adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59a0220c-51e8-48f3-8812-8192950d210f.json

2535 lines
107 KiB
JSON
Raw Permalink Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--59a0220c-51e8-48f3-8812-8192950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:12.000Z",
"modified": "2017-08-25T13:27:12.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--59a0220c-51e8-48f3-8812-8192950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:12.000Z",
"modified": "2017-08-25T13:27:12.000Z",
"name": "OSINT - \u201cTick\u201d Group Continues Attacks",
"context": "suspicious-activity",
"object_refs": [
"observed-data--59a0221a-ef98-492f-a41f-7fe0950d210f",
"url--59a0221a-ef98-492f-a41f-7fe0950d210f",
"x-misp-attribute--59a02236-ddb0-47c8-95b4-db90950d210f",
"indicator--59a02292-f024-4763-a91a-d9c4950d210f",
"indicator--59a02292-44e8-4d6f-8ffb-d9c4950d210f",
"indicator--59a02292-db5c-46a6-8d0d-d9c4950d210f",
"indicator--59a02292-3e08-487c-bf2e-d9c4950d210f",
"indicator--59a02292-c580-4a84-83a2-d9c4950d210f",
"indicator--59a02292-9a34-4d31-a50a-d9c4950d210f",
"indicator--59a02342-c370-4577-a8ec-d9c2950d210f",
"indicator--59a02342-35b0-4722-8936-d9c2950d210f",
"indicator--59a02342-7000-46ab-b384-d9c2950d210f",
"indicator--59a02342-55a4-4df9-b078-d9c2950d210f",
"indicator--59a02342-0520-402f-8750-d9c2950d210f",
"indicator--59a02342-6698-4bcb-8e08-d9c2950d210f",
"indicator--59a02342-fab4-489a-95ad-d9c2950d210f",
"indicator--59a02342-aa28-4cb7-8520-d9c2950d210f",
"indicator--59a02342-e728-40da-ab8e-d9c2950d210f",
"indicator--59a02342-baf0-4747-85a6-d9c2950d210f",
"indicator--59a02342-22cc-4ea0-93c1-d9c2950d210f",
"indicator--59a02342-41e4-4077-8f36-d9c2950d210f",
"indicator--59a02342-7dac-4b2b-a355-d9c2950d210f",
"indicator--59a02342-f680-47a4-8497-d9c2950d210f",
"indicator--59a02342-cd3c-4920-a97c-d9c2950d210f",
"indicator--59a02393-ec70-4b26-927e-4d01950d210f",
"indicator--59a02393-7574-4cf5-9e2c-47d3950d210f",
"indicator--59a023ab-cc18-4bbc-9627-d9c1950d210f",
"indicator--59a023ab-3fdc-44c0-b218-d9c1950d210f",
"indicator--59a023ab-238c-4e0d-9e77-d9c1950d210f",
"indicator--59a023b8-74e0-4df6-8c52-43b7950d210f",
"indicator--59a023b9-fdf0-45e4-94dc-4ccc950d210f",
"indicator--59a023b9-977c-4501-9392-4376950d210f",
"indicator--59a023b9-d44c-46c6-b391-44bd950d210f",
"indicator--59a023b9-2698-494f-b7f0-4272950d210f",
"indicator--59a023b9-8650-42f4-9d9e-4302950d210f",
"indicator--59a023b9-68a4-4742-bcc0-44b9950d210f",
"indicator--59a023b9-2190-4dfc-bcd1-46ed950d210f",
"indicator--59a025a9-5dcc-4e07-aa39-dd3702de0b81",
"indicator--59a025a9-de30-4f19-ac6e-dd3702de0b81",
"observed-data--59a025a9-b4a8-4acb-9dd5-dd3702de0b81",
"url--59a025a9-b4a8-4acb-9dd5-dd3702de0b81",
"indicator--59a025a9-1840-4efe-ae94-dd3702de0b81",
"indicator--59a025a9-ebd8-4b34-8849-dd3702de0b81",
"observed-data--59a025a9-8b7c-4219-aca3-dd3702de0b81",
"url--59a025a9-8b7c-4219-aca3-dd3702de0b81",
"indicator--59a025a9-d124-4f1f-b965-dd3702de0b81",
"indicator--59a025a9-a518-4cd3-865b-dd3702de0b81",
"observed-data--59a025a9-6be0-40fc-a248-dd3702de0b81",
"url--59a025a9-6be0-40fc-a248-dd3702de0b81",
"indicator--59a025a9-3104-4434-ba22-dd3702de0b81",
"indicator--59a025a9-9548-4dcd-9ebe-dd3702de0b81",
"observed-data--59a025a9-d108-46f6-808d-dd3702de0b81",
"url--59a025a9-d108-46f6-808d-dd3702de0b81",
"indicator--59a025a9-bc40-4922-8375-dd3702de0b81",
"indicator--59a025a9-6128-4527-b4f0-dd3702de0b81",
"observed-data--59a025a9-4e30-4986-b6ac-dd3702de0b81",
"url--59a025a9-4e30-4986-b6ac-dd3702de0b81",
"indicator--59a025a9-ed3c-4635-8ded-dd3702de0b81",
"indicator--59a025a9-9fa0-4eac-ae0e-dd3702de0b81",
"observed-data--59a025a9-ba74-4d1c-be4e-dd3702de0b81",
"url--59a025a9-ba74-4d1c-be4e-dd3702de0b81",
"indicator--59a025a9-3240-4992-a4ce-dd3702de0b81",
"indicator--59a025a9-fc9c-4f10-b5e7-dd3702de0b81",
"observed-data--59a025a9-d184-4b9d-9f4d-dd3702de0b81",
"url--59a025a9-d184-4b9d-9f4d-dd3702de0b81",
"indicator--59a025a9-1818-491c-b754-dd3702de0b81",
"indicator--59a025a9-0150-4332-b565-dd3702de0b81",
"observed-data--59a025a9-cd18-48a2-8471-dd3702de0b81",
"url--59a025a9-cd18-48a2-8471-dd3702de0b81",
"indicator--59a025a9-b650-476f-b889-dd3702de0b81",
"indicator--59a025a9-c5d0-4153-a989-dd3702de0b81",
"observed-data--59a025a9-023c-43d6-9177-dd3702de0b81",
"url--59a025a9-023c-43d6-9177-dd3702de0b81",
"indicator--59a025a9-6848-4e61-8f53-dd3702de0b81",
"indicator--59a025a9-dd24-4ade-9898-dd3702de0b81",
"observed-data--59a025a9-a488-410d-b2fb-dd3702de0b81",
"url--59a025a9-a488-410d-b2fb-dd3702de0b81",
"indicator--59a025a9-8384-49d9-9b0b-dd3702de0b81",
"indicator--59a025a9-ef34-4242-9eb4-dd3702de0b81",
