee6-19d10a016219",
"indicator--59387671-d18c-4f5e-9773-120b0a016219",
"indicator--59387672-c67c-4581-86d4-12090a016219",
"indicator--59387672-36d0-4fc8-8484-12080a016219",
"indicator--59387673-3af8-4616-826d-19d20a016219",
"indicator--59387673-ca30-4100-b403-1a120a016219",
"indicator--59387674-7ee8-4f4f-8c9e-15f50a016219",
"indicator--59387674-5b24-4075-9633-120c0a016219",
"indicator--59387675-8494-4466-8c67-19d30a016219",
"indicator--59387675-33b0-43a7-9610-15f40a016219",
"indicator--59387676-ec74-43f4-8a1e-19d10a016219",
"indicator--59387677-0f34-4de1-afb5-120b0a016219",
"indicator--59387677-e248-41a6-aaf8-12090a016219",
"indicator--59387678-8d5c-44dd-a3f3-12080a016219",
"indicator--59387678-9ed4-44fb-8ad7-19d20a016219",
"indicator--59387679-783c-4abe-b9c6-1a120a016219",
"indicator--59387679-5018-439b-9fde-15f50a016219",
"indicator--5938767a-567c-4323-96bc-120c0a016219",
"indicator--5938767a-3070-4f07-9567-19d30a016219",
"indicator--5938767b-4940-4055-8cf7-15f40a016219",
"indicator--5938767b-7a6c-48d0-8a0d-120b0a016219",
"indicator--5938767c-a3c0-48e1-bcc0-19d10a016219",
"indicator--5938767c-ca58-4ebb-8aaf-12080a016219",
"indicator--5938767d-3e54-49de-9a44-19d20a016219",
"indicator--5938767e-7bd8-45a8-bee0-1a120a016219",
"indicator--5938767e-945c-4d56-8c87-15f50a016219",
"indicator--5938767f-f500-4977-85ef-120c0a016219",
"indicator--5938767f-d7ec-495b-8c47-19d30a016219",
"indicator--59387680-322c-4585-8e73-15f40a016219",
"indicator--59387680-d504-48f2-84f0-120b0a016219",
"indicator--59387681-26ac-4fe8-8af6-12080a016219",
"indicator--59387681-0e74-4793-8a1d-12090a016219",
"indicator--59387682-0130-4bd7-92d4-19d20a016219",
"indicator--59387682-c644-4168-b578-19d10a016219",
"indicator--59387683-0604-4321-9018-120c0a016219",
"indicator--59387683-a344-4d08-a1f6-1a120a016219",
"indicator--59387684-cd28-440d-88ad-19d30a016219",
"indicator--59387685-66fc-4271-bc45-15f40a016219",
"indicator--59387685-7c80-4720-a2ff-120b0a016219",
"indicator--59387686-a804-446c-8d74-12080a016219",
"indicator--59387686-6968-423b-ad0e-19d20a016219",
"indicator--59387687-c2e0-413f-b7c9-19d10a016219",
"indicator--59387687-9074-4ec8-a655-120c0a016219",
"indicator--59387688-27ec-4a7c-947c-15f50a016219",
"indicator--59387688-4274-43fe-b700-12090a016219",
"indicator--59387689-d1f8-402c-8c8d-120b0a016219",
"indicator--59387689-216c-4943-b8b0-19d20a016219",
"indicator--5938768a-7b74-40b0-b528-19d30a016219",
"indicator--5938768a-23a4-4b11-bb1b-15f40a016219",
"indicator--5938768b-5e54-4a93-b9a8-12080a016219",
"indicator--5938768b-429c-41a1-8f46-19d10a016219",
"indicator--5938768c-814c-4a4f-ae1a-120c0a016219",
"indicator--5938768d-26dc-4d44-b650-15f50a016219",
"indicator--5938768d-8a6c-4d6e-9513-1a120a016219",
"indicator--5938768e-3158-473a-a251-19d30a016219",
"indicator--5938768e-e060-4999-a9a4-12080a016219",
"indicator--5938768f-0940-4783-be22-15f40a016219",
"indicator--5938768f-09ec-4b7a-a027-12090a016219",
"indicator--59387690-c208-4ca9-9726-120b0a016219",
"indicator--59387690-8b44-4a35-86d8-19d20a016219",
"indicator--59387691-6100-4ffc-874f-19d10a016219",
"indicator--59387691-a1e8-49cf-9a84-120c0a016219",
"indicator--59387692-b3f8-45d7-90e2-15f50a016219",
"indicator--59387692-7814-4ed9-ab0a-12080a016219",
"indicator--59387693-8214-44bc-be87-12090a016219",
"indicator--59387694-2104-4ada-bb65-15f40a016219",
"indicator--59387694-9ad4-425c-87c9-120b0a016219",
"indicator--59387695-17a8-4662-a095-15f50a016219",
"indicator--59387695-bd1c-423e-bdd2-1a120a016219",
"indicator--59387696-7b40-4ae8-82dd-19d20a016219",
"indicator--59387696-c090-44ee-9f11-12090a016219",
"indicator--59387697-4b64-4fe0-acb6-19d10a016219",
"indicator--59387697-f334-40bc-b331-15f40a016219",
"indicator--59387698-72c4-4550-93b3-19d30a016219",
"indicator--59387698-be94-4d90-b678-120b0a016219",
"indicator--59387699-fbd8-4310-9518-15f50a016219",
"indicator--59387699-386c-42f0-b7f7-120c0a016219",
"indicator--5938769a-2fbc-471d-a17c-19d20a016219",
"indicator--5938769a-1990-4d9a-b377-12080a016219",
"indicator--5938769b-437c-432a-b03c-1a120a016219",
"indicator--5938769c-19fc-4f53-a2b2-120b0a016219",
"indicator--5938769c-d6b8-474d-87f6-15f40a016219",
"indicator--5938769d-fca8-4c39-900f-15f50a016219",
"indicator--5938769d-7bdc-4628-9b73-19d30a016219",
"indicator--5938769e-22f0-46ce-86fa-12090a016219",
"indicator--596ceef5-62d4-4e69-b44b-021a0a016219",
"indicator--596cef0b-bea0-40f4-9e25-021a0a016219",
"indicator--596cef0f-ae44-4e15-938a-021b0a016219",
"indicator--596cef10-e138-412f-81f0-7b520a016219",
"indicator--596cef11-3064-4ad0-941b-7b550a016219",
"indicator--596cef12-c668-4f42-9a4e-7b540a016219",
"indicator--596cef12-39b4-4d45-ad1f-02190a016219",
"indicator--596cef13-8c0c-47b9-b4f3-021a0a016219",
"indicator--596cef15-2564-4bcd-ae37-021c0a016219",
"indicator--596cef16-cacc-4da7-a81a-7b510a016219",
"indicator--596cef1d-7964-4279-bbba-021a0a016219",
"indicator--596cef1d-89bc-49cf-8844-021c0a016219",
"indicator--596cef24-3e80-4341-998e-7b520a016219",
"indicator--596cef25-07e0-4e3f-a173-02160a016219",
"indicator--596cef26-b168-4788-a265-7b540a016219",
"indicator--596cef27-beb4-4168-ac46-7b550a016219",
"indicator--596cef27-8818-42ff-a0dc-02190a016219",
"indicator--596cef28-788c-45a6-9ce6-7b530a016219",
"indicator--596cef29-0c58-4eec-8f3f-021a0a016219",
"indicator--596cef2b-5294-419d-95a1-021c0a016219",
"indicator--596cef33-1480-4122-9ebf-021b0a016219",
"indicator--596cef33-6074-4466-bf16-7b530a016219",
"indicator--596cef34-eae4-40aa-9961-7b510a016219",
"indicator--596cef34-2e68-4b83-ac02-021c0a016219",
"indicator--596cef35-22f0-46a7-a449-02190a016219",
"indicator--596cef36-0034-4132-b099-7b550a016219",
"indicator--596cef37-4724-4a2e-9ddb-7b520a016219",
"indicator--596cef37-69b0-4250-8427-7b540a016219",
"indicator--596cef38-5e64-430d-a165-7b550a016219",
"indicator--596cef39-5a0c-43e7-8a9e-02160a016219",
"indicator--596cef3a-0218-4b8e-9c72-021a0a016219",
"indicator--596cef3a-5630-4e8e-8e31-7b530a016219",
"indicator--596cef3b-8414-4cd9-a2a2-02190a016219",
"indicator--596cef3c-afa0-4f0f-be04-7b520a016219",
"indicator--596cef3d-39c4-4986-9c54-021b0a016219",
"indicator--596cef3e-4928-4523-ba04-021c0a016219",
"indicator--596cef3e-5960-4397-bdfe-7b540a016219",
"indicator--596cef3f-94a4-4e50-bd0f-7b550a016219",
"indicator--596cef40-a7bc-4b7f-b21e-02160a016219",
"indicator--596cef41-d76c-46c5-948d-021a0a016219",
"indicator--596cef44-1af8-4cda-9f75-021a0a016219",
"indicator--596cef45-f504-48fe-978f-7b510a016219",
"indicator--596cef45-b024-4166-b8c9-7b550a016219",
"indicator--596cef46-b740-481d-aeb8-02160a016219",
"indicator--596cef47-28e0-4168-a97e-7b540a016219"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"Stantinko"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762a-20f0-435b-bb00-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:50.000Z",
"modified": "2017-06-07T21:54:50.000Z",
"pattern": "[file:hashes.SHA1 = 'b14af8814fe0398ffa8f5b0d76141b576e5cce27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762b-4ac0-4f2c-ac35-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:51.000Z",
"modified": "2017-06-07T21:54:51.000Z",
"pattern": "[file:hashes.SHA1 = 'fbdbabc6c3e274b99bdfdab79e53b29eccf114ef']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762b-a338-4ffe-a659-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:51.000Z",
"modified": "2017-06-07T21:54:51.000Z",
"pattern": "[file:hashes.SHA1 = '526b86ca02cceaf5d23c467c1d1f81dd0a36e4b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762c-c5ec-4eee-a9e6-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:52.000Z",
"modified": "2017-06-07T21:54:52.000Z",
"pattern": "[file:hashes.SHA1 = 'e79acfbf8d339507373b892700b27b3b795e424f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762c-db54-429c-b450-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:52.000Z",
"modified": "2017-06-07T21:54:52.000Z",
"pattern": "[file:hashes.SHA1 = 'c55918adc6d2e74809777b306e361ea01a35fc05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762d-154c-462f-a260-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:53.000Z",
"modified": "2017-06-07T21:54:53.000Z",
"pattern": "[domain-name:value = 'wsaudio.com' AND domain-name:resolves_to_refs[*].value = '178.20.157.189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762d-5904-48d8-8e07-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:53.000Z",
"modified": "2017-06-07T21:54:53.000Z",
"pattern": "[domain-name:value = 'wsaudio.com' AND domain-name:resolves_to_refs[*].value = '204.155.30.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762e-ba14-423c-81c4-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:54.000Z",
"modified": "2017-06-07T21:54:54.000Z",
"pattern": "[domain-name:value = 'wsaudio.com' AND domain-name:resolves_to_refs[*].value = '217.12.203.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762e-f31c-4729-a027-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:54.000Z",
"modified": "2017-06-07T21:54:54.000Z",
"pattern": "[domain-name:value = 'wsaudio.com' AND domain-name:resolves_to_refs[*].value = '178.20.157.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762f-1870-4571-9585-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:55.000Z",
"modified": "2017-06-07T21:54:55.000Z",
"pattern": "[domain-name:value = 'wsaudio.com' AND domain-name:resolves_to_refs[*].value = '185.86.76.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938762f-14c4-4322-be63-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:55.000Z",
"modified": "2017-06-07T21:54:55.000Z",
"pattern": "[domain-name:value = 'clients2.ultimate-discounter.com' AND domain-name:resolves_to_refs[*].value = '95.46.98.137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387630-e040-45e0-a8a7-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:56.000Z",
"modified": "2017-06-07T21:54:56.000Z",
"pattern": "[domain-name:value = 'ghosterystore.com' AND domain-name:resolves_to_refs[*].value = '178.20.159.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387630-f4bc-4d89-813c-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:56.000Z",
"modified": "2017-06-07T21:54:56.000Z",
"pattern": "[domain-name:value = 'ghosterystore.com' AND domain-name:resolves_to_refs[*].value = '95.46.98.12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387631-9280-48c4-ac30-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:57.000Z",
