adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/599e9eb0-ddc0-4349-ad1c-4f26950d210f.json

2050 lines
87 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--599e9eb0-ddc0-4349-ad1c-4f26950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T07:38:47.000Z",
"modified": "2017-08-25T07:38:47.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--599e9eb0-ddc0-4349-ad1c-4f26950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T07:38:47.000Z",
"modified": "2017-08-25T07:38:47.000Z",
"name": "OSINT - Meet Ovidiy Stealer: Bringing credential theft to the masses",
"published": "2017-08-25T07:39:19Z",
"object_refs": [
"observed-data--599e9ebd-9208-4ed8-b32a-410f950d210f",
"url--599e9ebd-9208-4ed8-b32a-410f950d210f",
"x-misp-attribute--599e9ecd-73bc-4057-a78c-48e9950d210f",
"indicator--599e9f00-fa30-4352-a502-466d950d210f",
"indicator--599e9f00-a444-4856-b6f4-4efc950d210f",
"indicator--599e9f00-228c-423d-973c-453a950d210f",
"indicator--599e9f00-4830-4c83-b261-40ee950d210f",
"indicator--599e9f00-1a28-46d3-854c-457a950d210f",
"indicator--599e9f00-915c-4077-bfac-420e950d210f",
"indicator--599e9f00-7100-462f-b397-4f3a950d210f",
"indicator--599e9f00-4d04-4f99-8503-4712950d210f",
"indicator--599e9f00-5760-4712-9dc3-4786950d210f",
"indicator--599e9f00-8650-4b41-80ea-4b64950d210f",
"indicator--599e9f00-cbf0-4398-bf22-4a70950d210f",
"indicator--599e9f00-e618-4c17-b54a-4330950d210f",
"indicator--599e9f00-3c7c-4aaf-9fb7-4c03950d210f",
"indicator--599e9f00-dfd4-4060-abbc-4990950d210f",
"indicator--599e9fd3-4690-4bf8-b641-4e80950d210f",
"indicator--599e9fd3-9b80-4895-8db9-465a950d210f",
"indicator--599e9fd3-2bf8-44a8-844e-4f0e950d210f",
"indicator--599ea175-a590-4393-afec-48f3950d210f",
"indicator--599ea175-c9fc-4798-8c87-4eec950d210f",
"indicator--599ea175-0ff8-4dee-ac2f-48fc950d210f",
"indicator--599ea175-97b8-4011-875d-41ad950d210f",
"indicator--599ea175-ca6c-434c-9256-40b9950d210f",
"indicator--599ea175-6b48-412d-baff-411a950d210f",
"indicator--599ea175-9370-40d9-addd-4c3d950d210f",
"indicator--599ea175-7f0c-4099-9a9f-4613950d210f",
"indicator--599ea175-e8f8-4c8f-b6b2-4def950d210f",
"indicator--599ea175-d750-4372-be74-448d950d210f",
"indicator--599edcf9-f964-4928-a56a-465102de0b81",
"indicator--599edcf9-1954-4fc0-8b83-479f02de0b81",
"observed-data--599edcf9-975c-4433-9e0e-451402de0b81",
"url--599edcf9-975c-4433-9e0e-451402de0b81",
"indicator--599edcf9-f278-43e7-a5bf-490302de0b81",
"indicator--599edcf9-4708-47d5-9c43-402502de0b81",
"observed-data--599edcf9-ed7c-4189-8481-432f02de0b81",
"url--599edcf9-ed7c-4189-8481-432f02de0b81",
"indicator--599edcf9-aee0-4ea9-b4ed-4e5202de0b81",
"indicator--599edcf9-023c-463d-b91c-483d02de0b81",
"observed-data--599edcf9-d1dc-4d58-b68e-436b02de0b81",
"url--599edcf9-d1dc-4d58-b68e-436b02de0b81",
"indicator--599edcf9-f310-4e5c-a3ac-403002de0b81",
"indicator--599edcf9-c104-4984-806f-4a8602de0b81",
"observed-data--599edcf9-7e0c-4633-b334-409c02de0b81",
"url--599edcf9-7e0c-4633-b334-409c02de0b81",
"indicator--599edcf9-80bc-4865-b100-4b7c02de0b81",
"indicator--599edcf9-1d24-4bbb-92b5-42c002de0b81",
"observed-data--599edcf9-69e0-48a7-836d-495f02de0b81",
"url--599edcf9-69e0-48a7-836d-495f02de0b81",
"indicator--599edcf9-43e0-422a-b204-428302de0b81",
"indicator--599edcf9-f510-4b3c-8964-467902de0b81",
"observed-data--599edcf9-8a9c-43c7-8574-43ff02de0b81",
"url--599edcf9-8a9c-43c7-8574-43ff02de0b81",
"indicator--599edcf9-3cac-4d69-ae42-434602de0b81",
"indicator--599edcf9-03a0-4ff7-8e7b-4a8c02de0b81",
"observed-data--599edcf9-44e4-4c78-8259-4cef02de0b81",
"url--599edcf9-44e4-4c78-8259-4cef02de0b81",
"indicator--599edcf9-a740-4186-86e0-4cdd02de0b81",
"indicator--599edcfa-1ed8-4441-b1e9-4aaf02de0b81",
"observed-data--599edcfa-e3c4-4c66-bb58-430802de0b81",
"url--599edcfa-e3c4-4c66-bb58-430802de0b81",
"indicator--599edcfa-6054-4f06-991f-4a6d02de0b81",
"indicator--599edcfa-1d60-473e-b4b1-425702de0b81",
"observed-data--599edcfa-8030-478e-a823-46cf02de0b81",
"url--599edcfa-8030-478e-a823-46cf02de0b81",
"indicator--599edcfa-883c-481e-b244-49de02de0b81",
"indicator--599edcfa-a96c-4ef6-87c5-42a302de0b81",
"observed-data--599edcfa-9770-4ee4-9f1b-448602de0b81",
"url--599edcfa-9770-4ee4-9f1b-448602de0b81",