"observed-data--59a025a9-f37c-447c-b49c-dd3702de0b81",
"url--59a025a9-f37c-447c-b49c-dd3702de0b81",
"indicator--59a025a9-6088-4ae8-858f-dd3702de0b81",
"indicator--59a025a9-f674-4823-a4c4-dd3702de0b81",
"observed-data--59a025a9-d78c-458d-b0ae-dd3702de0b81",
"url--59a025a9-d78c-458d-b0ae-dd3702de0b81",
"indicator--59a025a9-f150-425a-9f96-dd3702de0b81",
"indicator--59a025a9-9dc0-4492-90a5-dd3702de0b81",
"observed-data--59a025a9-edc8-47cd-999d-dd3702de0b81",
"url--59a025a9-edc8-47cd-999d-dd3702de0b81",
"indicator--59a025a9-efa8-4a2d-872d-dd3702de0b81",
"indicator--59a025a9-4b84-4680-b393-dd3702de0b81",
"observed-data--59a025a9-399c-4616-aecf-dd3702de0b81",
"url--59a025a9-399c-4616-aecf-dd3702de0b81",
"indicator--59a025a9-e5cc-45e4-af56-dd3702de0b81",
"indicator--59a025a9-ddc4-4358-9c8f-dd3702de0b81",
"observed-data--59a025a9-b5e0-4e34-9b8a-dd3702de0b81",
"url--59a025a9-b5e0-4e34-9b8a-dd3702de0b81",
"indicator--59a025a9-7dc0-4bd6-9b64-dd3702de0b81",
"indicator--59a025a9-9c7c-4fd6-8363-dd3702de0b81",
"observed-data--59a025a9-b4f8-40df-8638-dd3702de0b81",
"url--59a025a9-b4f8-40df-8638-dd3702de0b81",
"indicator--59a025a9-809c-4b65-ac7b-dd3702de0b81",
"indicator--59a025a9-96f0-47eb-ac81-dd3702de0b81",
"observed-data--59a025a9-0e88-4de3-adae-dd3702de0b81",
"url--59a025a9-0e88-4de3-adae-dd3702de0b81",
"indicator--59a025a9-75b8-4d2f-b685-dd3702de0b81",
"indicator--59a025a9-5904-4561-bd14-dd3702de0b81",
"observed-data--59a025a9-75b4-4d3d-8c19-dd3702de0b81",
"url--59a025a9-75b4-4d3d-8c19-dd3702de0b81",
"indicator--59a025a9-0138-493b-9fd8-dd3702de0b81",
"indicator--59a025a9-8ef0-4341-a183-dd3702de0b81",
"observed-data--59a025a9-2d10-43f9-8529-dd3702de0b81",
"url--59a025a9-2d10-43f9-8529-dd3702de0b81",
"indicator--59a025a9-e0ac-48fa-9844-dd3702de0b81",
"indicator--59a025a9-29a4-4994-a328-dd3702de0b81",
"observed-data--59a025a9-d468-4905-8b79-dd3702de0b81",
"url--59a025a9-d468-4905-8b79-dd3702de0b81",
"indicator--59a025a9-9c88-4724-913c-dd3702de0b81",
"indicator--59a025a9-fe50-46cf-acde-dd3702de0b81",
"observed-data--59a025a9-77ec-4843-9820-dd3702de0b81",
"url--59a025a9-77ec-4843-9820-dd3702de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a0221a-ef98-492f-a41f-7fe0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"first_observed": "2017-08-25T13:27:04Z",
"last_observed": "2017-08-25T13:27:04Z",
"number_observed": 1,
"object_refs": [
"url--59a0221a-ef98-492f-a41f-7fe0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a0221a-ef98-492f-a41f-7fe0950d210f",
"value": "https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59a02236-ddb0-47c8-95b4-db90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "The \u201cTick\u201d group has conducted cyber espionage attacks against organizations in the Republic of Korea and Japan for several years. The group focuses on companies that have intellectual property or sensitive information like those in the Defense and High-Tech industries. The group is known to use custom malware called Daserf, but also employs multiple commodity and custom tools, exploit vulnerabilities, and use social engineering techniques.\r\n\r\nRegarding the command and control (C2) infrastructure, Tick previously used domains registered through privacy protection services to keep their anonymity, but have moved to compromised websites in recent attacks. With multiple tools and anonymous infrastructure, they are running longstanding and persistent attack campaigns. We have observed that the adversary has repeatedly attacked a high-profile target in Japan using multiple malware families for the last three years."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02292-f024-4763-a91a-d9c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Daserf",
"pattern": "[file:hashes.SHA256 = '04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02292-44e8-4d6f-8ffb-d9c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Daserf",
"pattern": "[file:hashes.SHA256 = 'f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02292-db5c-46a6-8d0d-d9c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Daserf",
"pattern": "[file:hashes.SHA256 = 'e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02292-3e08-487c-bf2e-d9c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Daserf",
"pattern": "[file:hashes.SHA256 = '21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02292-c580-4a84-83a2-d9c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Daserf",
"pattern": "[file:hashes.SHA256 = '9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02292-9a34-4d31-a50a-d9c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Daserf",
"pattern": "[file:hashes.SHA256 = '01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-c370-4577-a8ec-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Invader",
"pattern": "[file:hashes.SHA256 = '0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-35b0-4722-8936-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Invader",
"pattern": "[file:hashes.SHA256 = 'e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-7000-46ab-b384-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Invader",
"pattern": "[file:hashes.SHA256 = '57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-55a4-4df9-b078-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "9002",
"pattern": "[file:hashes.SHA256 = '933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-0520-402f-8750-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "9002",
"pattern": "[file:hashes.SHA256 = '2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-6698-4bcb-8e08-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "9002",
"pattern": "[file:hashes.SHA256 = '055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-fab4-489a-95ad-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Minzen",
"pattern": "[file:hashes.SHA256 = '797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-aa28-4cb7-8520-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Minzen",
"pattern": "[file:hashes.SHA256 = '9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-e728-40da-ab8e-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Minzen",
"pattern": "[file:hashes.SHA256 = '26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-baf0-4747-85a6-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "NamelessHdoor",
"pattern": "[file:hashes.SHA256 = 'dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-22cc-4ea0-93c1-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Gh0stRAt Downloader",
"pattern": "[file:hashes.SHA256 = 'ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-41e4-4077-8f36-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Gh0stRAt Downloader",
"pattern": "[file:hashes.SHA256 = 'e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-7dac-4b2b-a355-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Custom Gh0st",
"pattern": "[file:hashes.SHA256 = '8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-f680-47a4-8497-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "Datper",
"pattern": "[file:hashes.SHA256 = '7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02342-cd3c-4920-a97c-d9c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "HomamDownloader",
"pattern": "[file:hashes.SHA256 = 'a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02393-ec70-4b26-927e-4d01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"pattern": "[domain-name:value = 'softfix.co.kr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a02393-7574-4cf5-9e2c-47d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"pattern": "[domain-name:value = 'bbs.softfix.co.kr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023ab-cc18-4bbc-9627-d9c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2 server of Daserf",
"pattern": "[domain-name:value = 'news.softfix.co.kr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023ab-3fdc-44c0-b218-d9c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2 server of Invader",
"pattern": "[domain-name:value = 'bbs.gokickes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023ab-238c-4e0d-9e77-d9c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2 server of Invader",
"pattern": "[domain-name:value = 'www.gokickes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b8-74e0-4df6-8c52-43b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'lywjrea.gmarketshop.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b9-fdf0-45e4-94dc-4ccc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'krjregh.sacreeflame.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b9-977c-4501-9392-4376950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'psfir.sacreeflame.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b9-d44c-46c6-b391-44bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'lywja.healthsvsolu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b9-2698-494f-b7f0-4272950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'phot.healthsvsolu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b9-8650-42f4-9d9e-4302950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'blog.softfix.co.kr']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b9-68a4-4742-bcc0-44b9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'log.gokickes.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a023b9-2190-4dfc-bcd1-46ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:04.000Z",
"modified": "2017-08-25T13:27:04.000Z",
"description": "C2",
"pattern": "[domain-name:value = 'sansei.jpn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-5dcc-4e07-aa39-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "HomamDownloader - Xchecked via VT: a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7",
"pattern": "[file:hashes.SHA1 = '632b8eb977f61d8ce693d9de2b4d712f1d5cf95c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-de30-4f19-ac6e-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "HomamDownloader - Xchecked via VT: a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7",
"pattern": "[file:hashes.MD5 = 'ea50237e4947cefd204aebe89e7055f3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-b4a8-4acb-9dd5-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-b4a8-4acb-9dd5-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-b4a8-4acb-9dd5-dd3702de0b81",
"value": "https://www.virustotal.com/file/a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7/analysis/1500964953/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-1840-4efe-ae94-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Datper - Xchecked via VT: 7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849",
"pattern": "[file:hashes.SHA1 = 'f400b4d0008390314d663b8aa9ce9b525691a5e9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-ebd8-4b34-8849-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Datper - Xchecked via VT: 7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849",
"pattern": "[file:hashes.MD5 = 'c7323e635841980e38129b3a5a90b0da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-8b7c-4219-aca3-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-8b7c-4219-aca3-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-8b7c-4219-aca3-dd3702de0b81",
"value": "https://www.virustotal.com/file/7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849/analysis/1503338749/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-d124-4f1f-b965-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Custom Gh0st - Xchecked via VT: 8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40",
"pattern": "[file:hashes.SHA1 = '1262b97f8f16b1c436b28b25383a20c067e69a9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-a518-4cd3-865b-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Custom Gh0st - Xchecked via VT: 8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40",
"pattern": "[file:hashes.MD5 = '49ce81d7975e732a3a3191b32d93a254']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-6be0-40fc-a248-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-6be0-40fc-a248-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-6be0-40fc-a248-dd3702de0b81",
"value": "https://www.virustotal.com/file/8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40/analysis/1501706788/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-3104-4434-ba22-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Gh0stRAt Downloader - Xchecked via VT: e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c",
"pattern": "[file:hashes.SHA1 = '03b43106d58645b3e58217d6f0dafdbe8c88f5fb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-9548-4dcd-9ebe-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Gh0stRAt Downloader - Xchecked via VT: e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c",
"pattern": "[file:hashes.MD5 = '6540714dd32c62f3664cd02153c5780b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-d108-46f6-808d-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-d108-46f6-808d-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-d108-46f6-808d-dd3702de0b81",
"value": "https://www.virustotal.com/file/e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c/analysis/1430158030/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-bc40-4922-8375-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Gh0stRAt Downloader - Xchecked via VT: ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974",
"pattern": "[file:hashes.SHA1 = '0e40d5ef368803c26244da5d5be57a4850e1cdb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-6128-4527-b4f0-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Gh0stRAt Downloader - Xchecked via VT: ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974",
"pattern": "[file:hashes.MD5 = 'd05b9d77ee59deaebaaa02084d6f8507']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-4e30-4986-b6ac-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-4e30-4986-b6ac-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-4e30-4986-b6ac-dd3702de0b81",
"value": "https://www.virustotal.com/file/ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974/analysis/1501160072/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-ed3c-4635-8ded-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "NamelessHdoor - Xchecked via VT: dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f",
"pattern": "[file:hashes.SHA1 = 'ccd527b7b66374c93fb01101eb7b86c22981492d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-9fa0-4eac-ae0e-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "NamelessHdoor - Xchecked via VT: dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f",
"pattern": "[file:hashes.MD5 = '044e2e7c4813accdbe030c49cef3326b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-ba74-4d1c-be4e-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-ba74-4d1c-be4e-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-ba74-4d1c-be4e-dd3702de0b81",
"value": "https://www.virustotal.com/file/dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f/analysis/1501706644/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-3240-4992-a4ce-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Minzen - Xchecked via VT: 26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82",
"pattern": "[file:hashes.SHA1 = 'ff05e0f60aeabd2497bb70182c0641f19c5af269']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-fc9c-4f10-b5e7-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Minzen - Xchecked via VT: 26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82",
"pattern": "[file:hashes.MD5 = 'c5d1626ca67376532af253c9673b1101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-d184-4b9d-9f4d-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-d184-4b9d-9f4d-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-d184-4b9d-9f4d-dd3702de0b81",
"value": "https://www.virustotal.com/file/26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82/analysis/1501899010/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-1818-491c-b754-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Minzen - Xchecked via VT: 9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2",
"pattern": "[file:hashes.SHA1 = 'db7d62ef93fb16768a421ad17568b044a1af8825']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-0150-4332-b565-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Minzen - Xchecked via VT: 9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2",
"pattern": "[file:hashes.MD5 = '73c79f84361fc8d74ec53c36e07b39e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-cd18-48a2-8471-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-cd18-48a2-8471-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-cd18-48a2-8471-dd3702de0b81",
"value": "https://www.virustotal.com/file/9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2/analysis/1503058545/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-b650-476f-b889-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Minzen - Xchecked via VT: 797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1",
"pattern": "[file:hashes.SHA1 = '116878319499c594e29f1af6ead46cffd73efcc8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-c5d0-4153-a989-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Minzen - Xchecked via VT: 797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1",
"pattern": "[file:hashes.MD5 = '6ef5cdca1fe65f88a7213d6cc62abb79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-023c-43d6-9177-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-023c-43d6-9177-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-023c-43d6-9177-dd3702de0b81",
"value": "https://www.virustotal.com/file/797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1/analysis/1501159875/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-6848-4e61-8f53-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "9002 - Xchecked via VT: 055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831",
"pattern": "[file:hashes.SHA1 = 'c044f8b39653c72c6861da43475ff9f094e0edb6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-dd24-4ade-9898-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "9002 - Xchecked via VT: 055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831",
"pattern": "[file:hashes.MD5 = '7246a7528649333dc64b03e46d84c9f0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-a488-410d-b2fb-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-a488-410d-b2fb-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-a488-410d-b2fb-dd3702de0b81",
"value": "https://www.virustotal.com/file/055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831/analysis/1497242017/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-8384-49d9-9b0b-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "9002 - Xchecked via VT: 2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe",
"pattern": "[file:hashes.SHA1 = 'c30361a20f1c42a6cdb33376d3d80e15610afd5d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-ef34-4242-9eb4-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "9002 - Xchecked via VT: 2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe",
"pattern": "[file:hashes.MD5 = '181d4f01c8d6d1abae0847ce74e24268']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-f37c-447c-b49c-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-f37c-447c-b49c-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-f37c-447c-b49c-dd3702de0b81",
"value": "https://www.virustotal.com/file/2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe/analysis/1501215779/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-6088-4ae8-858f-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "9002 - Xchecked via VT: 933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e",
"pattern": "[file:hashes.SHA1 = 'd18b4ca7472a0a7fe31e88a0e0f6889dd45454b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-f674-4823-a4c4-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "9002 - Xchecked via VT: 933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e",
"pattern": "[file:hashes.MD5 = '955a2287fb560b1b9f98ae131a13558b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-d78c-458d-b0ae-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-d78c-458d-b0ae-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-d78c-458d-b0ae-dd3702de0b81",
"value": "https://www.virustotal.com/file/933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e/analysis/1501898610/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-f150-425a-9f96-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Invader - Xchecked via VT: 57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb",
"pattern": "[file:hashes.SHA1 = 'f0ea963a86d0ef8e1ecf72b58d3f75e0ea8f18e0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-9dc0-4492-90a5-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Invader - Xchecked via VT: 57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb",
"pattern": "[file:hashes.MD5 = 'b44722b197ec495cee00bff373b2a3f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-edc8-47cd-999d-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-edc8-47cd-999d-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-edc8-47cd-999d-dd3702de0b81",
"value": "https://www.virustotal.com/file/57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb/analysis/1501707143/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-efa8-4a2d-872d-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Invader - Xchecked via VT: e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e",
"pattern": "[file:hashes.SHA1 = '8ca2085c68f802d6efdadf6f7c174582d6f480a5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-4b84-4680-b393-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Invader - Xchecked via VT: e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e",
"pattern": "[file:hashes.MD5 = 'e9a1d96a1b1b2bfe41ae1b6327d44f21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-399c-4616-aecf-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-399c-4616-aecf-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-399c-4616-aecf-dd3702de0b81",
"value": "https://www.virustotal.com/file/e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e/analysis/1501025628/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-e5cc-45e4-af56-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Invader - Xchecked via VT: 0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287",
"pattern": "[file:hashes.SHA1 = '4ce27f07dbf0c20bbc9d567664da73188dbdf444']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-ddc4-4358-9c8f-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Invader - Xchecked via VT: 0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287",
"pattern": "[file:hashes.MD5 = '848a087df1a6cbbe68760df603cc4323']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-b5e0-4e34-9b8a-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-b5e0-4e34-9b8a-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-b5e0-4e34-9b8a-dd3702de0b81",
"value": "https://www.virustotal.com/file/0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287/analysis/1501025628/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-7dc0-4bd6-9b64-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46",
"pattern": "[file:hashes.SHA1 = '3fa7215e2377df23a088f53a81efcb0562f4b142']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-9c7c-4fd6-8363-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46",
"pattern": "[file:hashes.MD5 = 'd8be46cc4642faac37d8167fed433950']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-b4f8-40df-8638-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-b4f8-40df-8638-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-b4f8-40df-8638-dd3702de0b81",
"value": "https://www.virustotal.com/file/01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46/analysis/1501985025/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-809c-4b65-ac7b-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423",
"pattern": "[file:hashes.SHA1 = 'ba932ba5d07f153498d274117a96feacb21c074c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-96f0-47eb-ac81-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423",
"pattern": "[file:hashes.MD5 = '5f938ec8dc3ae7f19c8a970c6b95059b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-0e88-4de3-adae-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-0e88-4de3-adae-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-0e88-4de3-adae-dd3702de0b81",
"value": "https://www.virustotal.com/file/9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423/analysis/1501706838/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-75b8-4d2f-b685-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd",
"pattern": "[file:hashes.SHA1 = 'e5c9d7b498021f33e6930b7419e1298a360df3d7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-5904-4561-bd14-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd",
"pattern": "[file:hashes.MD5 = 'caafc4b6154022e7d50869d50d67148a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-75b4-4d3d-8c19-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-75b4-4d3d-8c19-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-75b4-4d3d-8c19-dd3702de0b81",
"value": "https://www.virustotal.com/file/21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd/analysis/1500965130/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-0138-493b-9fd8-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51",
"pattern": "[file:hashes.SHA1 = 'cb515cfa0a9887fdeffe80e4c41ccb3dcefe992c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-8ef0-4341-a183-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51",
"pattern": "[file:hashes.MD5 = '3ba5d5690ca63ca16a444557f1411c85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-2d10-43f9-8529-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-2d10-43f9-8529-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-2d10-43f9-8529-dd3702de0b81",
"value": "https://www.virustotal.com/file/e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51/analysis/1501691519/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-e0ac-48fa-9844-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06",
"pattern": "[file:hashes.SHA1 = '15c88b16850479dec1366be33683a60aebd8d453']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-29a4-4994-a328-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06",
"pattern": "[file:hashes.MD5 = '22b3dda332fcc5362bfa91518a511e3e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-d468-4905-8b79-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-d468-4905-8b79-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-d468-4905-8b79-dd3702de0b81",
"value": "https://www.virustotal.com/file/f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06/analysis/1501706715/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-9c88-4724-913c-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a",
"pattern": "[file:hashes.SHA1 = '518857ae1c884b750c16142dbeddc76f2add08c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59a025a9-fe50-46cf-acde-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"description": "Daserf - Xchecked via VT: 04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a",
"pattern": "[file:hashes.MD5 = 'f4d02c412d465893497b91f3ce0e1ad7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-08-25T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59a025a9-77ec-4843-9820-dd3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-08-25T13:27:05.000Z",
"modified": "2017-08-25T13:27:05.000Z",
"first_observed": "2017-08-25T13:27:05Z",
"last_observed": "2017-08-25T13:27:05Z",
"number_observed": 1,
"object_refs": [
"url--59a025a9-77ec-4843-9820-dd3702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59a025a9-77ec-4843-9820-dd3702de0b81",
"value": "https://www.virustotal.com/file/04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a/analysis/1501756421/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink