misp-circl-feed/feeds/circl/misp/56af4bee-eeb4-4145-b10f-4c7e950d210f.json

{
    "type": "bundle",
    "id": "bundle--56af4bee-eeb4-4145-b10f-4c7e950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:48.000Z",
            "modified": "2016-02-01T15:03:48.000Z",
            "name": "CthulhuSPRL.be",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--56af4bee-eeb4-4145-b10f-4c7e950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:48.000Z",
            "modified": "2016-02-01T15:03:48.000Z",
            "name": "OSINT Android.Bankosy: All ears on voice call-based 2FA by Symantec",
            "published": "2016-02-01T12:16:26Z",
            "object_refs": [
                "observed-data--56af4c08-42e0-4694-8fcc-4230950d210f",
                "url--56af4c08-42e0-4694-8fcc-4230950d210f",
                "observed-data--56af4c08-8ee8-4929-9b14-4cd6950d210f",
                "url--56af4c08-8ee8-4929-9b14-4cd6950d210f",
                "indicator--56af4c51-3ec4-4e21-b041-4fcc950d210f",
                "observed-data--56af4c75-b6dc-4027-8f9d-413a950d210f",
                "url--56af4c75-b6dc-4027-8f9d-413a950d210f",
                "indicator--56af4c8d-74a0-4f60-8c3f-4f3b950d210f",
                "indicator--56af4c8d-2734-4a35-b6ea-4607950d210f",
                "indicator--56af4c8d-8230-454c-96f0-4c58950d210f",
                "indicator--56af4c8e-3fdc-4eaf-8cad-4898950d210f",
                "indicator--56af4c8e-fa44-4edc-b950-4833950d210f",
                "indicator--56af4c8e-4870-4fef-a7b5-4fb7950d210f",
                "indicator--56af4c8e-2a58-416c-9cf4-46ed950d210f",
                "indicator--56af4c8f-c71c-495f-bf6a-4bbc950d210f",
                "indicator--56af4c8f-7070-4ffb-af52-4912950d210f",
                "indicator--56af4c8f-5098-4b89-9eec-4d6d950d210f",
                "indicator--56af4c90-a70c-44ed-a908-479d950d210f",
                "indicator--56af4c90-fcf0-49e7-9aa7-4045950d210f",
                "indicator--56af4c90-1384-4542-944d-463c950d210f",
                "indicator--56af4c90-8848-4b37-b88b-4c07950d210f",
                "indicator--56af73d5-aba8-4d78-9a42-40fe02de0b81",
                "indicator--56af73d5-471c-407f-b75d-46d702de0b81",
                "observed-data--56af73d5-602c-4186-8407-453b02de0b81",
                "url--56af73d5-602c-4186-8407-453b02de0b81",
                "indicator--56af73d6-8d84-4b15-9fc4-473b02de0b81",
                "indicator--56af73d6-3e34-40e4-ab31-45ee02de0b81",
                "observed-data--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
                "url--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
                "indicator--56af73d6-8e00-4302-bc62-462202de0b81",
                "indicator--56af73d7-cca4-43c9-910b-4c6b02de0b81",
                "observed-data--56af73d7-1658-4191-8565-401c02de0b81",
                "url--56af73d7-1658-4191-8565-401c02de0b81"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "type:OSINT"
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56af4c08-42e0-4694-8fcc-4230950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:14:00.000Z",
            "modified": "2016-02-01T12:14:00.000Z",
            "first_observed": "2016-02-01T12:14:00Z",
            "last_observed": "2016-02-01T12:14:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56af4c08-42e0-4694-8fcc-4230950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56af4c08-42e0-4694-8fcc-4230950d210f",
            "value": "http://www.symantec.com/connect/blogs/androidbankosy-all-ears-voice-call-based-2fa"
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56af4c08-8ee8-4929-9b14-4cd6950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:14:00.000Z",
            "modified": "2016-02-01T12:14:00.000Z",
            "first_observed": "2016-02-01T12:14:00Z",
            "last_observed": "2016-02-01T12:14:00Z",
            "number_observed": 1,
            "object_refs": [
                "url--56af4c08-8ee8-4929-9b14-4cd6950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56af4c08-8ee8-4929-9b14-4cd6950d210f",
            "value": "http://www.symantec.com/security_response/writeup.jsp?docid=2014-072316-5249-99"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c51-3ec4-4e21-b041-4fcc950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:15:13.000Z",
            "modified": "2016-02-01T12:15:13.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.14.59']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:15:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56af4c75-b6dc-4027-8f9d-413a950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:15:48.000Z",
            "modified": "2016-02-01T12:15:48.000Z",
            "first_observed": "2016-02-01T12:15:48Z",
            "last_observed": "2016-02-01T12:15:48Z",
            "number_observed": 1,
            "object_refs": [
                "url--56af4c75-b6dc-4027-8f9d-413a950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56af4c75-b6dc-4027-8f9d-413a950d210f",
            "value": "https://otx.alienvault.com/pulse/56a651b74637f23550f3bf0a/?source=email_notification"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8d-74a0-4f60-8c3f-4f3b950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:13.000Z",
            "modified": "2016-02-01T12:16:13.000Z",
            "pattern": "[file:hashes.SHA256 = '7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8d-2734-4a35-b6ea-4607950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:13.000Z",
            "modified": "2016-02-01T12:16:13.000Z",
            "pattern": "[file:hashes.SHA256 = 'e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8d-8230-454c-96f0-4c58950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:13.000Z",
            "modified": "2016-02-01T12:16:13.000Z",
            "pattern": "[file:hashes.SHA256 = 'f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:13Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8e-3fdc-4eaf-8cad-4898950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:14.000Z",
            "modified": "2016-02-01T12:16:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.144.14.29']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8e-fa44-4edc-b950-4833950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:14.000Z",
            "modified": "2016-02-01T12:16:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.188']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8e-4870-4fef-a7b5-4fb7950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:14.000Z",
            "modified": "2016-02-01T12:16:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.3.144.90']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8e-2a58-416c-9cf4-46ed950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:14.000Z",
            "modified": "2016-02-01T12:16:14.000Z",
            "pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.39.222.162']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:14Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"ip-dst\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8f-c71c-495f-bf6a-4bbc950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:15.000Z",
            "modified": "2016-02-01T12:16:15.000Z",
            "pattern": "[url:value = 'http://185.86.148.188:2080/forms/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8f-7070-4ffb-af52-4912950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:15.000Z",
            "modified": "2016-02-01T12:16:15.000Z",
            "pattern": "[url:value = 'http://89.144.14.29/remote/xxx']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c8f-5098-4b89-9eec-4d6d950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:15.000Z",
            "modified": "2016-02-01T12:16:15.000Z",
            "pattern": "[url:value = 'http://xxxmobiletubez.com/video.php']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:15Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c90-a70c-44ed-a908-479d950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:16.000Z",
            "modified": "2016-02-01T12:16:16.000Z",
            "pattern": "[url:value = 'http://185.86.148.188:2080/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c90-fcf0-49e7-9aa7-4045950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:16.000Z",
            "modified": "2016-02-01T12:16:16.000Z",
            "pattern": "[url:value = 'http://89.144.14.59/admin_v2/send']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c90-1384-4542-944d-463c950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:16.000Z",
            "modified": "2016-02-01T12:16:16.000Z",
            "pattern": "[url:value = 'http://195.3.144.90:6081/forms/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af4c90-8848-4b37-b88b-4c07950d210f",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T12:16:16.000Z",
            "modified": "2016-02-01T12:16:16.000Z",
            "pattern": "[url:value = 'http://195.3.144.90:6081/']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T12:16:16Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"url\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af73d5-aba8-4d78-9a42-40fe02de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:49.000Z",
            "modified": "2016-02-01T15:03:49.000Z",
            "description": "- Xchecked via VT: f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373",
            "pattern": "[file:hashes.SHA1 = 'e6ce3ab7b7b72d51e85bb23e0e722bb614d4f795']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T15:03:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af73d5-471c-407f-b75d-46d702de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:49.000Z",
            "modified": "2016-02-01T15:03:49.000Z",
            "description": "- Xchecked via VT: f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373",
            "pattern": "[file:hashes.MD5 = '0d867e7265603b873d65037b147f67f9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T15:03:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56af73d5-602c-4186-8407-453b02de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:49.000Z",
            "modified": "2016-02-01T15:03:49.000Z",
            "first_observed": "2016-02-01T15:03:49Z",
            "last_observed": "2016-02-01T15:03:49Z",
            "number_observed": 1,
            "object_refs": [
                "url--56af73d5-602c-4186-8407-453b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56af73d5-602c-4186-8407-453b02de0b81",
            "value": "https://www.virustotal.com/file/f5bc281ee071f6fb0eb8d25f414770fee67e2ea6e02afe53896a2313f6cfe373/analysis/1424432194/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af73d6-8d84-4b15-9fc4-473b02de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:49.000Z",
            "modified": "2016-02-01T15:03:49.000Z",
            "description": "- Xchecked via VT: e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f",
            "pattern": "[file:hashes.SHA1 = '70dc807ed96d19356e8041f4d21ca89fee821e33']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T15:03:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af73d6-3e34-40e4-ab31-45ee02de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:50.000Z",
            "modified": "2016-02-01T15:03:50.000Z",
            "description": "- Xchecked via VT: e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f",
            "pattern": "[file:hashes.MD5 = 'eff60505bf6965e2e4435318cb9fc856']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T15:03:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:50.000Z",
            "modified": "2016-02-01T15:03:50.000Z",
            "first_observed": "2016-02-01T15:03:50Z",
            "last_observed": "2016-02-01T15:03:50Z",
            "number_observed": 1,
            "object_refs": [
                "url--56af73d6-7808-4bb6-b8e4-45ca02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56af73d6-7808-4bb6-b8e4-45ca02de0b81",
            "value": "https://www.virustotal.com/file/e6c1621158d37d10899018db253bf7e51113d47d5188fc363c6b5c51a606be2f/analysis/1453329128/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af73d6-8e00-4302-bc62-462202de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:50.000Z",
            "modified": "2016-02-01T15:03:50.000Z",
            "description": "- Xchecked via VT: 7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c",
            "pattern": "[file:hashes.SHA1 = 'd618ca9945c2d8e6903ff5fc02a28378054b8dc8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T15:03:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--56af73d7-cca4-43c9-910b-4c6b02de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:51.000Z",
            "modified": "2016-02-01T15:03:51.000Z",
            "description": "- Xchecked via VT: 7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c",
            "pattern": "[file:hashes.MD5 = 'a133800117a9f48521a9843889047eba']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-02-01T15:03:51Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--56af73d7-1658-4191-8565-401c02de0b81",
            "created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
            "created": "2016-02-01T15:03:51.000Z",
            "modified": "2016-02-01T15:03:51.000Z",
            "first_observed": "2016-02-01T15:03:51Z",
            "last_observed": "2016-02-01T15:03:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--56af73d7-1658-4191-8565-401c02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--56af73d7-1658-4191-8565-401c02de0b81",
            "value": "https://www.virustotal.com/file/7b7eeca21a4aee3768b41b9e194052cbb01835ae3b3503c1d635abbe1193aa5c/analysis/1419101803/"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}