"indicator--599edcfa-e3fc-4cfa-9617-4b1802de0b81",
"indicator--599edcfa-dfac-4701-bc58-4f7b02de0b81",
"observed-data--599edcfa-87c4-4a1e-854b-44b402de0b81",
"url--599edcfa-87c4-4a1e-854b-44b402de0b81",
"indicator--599edcfa-2ac8-4898-afbe-4b2202de0b81",
"indicator--599edcfa-22f4-4452-bf9c-482d02de0b81",
"observed-data--599edcfa-9c90-4850-9ee4-4d9e02de0b81",
"url--599edcfa-9c90-4850-9ee4-4d9e02de0b81",
"indicator--599edcfa-bc30-4e50-8b62-475602de0b81",
"indicator--599edcfa-ac8c-4dcb-a005-49b302de0b81",
"observed-data--599edcfa-432c-4854-9093-4e1a02de0b81",
"url--599edcfa-432c-4854-9093-4e1a02de0b81",
"indicator--599edcfa-6fb0-41c4-a8ce-4b1f02de0b81",
"indicator--599edcfa-b76c-42e3-b4fb-44a402de0b81",
"observed-data--599edcfa-bdc4-4a7d-8010-421002de0b81",
"url--599edcfa-bdc4-4a7d-8010-421002de0b81",
"indicator--599edcfa-e894-422d-9fb1-4a7202de0b81",
"indicator--599edcfa-cb54-4b82-8a59-4d5b02de0b81",
"observed-data--599edcfa-0c30-41c0-a5e0-462202de0b81",
"url--599edcfa-0c30-41c0-a5e0-462202de0b81",
"indicator--599edcfa-a2c8-49b4-8048-4cf102de0b81",
"indicator--599edcfa-2fd4-4495-94b1-499802de0b81",
"observed-data--599edcfa-42b4-4382-ab25-424902de0b81",
"url--599edcfa-42b4-4382-ab25-424902de0b81",
"indicator--599edcfa-7064-4545-9ab5-410502de0b81",
"indicator--599edcfa-28ac-4630-83bb-441302de0b81",
"observed-data--599edcfa-df70-433d-b6bc-460102de0b81",
"url--599edcfa-df70-433d-b6bc-460102de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599e9ebd-9208-4ed8-b32a-410f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"first_observed": "2017-08-24T14:04:40Z",
"last_observed": "2017-08-24T14:04:40Z",
"number_observed": 1,
"object_refs": [
"url--599e9ebd-9208-4ed8-b32a-410f950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599e9ebd-9208-4ed8-b32a-410f950d210f",
"value": "https://www.proofpoint.com/us/threat-insight/post/meet-ovidiy-stealer-bringing-credential-theft-masses"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--599e9ecd-73bc-4057-a78c-48e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Proofpoint threat researchers recently analyzed Ovidiy Stealer, a previously undocumented credential stealer which appears to be marketed primarily in the Russian-speaking regions. It is under constant development, with several updated versions appearing since the original samples were observed in June 2017. The growing number of samples demonstrate that criminals are actively adopting this malware. Ovidiy Stealer is priced at 450-750 Rubles (~$7-13 USD) for one build, a price that includes a precompiled executable that is also \"crypted\" to thwart analysis and detection."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-fa30-4352-a502-466d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-a444-4856-b6f4-4efc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = 'd469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-228c-423d-973c-453a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = 'd5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-4830-4c83-b261-40ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = 'a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-1a28-46d3-854c-457a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = 'c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-915c-4077-bfac-420e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-7100-462f-b397-4f3a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-4d04-4f99-8503-4712950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-5760-4712-9dc3-4786950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = 'c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-8650-4b41-80ea-4b64950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = 'd733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-cbf0-4398-bf22-4a70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-e618-4c17-b54a-4330950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-3c7c-4aaf-9fb7-4c03950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9f00-dfd4-4060-abbc-4990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:hashes.SHA256 = '8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9fd3-4690-4bf8-b641-4e80950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:name = 'Litebitcoin-qt.zip' AND file:hashes.SHA256 = '7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9fd3-9b80-4895-8db9-465a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:name = 'Jora.exe' AND file:hashes.SHA256 = '3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599e9fd3-2bf8-44a8-844e-4f0e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer",