"modified": "2017-06-07T21:54:57.000Z",
"pattern": "[domain-name:value = 'robothemes.net' AND domain-name:resolves_to_refs[*].value = '178.20.159.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387631-1c08-4023-bef7-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:57.000Z",
"modified": "2017-06-07T21:54:57.000Z",
"pattern": "[domain-name:value = 'robothemes.net' AND domain-name:resolves_to_refs[*].value = '80.87.202.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387632-ffd0-4f9a-8c20-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:58.000Z",
"modified": "2017-06-07T21:54:58.000Z",
"pattern": "[domain-name:value = 'robothemes.net' AND domain-name:resolves_to_refs[*].value = '185.48.239.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387632-1600-40ea-9b70-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:58.000Z",
"modified": "2017-06-07T21:54:58.000Z",
"pattern": "[domain-name:value = 'clients3.ultimate-discounter.com' AND domain-name:resolves_to_refs[*].value = '37.97.245.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387633-a0cc-48da-a0ad-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:59.000Z",
"modified": "2017-06-07T21:54:59.000Z",
"pattern": "[domain-name:value = 'upd-discounter.com' AND domain-name:resolves_to_refs[*].value = '178.20.159.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387633-c0b4-46dc-b2be-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:54:59.000Z",
"modified": "2017-06-07T21:54:59.000Z",
"pattern": "[domain-name:value = 'ultimate-discounter.org' AND domain-name:resolves_to_refs[*].value = '62.109.0.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:54:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387634-8948-4504-aa43-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:00.000Z",
"modified": "2017-06-07T21:55:00.000Z",
"pattern": "[domain-name:value = 'ultimate-discounter.org' AND domain-name:resolves_to_refs[*].value = '185.28.22.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387635-b108-4acf-a24f-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:01.000Z",
"modified": "2017-06-07T21:55:01.000Z",
"pattern": "[domain-name:value = 'udiscount.net' AND domain-name:resolves_to_refs[*].value = '62.109.0.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387635-4440-4a60-bde6-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:01.000Z",
"modified": "2017-06-07T21:55:01.000Z",
"pattern": "[domain-name:value = 'vp9codec.com' AND domain-name:resolves_to_refs[*].value = '136.144.141.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387636-ed00-437f-95a0-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:02.000Z",
"modified": "2017-06-07T21:55:02.000Z",
"pattern": "[domain-name:value = 'vp9codec.com' AND domain-name:resolves_to_refs[*].value = '107.174.224.254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387636-b2a0-4161-b45b-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:02.000Z",
"modified": "2017-06-07T21:55:02.000Z",
"pattern": "[domain-name:value = 'vp9codec.com' AND domain-name:resolves_to_refs[*].value = '185.47.62.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387637-443c-4b5c-916b-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:03.000Z",
"modified": "2017-06-07T21:55:03.000Z",
"pattern": "[domain-name:value = 'clients1.ultimate-discounter.com' AND domain-name:resolves_to_refs[*].value = '62.109.0.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387637-7e00-46a6-b098-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:03.000Z",
"modified": "2017-06-07T21:55:03.000Z",
"pattern": "[domain-name:value = 'hdr-group.org' AND domain-name:resolves_to_refs[*].value = '210.16.101.206']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387638-a64c-4b83-8cf2-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:04.000Z",
"modified": "2017-06-07T21:55:04.000Z",
"pattern": "[domain-name:value = 'hdr-group.org' AND domain-name:resolves_to_refs[*].value = '144.217.240.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387638-b268-438f-9179-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:04.000Z",
"modified": "2017-06-07T21:55:04.000Z",
"pattern": "[domain-name:value = 'hdr-group.org' AND domain-name:resolves_to_refs[*].value = '88.99.154.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387639-01f0-4075-8633-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:05.000Z",
"modified": "2017-06-07T21:55:05.000Z",
"pattern": "[domain-name:value = 'icloudsrv.com' AND domain-name:resolves_to_refs[*].value = '178.20.157.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387639-17ec-40c9-970c-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:05.000Z",
"modified": "2017-06-07T21:55:05.000Z",
"pattern": "[domain-name:value = 'icloudsrv.com' AND domain-name:resolves_to_refs[*].value = '85.17.194.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763a-9558-4142-b535-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:06.000Z",
"modified": "2017-06-07T21:55:06.000Z",
"pattern": "[domain-name:value = 'icloudsrv.com' AND domain-name:resolves_to_refs[*].value = '178.20.159.89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763a-99a8-4405-b1fd-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:06.000Z",
"modified": "2017-06-07T21:55:06.000Z",
"pattern": "[domain-name:value = 'update.ultimate-discounter.com' AND domain-name:resolves_to_refs[*].value = '178.20.159.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763b-f210-49b1-a931-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:07.000Z",
"modified": "2017-06-07T21:55:07.000Z",
"pattern": "[domain-name:value = 'udiscounter.org' AND domain-name:resolves_to_refs[*].value = '178.20.159.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763c-c00c-4916-9272-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:08.000Z",
"modified": "2017-06-07T21:55:08.000Z",
"pattern": "[domain-name:value = 'biosysltd.com' AND domain-name:resolves_to_refs[*].value = '185.118.164.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763c-e680-4a4b-ad6b-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:08.000Z",
"modified": "2017-06-07T21:55:08.000Z",
"pattern": "[domain-name:value = 'biosysltd.com' AND domain-name:resolves_to_refs[*].value = '185.125.218.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763d-ad10-4bb3-ab03-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:09.000Z",
"modified": "2017-06-07T21:55:09.000Z",
"pattern": "[domain-name:value = 'biosysltd.com' AND domain-name:resolves_to_refs[*].value = '95.213.235.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763d-2b98-45ad-92f6-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:09.000Z",
"modified": "2017-06-07T21:55:09.000Z",
"pattern": "[domain-name:value = 'biosysltd.com' AND domain-name:resolves_to_refs[*].value = '82.146.59.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763e-5cac-4a91-9f62-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:10.000Z",
"modified": "2017-06-07T21:55:10.000Z",
"pattern": "[domain-name:value = 'biosysltd.com' AND domain-name:resolves_to_refs[*].value = '185.127.24.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763e-6478-4a58-adaf-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:10.000Z",
"modified": "2017-06-07T21:55:10.000Z",
"pattern": "[domain-name:value = 'wadgeotrust.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763f-2ba8-4c05-b24f-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:11.000Z",
"modified": "2017-06-07T21:55:11.000Z",
"pattern": "[domain-name:value = 'wsslupdate.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938763f-2460-4df4-9cab-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:11.000Z",
"modified": "2017-06-07T21:55:11.000Z",
"pattern": "[domain-name:value = 'wsslupd.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387640-f2e8-44de-9698-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:12.000Z",
"modified": "2017-06-07T21:55:12.000Z",
"pattern": "[domain-name:value = 'kbdmai.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387640-251c-4aa3-a78d-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:12.000Z",
"modified": "2017-06-07T21:55:12.000Z",
"pattern": "[domain-name:value = 'ksober.in']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387641-c0b8-424d-b844-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:13.000Z",
"modified": "2017-06-07T21:55:13.000Z",
"pattern": "[domain-name:value = 'mserrep.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387641-0ae4-4e58-a23c-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:13.000Z",
"modified": "2017-06-07T21:55:13.000Z",
"pattern": "[domain-name:value = 'wupdateservice.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387642-a32c-4b1b-83f1-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:14.000Z",
"modified": "2017-06-07T21:55:14.000Z",
"pattern": "[domain-name:value = 'd3dupdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387642-7d3c-4c88-9375-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:14.000Z",
"modified": "2017-06-07T21:55:14.000Z",
"pattern": "[domain-name:value = 'dhtservice.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387643-4618-4279-b58e-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:15.000Z",
"modified": "2017-06-07T21:55:15.000Z",
"first_observed": "2017-06-07T21:55:15Z",
"last_observed": "2017-06-07T21:55:15Z",
"number_observed": 1,
"object_refs": [
"mutex--59387643-4618-4279-b58e-120b0a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387643-4618-4279-b58e-120b0a016219",
"name": "Global\\BitStreamSvc"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387644-4d6c-45fd-bdd6-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:16.000Z",
"modified": "2017-06-07T21:55:16.000Z",
"first_observed": "2017-06-07T21:55:16Z",
"last_observed": "2017-06-07T21:55:16Z",
"number_observed": 1,
"object_refs": [
"mutex--59387644-4d6c-45fd-bdd6-12090a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387644-4d6c-45fd-bdd6-12090a016219",
"name": "Global\\D3DAdapter_ServiceEvent"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387644-dfac-4d98-9909-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:16.000Z",
"modified": "2017-06-07T21:55:16.000Z",
"first_observed": "2017-06-07T21:55:16Z",
"last_observed": "2017-06-07T21:55:16Z",
"number_observed": 1,
"object_refs": [
"mutex--59387644-dfac-4d98-9909-12080a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387644-dfac-4d98-9909-12080a016219",
"name": "Global\\Intel_hctrl32"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387645-75a4-4940-a7f2-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:17.000Z",
"modified": "2017-06-07T21:55:17.000Z",
"first_observed": "2017-06-07T21:55:17Z",
"last_observed": "2017-06-07T21:55:17Z",
"number_observed": 1,
"object_refs": [
"mutex--59387645-75a4-4940-a7f2-120c0a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387645-75a4-4940-a7f2-120c0a016219",
"name": "Global\\KBDMAIServiceEvent"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387645-45e0-47c7-861b-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:17.000Z",
"modified": "2017-06-07T21:55:17.000Z",
"first_observed": "2017-06-07T21:55:17Z",
"last_observed": "2017-06-07T21:55:17Z",
"number_observed": 1,
"object_refs": [
"mutex--59387645-45e0-47c7-861b-1a120a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387645-45e0-47c7-861b-1a120a016219",
"name": "Global\\Kbdmai_ServiceEvent"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387646-6488-49b4-96bc-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:18.000Z",
"modified": "2017-06-07T21:55:18.000Z",
"first_observed": "2017-06-07T21:55:18Z",
"last_observed": "2017-06-07T21:55:18Z",
"number_observed": 1,
"object_refs": [
"mutex--59387646-6488-49b4-96bc-15f50a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387646-6488-49b4-96bc-15f50a016219",
"name": "Global\\OptimizeSataDevices"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387646-d168-4193-b0ad-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:18.000Z",
"modified": "2017-06-07T21:55:18.000Z",
"first_observed": "2017-06-07T21:55:18Z",
"last_observed": "2017-06-07T21:55:18Z",
"number_observed": 1,
"object_refs": [
"mutex--59387646-d168-4193-b0ad-19d20a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387646-d168-4193-b0ad-19d20a016219",
"name": "Global\\ServiceLibEvent"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387647-332c-48d3-a50d-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:19.000Z",
"modified": "2017-06-07T21:55:19.000Z",
"first_observed": "2017-06-07T21:55:19Z",
"last_observed": "2017-06-07T21:55:19Z",
"number_observed": 1,
"object_refs": [
"mutex--59387647-332c-48d3-a50d-19d30a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387647-332c-48d3-a50d-19d30a016219",
"name": "Global\\ThemeControl"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387647-1c20-4aef-8bd0-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:19.000Z",
"modified": "2017-06-07T21:55:19.000Z",
"first_observed": "2017-06-07T21:55:19Z",
"last_observed": "2017-06-07T21:55:19Z",
"number_observed": 1,
"object_refs": [
"mutex--59387647-1c20-4aef-8bd0-120b0a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387647-1c20-4aef-8bd0-120b0a016219",
"name": "Global\\WBiosrvp"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387648-71b4-42c0-a073-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:20.000Z",
"modified": "2017-06-07T21:55:20.000Z",
"first_observed": "2017-06-07T21:55:20Z",
"last_observed": "2017-06-07T21:55:20Z",
"number_observed": 1,
"object_refs": [
"mutex--59387648-71b4-42c0-a073-12080a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387648-71b4-42c0-a073-12080a016219",
"name": "Global\\Wlan_Manager_Initialize"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59387648-06e8-4079-88c5-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:20.000Z",
"modified": "2017-06-07T21:55:20.000Z",
"first_observed": "2017-06-07T21:55:20Z",
"last_observed": "2017-06-07T21:55:20Z",
"number_observed": 1,
"object_refs": [
"mutex--59387648-06e8-4079-88c5-12090a016219"
],
"labels": [
"misp:type=\"mutex\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "mutex",
"spec_version": "2.1",
"id": "mutex--59387648-06e8-4079-88c5-12090a016219",
"name": "Global\\Wsaudio_Initialize"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387649-2b80-499a-b2eb-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:21.000Z",
"modified": "2017-06-07T21:55:21.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\BitStreamSvc\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387649-8428-4477-9082-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:21.000Z",
"modified": "2017-06-07T21:55:21.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\services\\\\Bonjoiur Host Controller\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764a-7558-4515-9f18-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:22.000Z",
"modified": "2017-06-07T21:55:22.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\services\\\\Coupons Browser Update Service\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764a-d4bc-44ac-86e6-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:22.000Z",
"modified": "2017-06-07T21:55:22.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\services\\\\d3dadapter\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764b-e45c-4a68-b4e0-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:23.000Z",
"modified": "2017-06-07T21:55:23.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\Ghostery Storage Server\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764b-6644-4ede-b10d-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:23.000Z",
"modified": "2017-06-07T21:55:23.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\services\\\\ihctrl32\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764c-6ea4-42e6-9b3b-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:24.000Z",
"modified": "2017-06-07T21:55:24.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\services\\\\ir16_32\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764d-7a44-488e-bf0f-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:24.000Z",
"modified": "2017-06-07T21:55:24.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\services\\\\KBDMAI\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764d-c6bc-4e99-91d4-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:25.000Z",
"modified": "2017-06-07T21:55:25.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\optsatadc\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764e-dc60-41ff-958e-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:26.000Z",
"modified": "2017-06-07T21:55:26.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\services\\\\themctrl\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764e-b940-43ee-b10e-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:26.000Z",
"modified": "2017-06-07T21:55:26.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\wbiosrvp\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764f-587c-48b1-90a1-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:27.000Z",
"modified": "2017-06-07T21:55:27.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\wlanmgr\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938764f-10dc-439f-b0ab-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:27.000Z",
"modified": "2017-06-07T21:55:27.000Z",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SYSTEM\\\\CurrentControlSet\\\\Services\\\\wsaudio\\\\']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387650-0134-4c70-b3e3-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:28.000Z",
"modified": "2017-06-07T21:55:28.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.188.161.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387650-8fe0-4914-a114-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:28.000Z",
"modified": "2017-06-07T21:55:28.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.181.174.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387651-f56c-4a29-a298-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:29.000Z",
"modified": "2017-06-07T21:55:29.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.28.22.22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387651-532c-4011-9a2c-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:29.000Z",
"modified": "2017-06-07T21:55:29.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.226.218.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387652-9268-4f56-ace9-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:30.000Z",
"modified": "2017-06-07T21:55:30.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\brut\\cms\\facebook\\facebookbot\\Release\\facebookbot.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387652-eca0-4662-95b8-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:30.000Z",
"modified": "2017-06-07T21:55:30.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\plugins\\Release\\get_hdd_serial_number.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387653-66dc-4a40-8ae8-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:31.000Z",
"modified": "2017-06-07T21:55:31.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\plugins\\Release\\remove_plugins_installer.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387653-e838-4c20-a890-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:31.000Z",
"modified": "2017-06-07T21:55:31.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\plugins\\Release\\remove_zaxar.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387654-6db8-4c07-9269-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:32.000Z",
"modified": "2017-06-07T21:55:32.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\plugins\\Release\\reset_safesurfing_flag.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387654-3864-444f-b909-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:32.000Z",
"modified": "2017-06-07T21:55:32.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\bstreamsvc.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387655-f1fc-443a-af30-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:33.000Z",
"modified": "2017-06-07T21:55:33.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\bstreamsvc_setup.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387656-9008-45a1-b7b8-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:34.000Z",
"modified": "2017-06-07T21:55:34.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release DRTIPROV\\ir16_32.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387656-d250-4af7-b994-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:34.000Z",
"modified": "2017-06-07T21:55:34.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\first_service.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387657-f7cc-46ed-b0bc-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:35.000Z",
"modified": "2017-06-07T21:55:35.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\first_service_setup.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387657-cff8-40b5-a906-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:35.000Z",
"modified": "2017-06-07T21:55:35.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\ihctrl32.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387658-c1d8-4e62-b26d-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:36.000Z",
"modified": "2017-06-07T21:55:36.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\ihctrl32_setup.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387658-8374-4d67-9a79-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:36.000Z",
"modified": "2017-06-07T21:55:36.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\ir16_32.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387659-def4-4811-84e4-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:37.000Z",
"modified": "2017-06-07T21:55:37.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\optsatadc.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59387659-232c-443b-84d0-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:37.000Z",
"modified": "2017-06-07T21:55:37.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\optsatadc_setup.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5938765a-f970-442d-ade8-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:38.000Z",
"modified": "2017-06-07T21:55:38.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\themctrl.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5938765a-84f0-4957-80d2-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:38.000Z",
"modified": "2017-06-07T21:55:38.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\themctrl_setup.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5938765b-c024-43d7-aadb-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:39.000Z",
"modified": "2017-06-07T21:55:39.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\wbiosrvp_setup.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5938765b-6fb8-4e01-a018-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:39.000Z",
"modified": "2017-06-07T21:55:39.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\service\\service\\Release\\wsaudio_setup.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5938765c-8670-4d6b-868d-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:40.000Z",
"modified": "2017-06-07T21:55:40.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "D:\\work\\ultdr\\udsetup\\Release\\udsetup_winapi_morphed.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5938765c-920c-45d6-a70c-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:40.000Z",
"modified": "2017-06-07T21:55:40.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "Z:\\source\\service\\Release\\ir16_32.pdb"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5938765d-3100-4884-8a2e-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:41.000Z",
"modified": "2017-06-07T21:55:41.000Z",
"labels": [
"misp:type=\"pdb\"",
"misp:category=\"Artifacts dropped\""
],
"x_misp_category": "Artifacts dropped",
"x_misp_type": "pdb",
"x_misp_value": "Z:\\source\\service\\Release\\setup_serv.pdb"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938765d-dfdc-46b9-a1e7-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:41.000Z",
"modified": "2017-06-07T21:55:41.000Z",
"pattern": "[file:name = 'md_Films-174131.exe' AND file:hashes.SHA1 = '8e3d8606ed916152b8f70d5e38026569bb7a20c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938765e-abd4-47ce-99ef-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:42.000Z",
"modified": "2017-06-07T21:55:42.000Z",
"pattern": "[file:name = 'kbdmai.dll' AND file:hashes.SHA1 = '0fa4a2c2f41056e071097bf9db5312e820e3512a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938765f-c2e4-47ba-a940-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:43.000Z",
"modified": "2017-06-07T21:55:43.000Z",
"pattern": "[file:name = 'kbdmai.dll' AND file:hashes.SHA1 = '199da0c38eb00e495d864d95f078912eeb35639a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938765f-1860-4473-bc9e-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:43.000Z",
"modified": "2017-06-07T21:55:43.000Z",
"pattern": "[file:name = 'kbdmai.dll' AND file:hashes.SHA1 = '5287ce5827ffeec6957f1f6dc769d25482479ee3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387660-9ff4-4a35-a75f-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:44.000Z",
"modified": "2017-06-07T21:55:44.000Z",
"pattern": "[file:name = 'kbdmai.dll' AND file:hashes.SHA1 = 'da4634bd5b96519697d06d9a8f18b735302a65ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387660-9b9c-49c1-8888-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:44.000Z",
"modified": "2017-06-07T21:55:44.000Z",
"pattern": "[file:name = 'yasetup.exe' AND file:hashes.SHA1 = 'd1f774d54bcc176ac33900085b27f62a1732b9b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387661-0c3c-4405-9d6c-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:45.000Z",
"modified": "2017-06-07T21:55:45.000Z",
"pattern": "[file:name = 'npapihelper.dll' AND file:hashes.SHA1 = '1accd83d48f041ff362c2b8f2dcf96d6f1583168']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387661-c19c-411a-bc63-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:45.000Z",
"modified": "2017-06-07T21:55:45.000Z",
"pattern": "[file:name = 'udservice.exe' AND file:hashes.SHA1 = '0a7c1817a49e9c258df7b3cfc416bc16a8d28c0b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387662-d3a4-4c23-8cf8-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:46.000Z",
"modified": "2017-06-07T21:55:46.000Z",
"pattern": "[file:name = 'udservice.exe' AND file:hashes.SHA1 = '352e05dc607af2ee7cd3bd3ffcc546d3d29f786e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387662-54e0-43ac-b7be-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:46.000Z",
"modified": "2017-06-07T21:55:46.000Z",
"pattern": "[file:name = 'Word 2016.exe' AND file:hashes.SHA1 = '2e9f4c6bd233799aa2afec9c440c737ae4114dde']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387663-52c8-4c83-86cb-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:47.000Z",
"modified": "2017-06-07T21:55:47.000Z",
"pattern": "[file:name = 'safe_surfing_x86_32.nexe' AND file:hashes.SHA1 = '340622c8d335cde73eeaa96f461440edcb7d4c52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387663-73a8-4928-9aa6-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:47.000Z",
"modified": "2017-06-07T21:55:47.000Z",
"pattern": "[file:name = 'themctrl.dll' AND file:hashes.SHA1 = '03a5849e0dbe89e0727c8c37f4259623c9c131e3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387664-9b80-4c16-b078-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:48.000Z",
"modified": "2017-06-07T21:55:48.000Z",
"pattern": "[file:name = 'themctrl.dll' AND file:hashes.SHA1 = '544ed609f59c6fb2c96a566631293109172375f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387664-513c-457c-93eb-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:48.000Z",
"modified": "2017-06-07T21:55:48.000Z",
"pattern": "[file:name = 'themctrl.dll' AND file:hashes.SHA1 = '6004089b1678104252e02e272443a993106c912b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387665-8380-427c-8f67-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:49.000Z",
"modified": "2017-06-07T21:55:49.000Z",
"pattern": "[file:name = 'themctrl.dll' AND file:hashes.SHA1 = '6b0fc0f7bcf63db2778634644f5819e6247ad524']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387665-45e8-40b5-b77a-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:49.000Z",
"modified": "2017-06-07T21:55:49.000Z",
"pattern": "[file:name = 'themctrl.dll' AND file:hashes.SHA1 = '6db4be7100b317fd9cbc136dc95c4017f6d56612']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387666-79d8-4f61-a087-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:50.000Z",
"modified": "2017-06-07T21:55:50.000Z",
"pattern": "[file:name = 'themctrl.dll' AND file:hashes.SHA1 = 'f09352158b443fa3db0567ef4147d94d37dbdd09']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387667-e2c4-47fc-be6c-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:51.000Z",
"modified": "2017-06-07T21:55:51.000Z",
"pattern": "[file:name = 'themctrl.dll' AND file:hashes.SHA1 = 'f3846aef680eaa1931f75977b2add060d2bd3167']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387667-5a70-46f1-8fd3-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:51.000Z",
"modified": "2017-06-07T21:55:51.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '11354e648e41529972e6696631e035cf8bf0c537']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387668-f53c-42ae-af8c-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:52.000Z",
"modified": "2017-06-07T21:55:52.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '1817b2b958fe7fce0d0383b8d304bd55a6feceb2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387668-6584-40de-9f0c-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:52.000Z",
"modified": "2017-06-07T21:55:52.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '1baf0a6e8c9ddbdfff825686c2ba7e846fb65aec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387669-dbb0-4d65-8c0a-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:53.000Z",
"modified": "2017-06-07T21:55:53.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '272aeca0b66ed1dea435059481c8ee7045e44e23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387669-5b5c-4e23-89a9-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:53.000Z",
"modified": "2017-06-07T21:55:53.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '31883581fe416a454a00b223357ecaf6e4353497']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766a-393c-452d-86d0-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:54.000Z",
"modified": "2017-06-07T21:55:54.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '31e119c3d252c2ae1c18e554dcf47ed359a67ad2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766a-5af0-48e7-976c-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:54.000Z",
"modified": "2017-06-07T21:55:54.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '36e11c5bfa3c05094b3fbba39697533f63b299db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766b-5df0-4c9d-b995-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:55.000Z",
"modified": "2017-06-07T21:55:55.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '52d9d26ef37a3b42a0d68e4383b73fd4d2b10018']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766b-9ca0-4324-910c-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:55.000Z",
"modified": "2017-06-07T21:55:55.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '56696ca2e4c85541909391e086e7d934601656d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766c-c47c-46e7-a758-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:56.000Z",
"modified": "2017-06-07T21:55:56.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '587659a8ab5617594f8064ef16caad082a773c7a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766c-3380-4137-adbe-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:56.000Z",
"modified": "2017-06-07T21:55:56.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '84d9f7f46810b1add636b07c4068517ad1b3fd07']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766d-adb4-4daa-817d-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:57.000Z",
"modified": "2017-06-07T21:55:57.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '8843f69f530a712568567a2d53da01889ff9acb9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766d-fe5c-40ad-ad9b-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:57.000Z",
"modified": "2017-06-07T21:55:57.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = '957c69e52e2a3a16838051598a7b2e5ba3d54836']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766e-2c14-42ff-8178-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:58.000Z",
"modified": "2017-06-07T21:55:58.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = 'acaf69efc397031a7ca14e8e4b6e2d9e9de28892']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766e-b2d4-47ea-a3b4-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:58.000Z",
"modified": "2017-06-07T21:55:58.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = 'd2770182ce996454aa8eafa5c96629accf05a06a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938766f-5fc4-44a4-a1c3-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:55:59.000Z",
"modified": "2017-06-07T21:55:59.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = 'd6a59f6dd9e39ee26059c43d2e097a823770e161']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:55:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387670-f6fc-4d85-a8e1-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:00.000Z",
"modified": "2017-06-07T21:56:00.000Z",
"pattern": "[file:name = 'd3dadapter.dll' AND file:hashes.SHA1 = 'f9dc53a63d721d0936be8c04331e341ac2558162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387670-bb54-40f7-9098-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:00.000Z",
"modified": "2017-06-07T21:56:00.000Z",
"pattern": "[file:name = 'first_service_setup.dll' AND file:hashes.SHA1 = '0146f1042b360c8080d4d05ff523c3b80ac88069']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387671-dbb8-461d-bee6-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:01.000Z",
"modified": "2017-06-07T21:56:01.000Z",
"pattern": "[file:name = 'first_service_setup.dll' AND file:hashes.SHA1 = 'ef3aff545c48f658c021dc3e5f574aed50be726e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387671-d18c-4f5e-9773-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:01.000Z",
"modified": "2017-06-07T21:56:01.000Z",
"pattern": "[file:name = 'all_Films_4922.exe' AND file:hashes.SHA1 = 'a5c3076f4e38a9e497f120558db669fdd139e702']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387672-c67c-4581-86d4-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:02.000Z",
"modified": "2017-06-07T21:56:02.000Z",
"pattern": "[file:name = 'facebook_bot.dll' AND file:hashes.SHA1 = 'd643f426b9faf032ff5af7d070d2e5115b3c2e46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387672-36d0-4fc8-8484-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:02.000Z",
"modified": "2017-06-07T21:56:02.000Z",
"pattern": "[file:name = 'fdclient.dll' AND file:hashes.SHA1 = '0876f8d54f152b1aba741004635c53a835007226']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387673-3af8-4616-826d-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:03.000Z",
"modified": "2017-06-07T21:56:03.000Z",
"pattern": "[file:name = 'fdclient.dll' AND file:hashes.SHA1 = '51196dd8d364947b17acfa3efcfc1afa86cd44c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387673-ca30-4100-b403-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:03.000Z",
"modified": "2017-06-07T21:56:03.000Z",
"pattern": "[file:name = 'fdclient.dll' AND file:hashes.SHA1 = '886749473a29b887e8f8a79a7c3fb620d30bcb01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387674-7ee8-4f4f-8c9e-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:04.000Z",
"modified": "2017-06-07T21:56:04.000Z",
"pattern": "[file:name = 'fdclient.dll' AND file:hashes.SHA1 = '96b3a1fdfe1aa113b7791c15a57cfbbd360cc223']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387674-5b24-4075-9633-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:04.000Z",
"modified": "2017-06-07T21:56:04.000Z",
"pattern": "[file:name = 'fdclient.dll' AND file:hashes.SHA1 = 'b35da904e72868361954a27e87521ee4e0fd0ac6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387675-8494-4466-8c67-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:05.000Z",
"modified": "2017-06-07T21:56:05.000Z",
"pattern": "[file:name = 'fdclient.dll' AND file:hashes.SHA1 = 'b705f104de0e8e43da9ac13ba5f42dd3da21037b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387675-33b0-43a7-9610-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:05.000Z",
"modified": "2017-06-07T21:56:05.000Z",
"pattern": "[file:name = 'fdclient.dll' AND file:hashes.SHA1 = 'd06de631aaa7a7bc1fffa12054111bec2a7d838d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387676-ec74-43f4-8a1e-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:06.000Z",
"modified": "2017-06-07T21:56:06.000Z",
"pattern": "[file:name = 'safe_surfing_arm.nexe ' AND file:hashes.SHA1 = '49603fec4dfa0ac5af3300039522855920d84530']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387677-0f34-4de1-afb5-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:07.000Z",
"modified": "2017-06-07T21:56:07.000Z",
"pattern": "[file:name = 'ihctrl32_setup.dll' AND file:hashes.SHA1 = 'c9c2d2239c5371dcd6a36ae66380b615578e5b04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387677-e248-41a6-aaf8-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:07.000Z",
"modified": "2017-06-07T21:56:07.000Z",
"pattern": "[file:name = 'create_certificate.dll' AND file:hashes.SHA1 = '729b6f4d97f76dce0f474d7d9f5e15fdd01e4998']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387678-8d5c-44dd-a3f3-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:08.000Z",
"modified": "2017-06-07T21:56:08.000Z",
"pattern": "[file:name = 'Project_tracks_forced.exe' AND file:hashes.SHA1 = 'd274fd9c8afc8fb2dae8e81e4f6cc41592c385df']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387678-9ed4-44fb-8ad7-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:08.000Z",
"modified": "2017-06-07T21:56:08.000Z",
"pattern": "[file:name = 's4y_Films-174132.exe' AND file:hashes.SHA1 = '30139fb0b37472d02fe5ecb62f211ccfe727fd6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387679-783c-4abe-b9c6-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:09.000Z",
"modified": "2017-06-07T21:56:09.000Z",
"pattern": "[file:name = 'udsetup.exe' AND file:hashes.SHA1 = '52f44d45563944cf7735bcb6f0c448c3e9f19d04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387679-5018-439b-9fde-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:09.000Z",
"modified": "2017-06-07T21:56:09.000Z",
"pattern": "[file:name = 'bstreamsvc.dll' AND file:hashes.SHA1 = '1d50cf65d326545b02c3eaef99faeaaa5629ae94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767a-567c-4323-96bc-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:10.000Z",
"modified": "2017-06-07T21:56:10.000Z",
"pattern": "[file:name = 'bstreamsvc.dll' AND file:hashes.SHA1 = 'c7a04f5a7a09d9674b2ca50edad882e050785169']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767a-3070-4f07-9567-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:10.000Z",
"modified": "2017-06-07T21:56:10.000Z",
"pattern": "[file:name = 'bstreamsvc.dll' AND file:hashes.SHA1 = 'eae094fda8d431cb8cdefc9687c8b4cb1b7e2a22']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767b-4940-4055-8cf7-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:11.000Z",
"modified": "2017-06-07T21:56:11.000Z",
"pattern": "[file:name = 'bstreamsvc_setup.dll' AND file:hashes.SHA1 = 'b8aa1b3dec9b4b16b6a4bc274c093eed09e2bc4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767b-7a6c-48d0-8a0d-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:11.000Z",
"modified": "2017-06-07T21:56:11.000Z",
"pattern": "[file:name = 'wsaudio.dll' AND file:hashes.SHA1 = '138addb8845c5f1999e2ccadb3bb7fc57d8acce8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767c-a3c0-48e1-bcc0-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:12.000Z",
"modified": "2017-06-07T21:56:12.000Z",
"pattern": "[file:name = 'wsaudio.dll' AND file:hashes.SHA1 = '2a9a15ed58cd54142e149db48511b8fd4efb1e89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767c-ca58-4ebb-8aaf-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:12.000Z",
"modified": "2017-06-07T21:56:12.000Z",
"pattern": "[file:name = 'wsaudio.dll' AND file:hashes.SHA1 = '5b54776d3c0085596ed7ff695a90b299b575dafb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767d-3e54-49de-9a44-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:13.000Z",
"modified": "2017-06-07T21:56:13.000Z",
"pattern": "[file:name = 'wsaudio.dll' AND file:hashes.SHA1 = '758fe5df8edac61101af35aa1f4440dbec617f25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767e-7bd8-45a8-bee0-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:14.000Z",
"modified": "2017-06-07T21:56:14.000Z",
"pattern": "[file:name = 'wsaudio.dll' AND file:hashes.SHA1 = '8bba63fd06fc0948579a0f780ec4c0916f265d29']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767e-945c-4d56-8c87-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:14.000Z",
"modified": "2017-06-07T21:56:14.000Z",
"pattern": "[file:name = 'wsaudio.dll' AND file:hashes.SHA1 = 'b84598b0329dde4b93fc32be2abac020f7b1e7d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767f-f500-4977-85ef-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:15.000Z",
"modified": "2017-06-07T21:56:15.000Z",
"pattern": "[file:name = 'biosysrt.dll' AND file:hashes.SHA1 = '3a543e3cfe380ae404759fcce4b3e25de52246c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938767f-d7ec-495b-8c47-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:15.000Z",
"modified": "2017-06-07T21:56:15.000Z",
"pattern": "[file:name = 'bhctrl32.exe' AND file:hashes.SHA1 = '125cede073fc3578c9d4c92a858b92c6d551bb0e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387680-322c-4585-8e73-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:16.000Z",
"modified": "2017-06-07T21:56:16.000Z",
"pattern": "[file:name = 'bhctrl32.exe' AND file:hashes.SHA1 = 'a2956b05909e48f82f6fc9a690a64d4f0b2a61c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387680-d504-48f2-84f0-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:16.000Z",
"modified": "2017-06-07T21:56:16.000Z",
"pattern": "[file:name = 'bhctrl32.exe' AND file:hashes.SHA1 = 'd40cac5db9a23b372e606039dce080bcfb9830cc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387681-26ac-4fe8-8af6-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:17.000Z",
"modified": "2017-06-07T21:56:17.000Z",
"pattern": "[file:name = 'bhctrl32.exe' AND file:hashes.SHA1 = 'fe25d078dfd99091c3ef189567728bd087750fae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387681-0e74-4793-8a1d-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:17.000Z",
"modified": "2017-06-07T21:56:17.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = '032b324368b3854f4ec96be74e067d146b43f856']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387682-0130-4bd7-92d4-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:18.000Z",
"modified": "2017-06-07T21:56:18.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = '0b64f28dd56d4869ed7ecaea81d0f7e6dcbefa36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387682-c644-4168-b578-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:18.000Z",
"modified": "2017-06-07T21:56:18.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = '4fd7a5f602e4645eb8f21baa127edeb9c76ccb50']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387683-0604-4321-9018-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:19.000Z",
"modified": "2017-06-07T21:56:19.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = '728718d1ad01b07fcd31c0a4fa2c975b98db29f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387683-a344-4d08-a1f6-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:19.000Z",
"modified": "2017-06-07T21:56:19.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = '742ea38f09ff53626194d8b411e290b09f93eda4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387684-cd28-440d-88ad-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:20.000Z",
"modified": "2017-06-07T21:56:20.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = '80c4a4fd10409742c10b4399ad7c31afea726a8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387685-66fc-4271-bc45-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:21.000Z",
"modified": "2017-06-07T21:56:21.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = 'b6cfda9777eef218e36a1a082c175cb6121cdb48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387685-7c80-4720-a2ff-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:21.000Z",
"modified": "2017-06-07T21:56:21.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = 'bc126956059188e2155113d2f77d5ff632b9d420']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387686-a804-446c-8d74-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:22.000Z",
"modified": "2017-06-07T21:56:22.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = 'cb89f13d6efbb8eba87ab3fe3ac92a0aa738ad2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387686-6968-423b-ad0e-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:22.000Z",
"modified": "2017-06-07T21:56:22.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = 'd00c953fd7d6cb686036bb264d52f38c2cecea76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387687-c2e0-413f-b7c9-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:23.000Z",
"modified": "2017-06-07T21:56:23.000Z",
"pattern": "[file:name = 'ihctrl32.dll' AND file:hashes.SHA1 = 'f74ed6dfb1719924197459d7e5cfdf00568b86fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387687-9074-4ec8-a655-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:23.000Z",
"modified": "2017-06-07T21:56:23.000Z",
"pattern": "[file:name = 'ir16_32.dll' AND file:hashes.SHA1 = '8ef4e038e14e2c853dd304df78c3cf09176adb65']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387688-27ec-4a7c-947c-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:24.000Z",
"modified": "2017-06-07T21:56:24.000Z",
"pattern": "[file:name = 'ir16_32.dll' AND file:hashes.SHA1 = '962aa58834b2d071d3f8c68e893d3fdc2fee32f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387688-4274-43fe-b700-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:24.000Z",
"modified": "2017-06-07T21:56:24.000Z",
"pattern": "[file:name = 'ir16_32.dll' AND file:hashes.SHA1 = '9f79f982f8eef45d5a1fc3120c5dea2d8ec618a0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387689-d1f8-402c-8c8d-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:25.000Z",
"modified": "2017-06-07T21:56:25.000Z",
"pattern": "[file:name = 'ir16_32.dll' AND file:hashes.SHA1 = 'b85e4652910d413d19718b819736b44133fdb332']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387689-216c-4943-b8b0-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:25.000Z",
"modified": "2017-06-07T21:56:25.000Z",
"pattern": "[file:name = 'ir16_32.dll' AND file:hashes.SHA1 = 'c269c83b3d18c01daf9c296a198323889d339b9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768a-7b74-40b0-b528-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:26.000Z",
"modified": "2017-06-07T21:56:26.000Z",
"pattern": "[file:name = 'ir16_32.dll' AND file:hashes.SHA1 = 'c9f1232dc368a828f576d6f9e8922c0df27a33db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768a-23a4-4b11-bb1b-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:26.000Z",
"modified": "2017-06-07T21:56:26.000Z",
"pattern": "[file:name = 'ir16_32.dll' AND file:hashes.SHA1 = 'e8d9f9a6bec99be13ffdf3d2f5ef74ef634eb508']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768b-5e54-4a93-b9a8-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:27.000Z",
"modified": "2017-06-07T21:56:27.000Z",
"pattern": "[file:name = 'optsatadc_setup.dll' AND file:hashes.SHA1 = '326406a85486418b0df5878b38a2436f11082411']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768b-429c-41a1-8f46-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:27.000Z",
"modified": "2017-06-07T21:56:27.000Z",
"pattern": "[file:name = 'clearcache.dll' AND file:hashes.SHA1 = '899a71baabfcf47f5fe31a651271d038c2619edf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768c-814c-4a4f-ae1a-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:28.000Z",
"modified": "2017-06-07T21:56:28.000Z",
"pattern": "[file:name = '9183_Hello_Amigo_track.exe' AND file:hashes.SHA1 = '7167649eb03569c2643bcf2c2f2164ea0d803a8d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768d-26dc-4d44-b650-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:29.000Z",
"modified": "2017-06-07T21:56:29.000Z",
"pattern": "[file:name = 'search_parser.dll' AND file:hashes.SHA1 = '2e726a679d32d6a29ecc7a9215409defa3085150']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768d-8a6c-4d6e-9513-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:29.000Z",
"modified": "2017-06-07T21:56:29.000Z",
"pattern": "[file:name = 's4m_Films-174133.exe' AND file:hashes.SHA1 = '40863793206684a021abb1e24d524fddf8410ab6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768e-3158-473a-a251-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:30.000Z",
"modified": "2017-06-07T21:56:30.000Z",
"pattern": "[file:name = 'APIHelper.dll' AND file:hashes.SHA1 = '84a055d8e4bdf1f140c4dca3d2d7738027e07115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768e-e060-4999-a9a4-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:30.000Z",
"modified": "2017-06-07T21:56:30.000Z",
"pattern": "[file:name = 'get_hdd.dll' AND file:hashes.SHA1 = 'f90bbf5444f42b383b26350231dfda002911801a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768f-0940-4783-be22-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:31.000Z",
"modified": "2017-06-07T21:56:31.000Z",
"pattern": "[file:name = 'vp9core.dll' AND file:hashes.SHA1 = 'c897a193a13a60cc98aaad9cb9e18aecb68797de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938768f-09ec-4b7a-a027-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:31.000Z",
"modified": "2017-06-07T21:56:31.000Z",
"pattern": "[file:name = 'vp9core.dll' AND file:hashes.SHA1 = 'ff9181c441aaa9108bc35b45b989b2725ad4bbf9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387690-c208-4ca9-9726-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:32.000Z",
"modified": "2017-06-07T21:56:32.000Z",
"pattern": "[file:name = 'remove_plugins_installer.dll' AND file:hashes.SHA1 = 'ad4e55cf03f9c24abe2c533ee33facd7c70a2eda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387690-8b44-4a35-86d8-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:32.000Z",
"modified": "2017-06-07T21:56:32.000Z",
"pattern": "[file:name = 'radmin.dll' AND file:hashes.SHA1 = 'bfc7c0383cd87382575543c89e99eb41898f59eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387691-6100-4ffc-874f-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:33.000Z",
"modified": "2017-06-07T21:56:33.000Z",
"pattern": "[file:name = 'KBDMAI_ExtInstaller.dll' AND file:hashes.SHA1 = '343e52b0d30775305951252101526eaedc8a0d01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387691-a1e8-49cf-9a84-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:33.000Z",
"modified": "2017-06-07T21:56:33.000Z",
"pattern": "[file:name = 'KBDMAI_ExtInstaller.dll' AND file:hashes.SHA1 = 'd212f66683f29b5a88afe2b6b9450dae3dd73eb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387692-b3f8-45d7-90e2-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:34.000Z",
"modified": "2017-06-07T21:56:34.000Z",
"pattern": "[file:name = 'wbiosrvp.dll' AND file:hashes.SHA1 = '420a98f44832c11d4e56037f1f267207830ba03b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387692-7814-4ed9-ab0a-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:34.000Z",
"modified": "2017-06-07T21:56:34.000Z",
"pattern": "[file:name = 'wbiosrvp.dll' AND file:hashes.SHA1 = '8750e5e2647c6a9dab1e0ae60cc42246da2186b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387693-8214-44bc-be87-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:35.000Z",
"modified": "2017-06-07T21:56:35.000Z",
"pattern": "[file:name = 'wbiosrvp.dll' AND file:hashes.SHA1 = 'f613948ce8f5358b9940ee22e9fcfc26f171637d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387694-2104-4ada-bb65-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:36.000Z",
"modified": "2017-06-07T21:56:36.000Z",
"pattern": "[file:name = 'zaxar.dll' AND file:hashes.SHA1 = 'c05d2646029df48e262061def69dd8a55bf40f75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387694-9ad4-425c-87c9-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:36.000Z",
"modified": "2017-06-07T21:56:36.000Z",
"pattern": "[file:name = 'wlanmgr.dll' AND file:hashes.SHA1 = '10e2b8a796766a6f83278799be16b1bf47544f2b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387695-17a8-4662-a095-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:37.000Z",
"modified": "2017-06-07T21:56:37.000Z",
"pattern": "[file:name = 'wlanmgr.dll' AND file:hashes.SHA1 = '12553394ae9c099d9079df19f0680cbe5cd780d4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387695-bd1c-423e-bdd2-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:37.000Z",
"modified": "2017-06-07T21:56:37.000Z",
"pattern": "[file:name = 'wlanmgr.dll' AND file:hashes.SHA1 = '1c8d54f0db1136fa067f88a0ad8f0a8225854e72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387696-7b40-4ae8-82dd-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:38.000Z",
"modified": "2017-06-07T21:56:38.000Z",
"pattern": "[file:name = 'wlanmgr.dll' AND file:hashes.SHA1 = '3af1739a03b3a70705e44049b008df34290ce3bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387696-c090-44ee-9f11-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:38.000Z",
"modified": "2017-06-07T21:56:38.000Z",
"pattern": "[file:name = 'wlanmgr.dll' AND file:hashes.SHA1 = '6141110309ef5c08dec5746dbfb25b6302c6d887']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387697-4b64-4fe0-acb6-19d10a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:39.000Z",
"modified": "2017-06-07T21:56:39.000Z",
"pattern": "[file:name = 'wlanmgr.dll' AND file:hashes.SHA1 = '6fae5e3bb8910fccf89208e3377c8aad802d9bf8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387697-f334-40bc-b331-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:39.000Z",
"modified": "2017-06-07T21:56:39.000Z",
"pattern": "[file:name = 'wlanmgr.dll' AND file:hashes.SHA1 = '7743bcab7a2d77f83197f31a01c754c73be46eaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387698-72c4-4550-93b3-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:40.000Z",
"modified": "2017-06-07T21:56:40.000Z",
"pattern": "[file:name = 'reset_safesurfing_flag.dll' AND file:hashes.SHA1 = 'a9c96e00c1d1b7aaee01c30719c5068bbe196b20']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387698-be94-4d90-b678-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:40.000Z",
"modified": "2017-06-07T21:56:40.000Z",
"pattern": "[file:name = 'safe_surfing_x86_64.nexe' AND file:hashes.SHA1 = '43a108a22925282d9ac02b8752eacf796b532c1e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387699-fbd8-4310-9518-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:41.000Z",
"modified": "2017-06-07T21:56:41.000Z",
"pattern": "[file:name = '20_search_top.exe' AND file:hashes.SHA1 = '06eb77205e4822a4369e9c7b43f4554248dd6ffa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59387699-386c-42f0-b7f7-120c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:41.000Z",
"modified": "2017-06-07T21:56:41.000Z",
"pattern": "[file:name = 'wsaudio_setup.dll' AND file:hashes.SHA1 = 'cd47c020bf420964be329a3f2bc7fee83bd2face']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769a-2fbc-471d-a17c-19d20a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:42.000Z",
"modified": "2017-06-07T21:56:42.000Z",
"pattern": "[file:name = 'brutplugin.dll' AND file:hashes.SHA1 = '5fa986f18bdda5c6ad4c2f2cf9608752ac797377']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769a-1990-4d9a-b377-12080a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:42.000Z",
"modified": "2017-06-07T21:56:42.000Z",
"pattern": "[file:name = 'APIHelper_64.dll' AND file:hashes.SHA1 = 'bcbc28219d47097fbce312da450b84079689a0bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769b-437c-432a-b03c-1a120a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:43.000Z",
"modified": "2017-06-07T21:56:43.000Z",
"pattern": "[file:name = 'certificate.dll' AND file:hashes.SHA1 = 'db83be912a25d99f501212fed8fa45672d362e67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769c-19fc-4f53-a2b2-120b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:44.000Z",
"modified": "2017-06-07T21:56:44.000Z",
"pattern": "[file:name = 'optsatadc.dll' AND file:hashes.SHA1 = '3b2d848030289f8f569c80193dd940fa3ae396c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769c-d6b8-474d-87f6-15f40a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:44.000Z",
"modified": "2017-06-07T21:56:44.000Z",
"pattern": "[file:name = 'optsatadc.dll' AND file:hashes.SHA1 = '4d3a703db690e975540d6d29cdab2f75fbbcb61c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769d-fca8-4c39-900f-15f50a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:45.000Z",
"modified": "2017-06-07T21:56:45.000Z",
"pattern": "[file:name = 'optsatadc.dll' AND file:hashes.SHA1 = 'ade31cc1161c06a968b68c15e4ce249ae82bc35d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769d-7bdc-4628-9b73-19d30a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:45.000Z",
"modified": "2017-06-07T21:56:45.000Z",
"pattern": "[file:name = 'optsatadc.dll' AND file:hashes.SHA1 = 'be756ba78f52061ae745fc3d01d97300f06f70f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5938769e-22f0-46ce-86fa-12090a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-06-07T21:56:46.000Z",
"modified": "2017-06-07T21:56:46.000Z",
"pattern": "[file:name = 'ghstore.exe' AND file:hashes.SHA1 = 'e2f2532632a0acbc6367716f82f7b62d64b896b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-07T21:56:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596ceef5-62d4-4e69-b44b-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:05.000Z",
"modified": "2017-07-17T17:08:05.000Z",
"pattern": "[domain-name:value = 'hdr-group.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef0b-bea0-40f4-9e25-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:27.000Z",
"modified": "2017-07-17T17:08:27.000Z",
"pattern": "[domain-name:value = 'teddysave.me' AND domain-name:resolves_to_refs[*].value = '91.206.30.108']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef0f-ae44-4e15-938a-021b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:31.000Z",
"modified": "2017-07-17T17:08:31.000Z",
"pattern": "[domain-name:value = 'icloudsrv.info' AND domain-name:resolves_to_refs[*].value = '85.17.194.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef10-e138-412f-81f0-7b520a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:32.000Z",
"modified": "2017-07-17T17:08:32.000Z",
"pattern": "[domain-name:value = 'icloudsrv.info' AND domain-name:resolves_to_refs[*].value = '178.20.157.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef11-3064-4ad0-941b-7b550a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:33.000Z",
"modified": "2017-07-17T17:08:33.000Z",
"pattern": "[domain-name:value = 'icloudsrv.info' AND domain-name:resolves_to_refs[*].value = '178.20.159.89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef12-c668-4f42-9a4e-7b540a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:34.000Z",
"modified": "2017-07-17T17:08:34.000Z",
"pattern": "[domain-name:value = 'icloudsrv.net' AND domain-name:resolves_to_refs[*].value = '85.17.194.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef12-39b4-4d45-ad1f-02190a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:34.000Z",
"modified": "2017-07-17T17:08:34.000Z",
"pattern": "[domain-name:value = 'icloudsrv.net' AND domain-name:resolves_to_refs[*].value = '178.20.157.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef13-8c0c-47b9-b4f3-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:35.000Z",
"modified": "2017-07-17T17:08:35.000Z",
"pattern": "[domain-name:value = 'icloudsrv.net' AND domain-name:resolves_to_refs[*].value = '178.20.159.89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef15-2564-4bcd-ae37-021c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:37.000Z",
"modified": "2017-07-17T17:08:37.000Z",
"pattern": "[domain-name:value = 'tmrobo.com' AND domain-name:resolves_to_refs[*].value = '89.108.124.228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef16-cacc-4da7-a81a-7b510a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:38.000Z",
"modified": "2017-07-17T17:08:38.000Z",
"pattern": "[domain-name:value = 'teddy-protection.com' AND domain-name:resolves_to_refs[*].value = '91.206.30.109']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef1d-7964-4279-bbba-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:45.000Z",
"modified": "2017-07-17T17:08:45.000Z",
"pattern": "[domain-name:value = 'icloudsrv.org' AND domain-name:resolves_to_refs[*].value = '178.20.157.227']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef1d-89bc-49cf-8844-021c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:45.000Z",
"modified": "2017-07-17T17:08:45.000Z",
"pattern": "[domain-name:value = 'icloudsrv.org' AND domain-name:resolves_to_refs[*].value = '178.20.159.89']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef24-3e80-4341-998e-7b520a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:52.000Z",
"modified": "2017-07-17T17:08:52.000Z",
"pattern": "[domain-name:value = 'biosysltd.org' AND domain-name:resolves_to_refs[*].value = '185.125.218.74']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef25-07e0-4e3f-a173-02160a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:53.000Z",
"modified": "2017-07-17T17:08:53.000Z",
"pattern": "[domain-name:value = 'biosysltd.org' AND domain-name:resolves_to_refs[*].value = '185.118.164.190']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef26-b168-4788-a265-7b540a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:54.000Z",
"modified": "2017-07-17T17:08:54.000Z",
"pattern": "[domain-name:value = 'biosysltd.org' AND domain-name:resolves_to_refs[*].value = '185.127.24.151']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef27-beb4-4168-ac46-7b550a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:55.000Z",
"modified": "2017-07-17T17:08:55.000Z",
"pattern": "[domain-name:value = 'biosysltd.org' AND domain-name:resolves_to_refs[*].value = '95.213.235.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef27-8818-42ff-a0dc-02190a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:55.000Z",
"modified": "2017-07-17T17:08:55.000Z",
"pattern": "[domain-name:value = 'biosysltd.org' AND domain-name:resolves_to_refs[*].value = '82.146.59.86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef28-788c-45a6-9ce6-7b530a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:56.000Z",
"modified": "2017-07-17T17:08:56.000Z",
"pattern": "[domain-name:value = 'safesurfing.me' AND domain-name:resolves_to_refs[*].value = '185.28.22.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef29-0c58-4eec-8f3f-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:57.000Z",
"modified": "2017-07-17T17:08:57.000Z",
"pattern": "[domain-name:value = 'nvccupdate.com' AND domain-name:resolves_to_refs[*].value = '93.188.161.17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef2b-5294-419d-95a1-021c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:08:59.000Z",
"modified": "2017-07-17T17:08:59.000Z",
"pattern": "[domain-name:value = 'apihelper.org' AND domain-name:resolves_to_refs[*].value = '178.20.157.140']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:08:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef33-1480-4122-9ebf-021b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:06.000Z",
"modified": "2017-07-17T17:09:06.000Z",
"pattern": "[domain-name:value = 'wannaupdate.com' AND domain-name:resolves_to_refs[*].value = '178.20.159.56']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef33-6074-4466-bf16-7b530a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:07.000Z",
"modified": "2017-07-17T17:09:07.000Z",
"pattern": "[domain-name:value = 'hdr-group.info' AND domain-name:resolves_to_refs[*].value = '80.82.67.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef34-eae4-40aa-9961-7b510a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:08.000Z",
"modified": "2017-07-17T17:09:08.000Z",
"pattern": "[domain-name:value = 'hdr-group.info' AND domain-name:resolves_to_refs[*].value = '88.99.154.39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef34-2e68-4b83-ac02-021c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:08.000Z",
"modified": "2017-07-17T17:09:08.000Z",
"pattern": "[domain-name:value = 'hdr-group.info' AND domain-name:resolves_to_refs[*].value = '144.217.240.28']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef35-22f0-46a7-a449-02190a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:09.000Z",
"modified": "2017-07-17T17:09:09.000Z",
"pattern": "[domain-name:value = 'hdr-group.info' AND domain-name:resolves_to_refs[*].value = '149.56.201.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef36-0034-4132-b099-7b550a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:10.000Z",
"modified": "2017-07-17T17:09:10.000Z",
"pattern": "[domain-name:value = 'wsaudio.org' AND domain-name:resolves_to_refs[*].value = '185.86.76.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef37-4724-4a2e-9ddb-7b520a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:11.000Z",
"modified": "2017-07-17T17:09:11.000Z",
"pattern": "[domain-name:value = 'wsaudio.org' AND domain-name:resolves_to_refs[*].value = '178.20.157.189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef37-69b0-4250-8427-7b540a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:11.000Z",
"modified": "2017-07-17T17:09:11.000Z",
"pattern": "[domain-name:value = 'wsaudio.org' AND domain-name:resolves_to_refs[*].value = '204.155.30.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef38-5e64-430d-a165-7b550a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:12.000Z",
"modified": "2017-07-17T17:09:12.000Z",
"pattern": "[domain-name:value = 'wsaudio.org' AND domain-name:resolves_to_refs[*].value = '178.20.157.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef39-5a0c-43e7-8a9e-02160a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:13.000Z",
"modified": "2017-07-17T17:09:13.000Z",
"pattern": "[domain-name:value = 'wsaudio.org' AND domain-name:resolves_to_refs[*].value = '217.12.203.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3a-0218-4b8e-9c72-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:14.000Z",
"modified": "2017-07-17T17:09:14.000Z",
"pattern": "[domain-name:value = 'judgebear.pro' AND domain-name:resolves_to_refs[*].value = '18.220.21.112']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3a-5630-4e8e-8e31-7b530a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:14.000Z",
"modified": "2017-07-17T17:09:14.000Z",
"pattern": "[domain-name:value = 'vp9codec.net' AND domain-name:resolves_to_refs[*].value = '185.47.62.128']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3b-8414-4cd9-a2a2-02190a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:15.000Z",
"modified": "2017-07-17T17:09:15.000Z",
"pattern": "[domain-name:value = 'vp9codec.net' AND domain-name:resolves_to_refs[*].value = '104.237.4.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3c-afa0-4f0f-be04-7b520a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:16.000Z",
"modified": "2017-07-17T17:09:16.000Z",
"pattern": "[domain-name:value = 'vp9codec.net' AND domain-name:resolves_to_refs[*].value = '136.144.141.253']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3d-39c4-4986-9c54-021b0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:17.000Z",
"modified": "2017-07-17T17:09:17.000Z",
"pattern": "[domain-name:value = 'wsaudio.net' AND domain-name:resolves_to_refs[*].value = '178.20.157.189']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3e-4928-4523-ba04-021c0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:18.000Z",
"modified": "2017-07-17T17:09:18.000Z",
"pattern": "[domain-name:value = 'wsaudio.net' AND domain-name:resolves_to_refs[*].value = '217.12.203.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3e-5960-4397-bdfe-7b540a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:18.000Z",
"modified": "2017-07-17T17:09:18.000Z",
"pattern": "[domain-name:value = 'wsaudio.net' AND domain-name:resolves_to_refs[*].value = '185.86.76.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef3f-94a4-4e50-bd0f-7b550a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:19.000Z",
"modified": "2017-07-17T17:09:19.000Z",
"pattern": "[domain-name:value = 'wsaudio.net' AND domain-name:resolves_to_refs[*].value = '178.20.157.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef40-a7bc-4b7f-b21e-02160a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:20.000Z",
"modified": "2017-07-17T17:09:20.000Z",
"pattern": "[domain-name:value = 'wsaudio.net' AND domain-name:resolves_to_refs[*].value = '204.155.30.72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef41-d76c-46c5-948d-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:21.000Z",
"modified": "2017-07-17T17:09:21.000Z",
"pattern": "[domain-name:value = 'rdsbase.com' AND domain-name:resolves_to_refs[*].value = '13.58.249.138']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef44-1af8-4cda-9f75-021a0a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:24.000Z",
"modified": "2017-07-17T17:09:24.000Z",
"pattern": "[domain-name:value = 'superbear.pro' AND domain-name:resolves_to_refs[*].value = '13.58.23.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef45-f504-48fe-978f-7b510a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:25.000Z",
"modified": "2017-07-17T17:09:25.000Z",
"pattern": "[domain-name:value = 'tmrobo.org' AND domain-name:resolves_to_refs[*].value = '80.87.202.246']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef45-b024-4166-b8c9-7b550a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:25.000Z",
"modified": "2017-07-17T17:09:25.000Z",
"pattern": "[domain-name:value = 'tmrobo.org' AND domain-name:resolves_to_refs[*].value = '89.108.124.228']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef46-b740-481d-aeb8-02160a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:26.000Z",
"modified": "2017-07-17T17:09:26.000Z",
"pattern": "[domain-name:value = 'tmrobo.org' AND domain-name:resolves_to_refs[*].value = '178.20.159.77']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--596cef47-28e0-4168-a97e-7b540a016219",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2017-07-17T17:09:27.000Z",
"modified": "2017-07-17T17:09:27.000Z",
"pattern": "[domain-name:value = 'tmrobo.org' AND domain-name:resolves_to_refs[*].value = '185.48.239.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-07-17T17:09:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain|ip\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
}
]
}
Reference in a new issue Copy permalink