"pattern": "[file:name = 'Uber.exe' AND file:hashes.SHA256 = '5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-a590-4393-afec-48f3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[domain-name:value = 'hideminer.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-c9fc-4798-8c87-4eec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[domain-name:value = 'vkhacktool.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-0ff8-4dee-ac2f-48fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[file:name = 'update_teamspeak3.5.1.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-97b8-4011-875d-41ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[file:name = '2017.txt.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-ca6c-434c-9256-40b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[file:name = 'dice_bot.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-6b48-412d-baff-411a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[file:name = 'v5.4.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-9370-40d9-addd-4c3d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[file:name = '2017.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-7f0c-4099-9a9f-4613950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:06:56.000Z",
"modified": "2017-08-24T14:06:56.000Z",
"description": "social network lure",
"pattern": "[domain-name:value = 'vk.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:06:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-e8f8-4c8f-b6b2-4def950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"pattern": "[file:name = 'BulliTl.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599ea175-d750-4372-be74-448d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:40.000Z",
"modified": "2017-08-24T14:04:40.000Z",
"description": "Ovidiy Stealer C&C",
"pattern": "[domain-name:value = 'ovidiystealer.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-f964-4928-a56a-465102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7",
"pattern": "[file:hashes.SHA1 = '15745e946ef627aacc8b69ddd407f98138e0f477']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-1954-4fc0-8b83-479f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7",
"pattern": "[file:hashes.MD5 = 'c984afc8b7ae320dcf5bf96dfeb810e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcf9-975c-4433-9e0e-451402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"first_observed": "2017-08-24T14:04:41Z",
"last_observed": "2017-08-24T14:04:41Z",
"number_observed": 1,
"object_refs": [
"url--599edcf9-975c-4433-9e0e-451402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcf9-975c-4433-9e0e-451402de0b81",
"value": "https://www.virustotal.com/file/5a44126ea4c5c9bbc3c44fec0346c3071b55fb6abb10ad3299590a3b0e2a8fc7/analysis/1502503297/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-f278-43e7-a5bf-490302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52",
"pattern": "[file:hashes.SHA1 = '8bca84a452b7ad9a81d3090664e98fee1e7842ff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-4708-47d5-9c43-402502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52",
"pattern": "[file:hashes.MD5 = '8bca45495846035b298412fc90a0aabe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcf9-ed7c-4189-8481-432f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"first_observed": "2017-08-24T14:04:41Z",
"last_observed": "2017-08-24T14:04:41Z",
"number_observed": 1,
"object_refs": [
"url--599edcf9-ed7c-4189-8481-432f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcf9-ed7c-4189-8481-432f02de0b81",
"value": "https://www.virustotal.com/file/3ddc17470fb86dcb4b16705eb78bcbcb24dce70545f512ce75c4a0747474ef52/analysis/1503280217/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-aee0-4ea9-b4ed-4e5202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4",
"pattern": "[file:hashes.SHA1 = 'ac09b00558d131de7f26ed858976af1dafaf84af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-023c-463d-b91c-483d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4",
"pattern": "[file:hashes.MD5 = '5be70cd5c167b8320dd4f8b0c0f75942']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcf9-d1dc-4d58-b68e-436b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"first_observed": "2017-08-24T14:04:41Z",
"last_observed": "2017-08-24T14:04:41Z",
"number_observed": 1,
"object_refs": [
"url--599edcf9-d1dc-4d58-b68e-436b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcf9-d1dc-4d58-b68e-436b02de0b81",
"value": "https://www.virustotal.com/file/7de66557dacbabe5228faa294c357ad02c9f07eb2395229f209776bc9a09dfb4/analysis/1503280055/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-f310-4e5c-a3ac-403002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee",
"pattern": "[file:hashes.SHA1 = '9009c964c2d085fed269b7a6c241e7f645bc2689']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-c104-4984-806f-4a8602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee",
"pattern": "[file:hashes.MD5 = '8059b55781edbc4dbc27d50531a50ba9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcf9-7e0c-4633-b334-409c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"first_observed": "2017-08-24T14:04:41Z",
"last_observed": "2017-08-24T14:04:41Z",
"number_observed": 1,
"object_refs": [
"url--599edcf9-7e0c-4633-b334-409c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcf9-7e0c-4633-b334-409c02de0b81",
"value": "https://www.virustotal.com/file/8542a49b3b927d46fefae743b61485004a3540a4e204ee882028a85f08f4b3ee/analysis/1503280178/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-80bc-4865-b100-4b7c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05",
"pattern": "[file:hashes.SHA1 = 'e0d4ed2d470808f33b1384d8b9cec6e16142a17c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-1d24-4bbb-92b5-42c002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05",
"pattern": "[file:hashes.MD5 = '727ae120f5afe39bf9736a43bef17be2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcf9-69e0-48a7-836d-495f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"first_observed": "2017-08-24T14:04:41Z",
"last_observed": "2017-08-24T14:04:41Z",
"number_observed": 1,
"object_refs": [
"url--599edcf9-69e0-48a7-836d-495f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcf9-69e0-48a7-836d-495f02de0b81",
"value": "https://www.virustotal.com/file/22fc445798cd3481018c66b308af8545821b2f8f7f5a86133f562b362fc17a05/analysis/1503280132/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-43e0-422a-b204-428302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410",
"pattern": "[file:hashes.SHA1 = '6b2e2ff345e0001a047d461e8a91ee34b3693617']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-f510-4b3c-8964-467902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410",
"pattern": "[file:hashes.MD5 = 'cd671a726a8498a8fd70c6c76069fb54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcf9-8a9c-43c7-8574-43ff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"first_observed": "2017-08-24T14:04:41Z",
"last_observed": "2017-08-24T14:04:41Z",
"number_observed": 1,
"object_refs": [
"url--599edcf9-8a9c-43c7-8574-43ff02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcf9-8a9c-43c7-8574-43ff02de0b81",
"value": "https://www.virustotal.com/file/80d450ca5b01a086806855356611405b2c87b3822c0c1c38a118bca57d87c410/analysis/1503280442/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-3cac-4d69-ae42-434602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432",
"pattern": "[file:hashes.SHA1 = '83449bf8ae20e93de938a1c9b42a46e831737c04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-03a0-4ff7-8e7b-4a8c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432",
"pattern": "[file:hashes.MD5 = '781e41b558870a28624b892ff028102d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcf9-44e4-4c78-8259-4cef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"first_observed": "2017-08-24T14:04:41Z",
"last_observed": "2017-08-24T14:04:41Z",
"number_observed": 1,
"object_refs": [
"url--599edcf9-44e4-4c78-8259-4cef02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcf9-44e4-4c78-8259-4cef02de0b81",
"value": "https://www.virustotal.com/file/062bd1d88e7b5c08444de559961f68694a445bc69807f57aa4ac581c377bc432/analysis/1503280145/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcf9-a740-4186-86e0-4cdd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:41.000Z",
"modified": "2017-08-24T14:04:41.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4",
"pattern": "[file:hashes.SHA1 = 'd5b5433405e2573bf1f5ad65c8be5571031fc2f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-1ed8-4441-b1e9-4aaf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4",
"pattern": "[file:hashes.MD5 = '3b98ca30e8f7cc3f15427eef1c252d1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-e3c4-4c66-bb58-430802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-e3c4-4c66-bb58-430802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-e3c4-4c66-bb58-430802de0b81",
"value": "https://www.virustotal.com/file/d733dbd549111ecfb732da39bd67d47c631a0b15b2fb4e8ff446b63088cd4ed4/analysis/1503279946/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-6054-4f06-991f-4a6d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d",
"pattern": "[file:hashes.SHA1 = 'aeb9a6e9f2025a62fb33d8514ae4195d40e0f88e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-1d60-473e-b4b1-425702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d",
"pattern": "[file:hashes.MD5 = 'fd239bc850cb5b4c3f6acd7302d7296b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-8030-478e-a823-46cf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-8030-478e-a823-46cf02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-8030-478e-a823-46cf02de0b81",
"value": "https://www.virustotal.com/file/c0bf76eee1a42607236652151e1ff67a5e058e780e487d18e946dad6c2084f5d/analysis/1503280609/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-883c-481e-b244-49de02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04",
"pattern": "[file:hashes.SHA1 = '9a3de133aa79deb5ec598f8db6a2c648102cade2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-a96c-4ef6-87c5-42a302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04",
"pattern": "[file:hashes.MD5 = '36513bdb5dd7832590b3acfc4769aa6d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-9770-4ee4-9f1b-448602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-9770-4ee4-9f1b-448602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-9770-4ee4-9f1b-448602de0b81",
"value": "https://www.virustotal.com/file/84097d78bc73c9d8b4d7f4751c0dbb79da5d8883bd0fd27194cc21e05fdbca04/analysis/1503279937/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-e3fc-4cfa-9617-4b1802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a",
"pattern": "[file:hashes.SHA1 = '3ea8815de77b78b97b81b04aca9af87652601430']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-dfac-4701-bc58-4f7b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a",
"pattern": "[file:hashes.MD5 = '3f9444a748c07c60debd5957749b9e40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-87c4-4a1e-854b-44b402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-87c4-4a1e-854b-44b402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-87c4-4a1e-854b-44b402de0b81",
"value": "https://www.virustotal.com/file/2a54eb17cc418da37fa3a45ceb840882bf1800909753e6431c2e3b0fcef4308a/analysis/1503279960/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-2ac8-4898-afbe-4b2202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec",
"pattern": "[file:hashes.SHA1 = '4ef4206695358cca3819ef3b2a70640c737666a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-22f4-4452-bf9c-482d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec",
"pattern": "[file:hashes.MD5 = '6a12f2e24d148dc375b569cf994662cf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-9c90-4850-9ee4-4d9e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-9c90-4850-9ee4-4d9e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-9c90-4850-9ee4-4d9e02de0b81",
"value": "https://www.virustotal.com/file/255899d86d58a95499473046fcb6ad821ac500af8679635487d9003ba0f7b3ec/analysis/1503280108/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-bc30-4e50-8b62-475602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3",
"pattern": "[file:hashes.SHA1 = 'd03b5ba006986ea5f980468bcec1f245eb92b685']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-ac8c-4dcb-a005-49b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3",
"pattern": "[file:hashes.MD5 = '6838bce2f6c831414df831040fc14287']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-432c-4854-9093-4e1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-432c-4854-9093-4e1a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-432c-4854-9093-4e1a02de0b81",
"value": "https://www.virustotal.com/file/c16408967de0ca4d3a1d28530453e1c395a5166b469893f14c47fc6683033cb3/analysis/1503280102/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-6fb0-41c4-a8ce-4b1f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936",
"pattern": "[file:hashes.SHA1 = '368c2b4e66291e35e140ba6957164981e1409ce0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-b76c-42e3-b4fb-44a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936",
"pattern": "[file:hashes.MD5 = '4800f1aed32b3a776a8362651d8fc560']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-bdc4-4a7d-8010-421002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-bdc4-4a7d-8010-421002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-bdc4-4a7d-8010-421002de0b81",
"value": "https://www.virustotal.com/file/a18fce17e57b324b8552ac8ff34a912a6788be028988288d9b6752c7911a0936/analysis/1503280010/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-e894-422d-9fb1-4a7202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88",
"pattern": "[file:hashes.SHA1 = '0ed8e49415383e44edce973fbaf88a2fd1ad10c3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-cb54-4b82-8a59-4d5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88",
"pattern": "[file:hashes.MD5 = 'e0cc886a4a0d01e399289eee7803cd59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-0c30-41c0-a5e0-462202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-0c30-41c0-a5e0-462202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-0c30-41c0-a5e0-462202de0b81",
"value": "https://www.virustotal.com/file/d5711ac689d2cae77d19fab19768870adec983e4cdbd04f58d77828ef61eec88/analysis/1503280520/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-a2c8-49b4-8048-4cf102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792",
"pattern": "[file:hashes.SHA1 = '53d8f7b7e893bc543af3bc388edc80ba95513573']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-2fd4-4495-94b1-499802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792",
"pattern": "[file:hashes.MD5 = '112a7aff7b6256d202749293d4c413e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-42b4-4382-ab25-424902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-42b4-4382-ab25-424902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-42b4-4382-ab25-424902de0b81",
"value": "https://www.virustotal.com/file/d469e7f2531eed4c3f418a71acdbd08dd167409047812ab78f5407730d077792/analysis/1503279819/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-7064-4545-9ab5-410502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506",
"pattern": "[file:hashes.SHA1 = '9f148d85a3f921c1fc968f28826ea60d5d3d6e84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--599edcfa-28ac-4630-83bb-441302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"description": "Ovidiy Stealer - Xchecked via VT: 8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506",
"pattern": "[file:hashes.MD5 = '2e58c2f2a88cce5a130cf7760da0256b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-24T14:04:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--599edcfa-df70-433d-b6bc-460102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-24T14:04:42.000Z",
"modified": "2017-08-24T14:04:42.000Z",
"first_observed": "2017-08-24T14:04:42Z",
"last_observed": "2017-08-24T14:04:42Z",
"number_observed": 1,
"object_refs": [
"url--599edcfa-df70-433d-b6bc-460102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--599edcfa-df70-433d-b6bc-460102de0b81",
"value": "https://www.virustotal.com/file/8d70877b4014a726e64d3338c454489628a78dcee3e533152ff2223e3bdec506/analysis/1500037206/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink