2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--56fad784-e8ec-4dcf-9384-47bf02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-07-16T08:41:10.000Z" ,
"modified" : "2016-07-16T08:41:10.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--56fad784-e8ec-4dcf-9384-47bf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-07-16T08:41:10.000Z" ,
"modified" : "2016-07-16T08:41:10.000Z" ,
"name" : "OSINT - In the Shadows: Vawtrak Aims to Get Stealthier by adding New Data Cloaking" ,
"published" : "2017-01-11T20:13:28Z" ,
"object_refs" : [
"observed-data--56fad78e-f4dc-4624-9a38-4bad02de0b81" ,
"url--56fad78e-f4dc-4624-9a38-4bad02de0b81" ,
"x-misp-attribute--56fad7b5-b8c0-498c-a4ee-466c02de0b81" ,
"indicator--56fad7fc-0fe4-47fb-8930-475e02de0b81" ,
"indicator--56fad7fc-5214-4f97-91d5-4d4d02de0b81" ,
"indicator--56fad7fc-8424-4fa3-a912-42b002de0b81" ,
"indicator--56fad7fd-9094-446e-8d0f-42bb02de0b81" ,
"indicator--56fad7fd-ca20-4fbb-883c-444e02de0b81" ,
"indicator--56fad7fd-428c-4fb4-9568-436202de0b81" ,
"indicator--56fad7fd-83e4-4b75-98cb-4c2302de0b81" ,
"indicator--56fad7fe-bdb8-46e1-a5b3-45e702de0b81" ,
"indicator--56fad7fe-20dc-490f-854e-4b0902de0b81" ,
"indicator--56fad7fe-fcb0-4657-a00b-425e02de0b81" ,
"indicator--56fad7ff-b354-49da-a6d9-459e02de0b81" ,
"indicator--56fad7ff-cd64-496b-939b-407102de0b81" ,
"indicator--56fad7ff-6498-4eb8-9baa-402002de0b81" ,
"indicator--56fad800-897c-4dab-9c2b-4dc102de0b81" ,
"indicator--56fad800-33f8-4697-9f36-4ed102de0b81" ,
"indicator--56fad800-d30c-4671-af6f-46f302de0b81" ,
"indicator--56fad88e-a73c-4a9c-bffb-495002de0b81" ,
"indicator--56fad88e-3480-481e-9d7c-481b02de0b81" ,
"indicator--56fad88e-1ea8-4e0f-8f62-4bf802de0b81" ,
"indicator--56fad88f-4bd4-49ea-ac66-49d902de0b81" ,
"indicator--56fad88f-f24c-4449-bd33-4e1102de0b81" ,
"indicator--56fad890-659c-4804-9a2f-4e6702de0b81" ,
"indicator--56fad890-980c-4ab4-9099-4c5502de0b81" ,
"indicator--56fad890-8d90-41eb-918a-416b02de0b81" ,
"indicator--56fad891-6114-441a-a00d-4e7902de0b81" ,
"indicator--56fad891-bb9c-429d-9cbe-488b02de0b81" ,
"indicator--56fad891-d4c4-4ea8-84cf-451802de0b81" ,
"indicator--56fad892-a8ec-4165-a23c-408602de0b81" ,
"indicator--56fad892-4c9c-469a-b3bb-479302de0b81" ,
"indicator--56fad893-1f90-4717-bd1e-499b02de0b81" ,
"indicator--56fad893-1e8c-4df7-9b84-46ec02de0b81" ,
"indicator--56fad893-90a0-4247-b05b-46f602de0b81" ,
"indicator--56fad894-120c-4c24-9aa1-484d02de0b81" ,
"indicator--56fad894-0660-49c9-9699-4b0a02de0b81" ,
"indicator--56fad894-8ca8-4dee-a8fe-47cd02de0b81" ,
"indicator--56fad895-38f8-4a02-9088-401d02de0b81" ,
"indicator--56fad895-0e40-4e61-b04f-4a8102de0b81" ,
"indicator--56fad896-0440-4793-9755-4b8e02de0b81" ,
"indicator--56fad896-83ec-4a91-8513-4b2202de0b81" ,
"indicator--56fad896-2038-4856-bf77-445702de0b81" ,
"indicator--56fad8c2-dbf0-413a-87e0-442b02de0b81" ,
"indicator--56fad8c3-1a38-44fe-bbfe-4a0b02de0b81" ,
"indicator--56fad8c3-d27c-453e-8277-4df702de0b81" ,
"indicator--56fad8c3-d4bc-4847-9f1b-4b3202de0b81" ,
"indicator--56fad8c4-0500-4c40-9613-4ae002de0b81" ,
"indicator--56fad8c4-4cd8-48b4-b8fa-447802de0b81" ,
"indicator--56fad8e8-00b8-4273-8d8b-4df202de0b81" ,
"indicator--56fad8e8-5bf8-4036-97c6-493902de0b81" ,
"indicator--56fad8e9-4124-4dac-81bd-412a02de0b81" ,
"indicator--56fad8e9-9440-445b-b3f7-4a1002de0b81" ,
"indicator--56fad8e9-8c08-4ee4-8cd6-4d6102de0b81" ,
"indicator--56fad8ea-0914-4496-8be8-495d02de0b81" ,
"indicator--56fad8ea-74d4-427a-b7be-478402de0b81" ,
"indicator--56fad91f-6720-469f-9670-4e3302de0b81" ,
"indicator--56fad91f-c63c-4cd7-9946-4dd102de0b81" ,
"indicator--56fad920-510c-4bf1-b67e-405d02de0b81" ,
"indicator--56fad920-d788-494e-86f5-4c5902de0b81" ,
"indicator--56fad920-86e8-4b6e-8278-4e8102de0b81" ,
"indicator--56fad920-f6dc-4d46-88e2-41a402de0b81" ,
"indicator--56fad921-342c-4a7b-8d57-48a402de0b81" ,
"indicator--56fad921-87cc-49b7-ab38-4c4e02de0b81" ,
"indicator--56fad921-b43c-468b-a684-47b102de0b81" ,
"indicator--56fad922-0d64-47bb-80f6-4d7002de0b81" ,
"indicator--56fad922-c700-4e5e-b5bf-43f202de0b81" ,
"indicator--56fad922-6ecc-4361-97ff-4f2602de0b81" ,
"indicator--56fad923-b310-4bcf-9a00-403102de0b81" ,
"indicator--56fad923-c3a8-45fa-8046-469702de0b81" ,
"indicator--56fad923-cdf4-4f7c-bdb7-4d5802de0b81" ,
"indicator--56fad923-0980-4781-9e7b-4b2a02de0b81" ,
"indicator--56fad924-ee4c-422b-ad75-48fe02de0b81" ,
"indicator--56fad924-a72c-4a42-9102-419202de0b81" ,
"indicator--56fad924-bd7c-45de-b570-483e02de0b81" ,
"indicator--56fad925-ed28-43c8-a5bf-426602de0b81" ,
"indicator--56fad925-cfdc-4314-9b47-45db02de0b81" ,
"indicator--56fad94a-50f8-4dbb-95ea-4cc302de0b81" ,
"indicator--56fad94a-e8bc-4240-aa85-437902de0b81" ,
"indicator--56fad94a-1a18-4f0a-8b60-41d802de0b81" ,
"indicator--56fad94b-2aec-48ec-aee3-44ab02de0b81" ,
"indicator--56fad94b-cdcc-422d-bf53-417c02de0b81" ,
"indicator--56fad94b-da98-4feb-b199-4c6a02de0b81" ,
"indicator--56fad94b-f5a4-4420-b0c0-490202de0b81" ,
"indicator--56fad94c-003c-4e67-b96a-4dba02de0b81" ,
"indicator--56fad94c-8a18-4321-a97d-477a02de0b81" ,
"indicator--56fad94d-354c-48d3-8741-458f02de0b81" ,
"indicator--56fad94d-cdc8-452b-8791-47ef02de0b81" ,
"indicator--56fad94d-a930-4335-bdca-45f302de0b81" ,
"indicator--56fad94e-6920-4753-8e4c-47fc02de0b81" ,
"indicator--56fad94e-ff4c-4051-99ec-49cb02de0b81" ,
"indicator--56fad94e-a17c-409d-b786-471202de0b81" ,
"indicator--56fad94f-1bd0-4da7-aab2-435702de0b81" ,
"indicator--56fad94f-b8b4-4a13-b104-494b02de0b81" ,
"indicator--56fad950-541c-4a62-a9d4-43dc02de0b81" ,
"indicator--56fad950-f474-464e-8be9-43e502de0b81" ,
"indicator--56fad950-ba74-4315-bcd0-43e702de0b81" ,
"indicator--56fad951-5024-4770-be02-4dc402de0b81" ,
"indicator--56fad972-c574-41c6-b432-401402de0b81" ,
"indicator--56fad972-9910-4296-b15b-462e02de0b81" ,
"indicator--56fad972-d46c-4acc-bdb5-442502de0b81" ,
"indicator--56fad973-143c-466a-a6fa-4a2602de0b81" ,
"indicator--56fad973-1cf0-459f-a4e4-4aea02de0b81" ,
"indicator--56fad973-e568-4a9c-a3f0-480e02de0b81" ,
"indicator--56fad974-3260-465a-9a9b-44df02de0b81" ,
"indicator--56fad98f-1888-4b21-9662-446102de0b81" ,
"indicator--56fad9a6-39e4-4423-8a88-460402de0b81" ,
"indicator--56fad9a7-7ef0-4421-b767-4d5802de0b81" ,
"indicator--56fad9a7-6d5c-4fde-9c19-49ed02de0b81" ,
"indicator--56fad9a7-5ea8-4ee9-86a4-4b5d02de0b81" ,
"indicator--56fad9a8-b5f4-48df-af20-4e5002de0b81" ,
"indicator--56fad9a8-c3c4-4133-aeb2-4bac02de0b81" ,
"indicator--56fad9c2-a9dc-411d-9c25-408202de0b81" ,
"indicator--56fad9c3-3688-4f25-9f81-43e102de0b81" ,
"indicator--56fad9c3-4fc0-4373-bd20-4d1902de0b81" ,
"indicator--56fad9df-58a8-4337-88a0-423602de0b81" ,
"indicator--56fad9df-d1c0-4c0a-bc4e-4c3c02de0b81" ,
"indicator--56fad9df-017c-4477-b015-4c7702de0b81" ,
"indicator--56fad9e0-0c6c-4ef5-a5e3-4fc402de0b81" ,
"indicator--56fad9f8-ef64-4987-b637-479802de0b81" ,
"indicator--56fad9f8-1d4c-4de2-878c-4e4802de0b81" ,
"indicator--56fad9f9-7e1c-4044-8b5e-422202de0b81" ,
"indicator--56fad9f9-3ab0-49c3-8dbe-461402de0b81" ,
"indicator--56fada2b-5598-45ff-a783-479b02de0b81" ,
"indicator--56fada42-bf7c-4d09-b3dc-4b9602de0b81" ,
"indicator--56fada90-b3a8-4c77-80b6-4e9f02de0b81" ,
"indicator--56fada90-bf28-498c-8a15-46b102de0b81" ,
"observed-data--56fada90-a1c0-4a27-96f5-473a02de0b81" ,
"url--56fada90-a1c0-4a27-96f5-473a02de0b81" ,
"indicator--56fada91-1920-4ff8-8830-4e6002de0b81" ,
"indicator--56fada91-87fc-4aa8-8f71-4dd402de0b81" ,
"observed-data--56fada91-dd70-447b-8036-4cc402de0b81" ,
"url--56fada91-dd70-447b-8036-4cc402de0b81" ,
"indicator--56fada92-a9f4-4107-988d-467602de0b81" ,
"indicator--56fada92-be64-4b44-acb3-4f3102de0b81" ,
"observed-data--56fada92-6b08-4dcf-b88c-4a9402de0b81" ,
"url--56fada92-6b08-4dcf-b88c-4a9402de0b81" ,
"indicator--56fada92-bce4-4be5-b40e-4f8f02de0b81" ,
"indicator--56fada93-4b6c-439f-94fa-4ffd02de0b81" ,
"observed-data--56fada93-a774-4758-8163-4cb602de0b81" ,
"url--56fada93-a774-4758-8163-4cb602de0b81" ,
"indicator--56fada93-0430-4c23-8f47-417b02de0b81" ,
"indicator--56fada94-76d4-478e-922d-439c02de0b81" ,
"observed-data--56fada94-78bc-40ca-95ea-467502de0b81" ,
"url--56fada94-78bc-40ca-95ea-467502de0b81" ,
"indicator--56fada94-979c-49f7-83a9-447102de0b81" ,
"indicator--56fada95-558c-4f4b-b20b-48ea02de0b81" ,
"observed-data--56fada95-0d04-4b57-aef3-4bce02de0b81" ,
"url--56fada95-0d04-4b57-aef3-4bce02de0b81" ,
"indicator--56fada95-5e84-4a14-a272-4f5502de0b81" ,
"indicator--56fada96-c6e0-4c32-86bb-489602de0b81" ,
"observed-data--56fada96-6c24-456f-838b-418802de0b81" ,
"url--56fada96-6c24-456f-838b-418802de0b81" ,
"indicator--56fada96-2ddc-4677-857d-43d602de0b81" ,
"indicator--56fada96-ad28-4832-8cdd-4a1202de0b81" ,
"observed-data--56fada97-1ddc-4afb-9699-4dec02de0b81" ,
"url--56fada97-1ddc-4afb-9699-4dec02de0b81" ,
"indicator--56fada97-6b88-453f-8f23-4d0302de0b81" ,
"indicator--56fada97-2f6c-4deb-b0cd-42f002de0b81" ,
"observed-data--56fada98-7ffc-4449-8f1a-463602de0b81" ,
"url--56fada98-7ffc-4449-8f1a-463602de0b81" ,
"indicator--56fada98-2908-496b-a5af-430802de0b81" ,
"indicator--56fada98-9914-4cf2-9278-4cdd02de0b81" ,
"observed-data--56fada99-9c48-4414-89a7-4aae02de0b81" ,
"url--56fada99-9c48-4414-89a7-4aae02de0b81" ,
"indicator--56fada99-224c-467d-b09d-498f02de0b81" ,
"indicator--56fada99-a3f0-4427-a1fb-4a0202de0b81" ,
"observed-data--56fada99-211c-48ff-985c-484502de0b81" ,
"url--56fada99-211c-48ff-985c-484502de0b81" ,
"indicator--56fada9a-2ce0-48e1-841e-4f7102de0b81" ,
"indicator--56fada9a-0318-45ec-a1d5-462f02de0b81" ,
"observed-data--56fada9a-0130-4c13-96e2-47eb02de0b81" ,
"url--56fada9a-0130-4c13-96e2-47eb02de0b81" ,
"indicator--56fada9b-9400-4a9d-ab10-428c02de0b81" ,
"indicator--56fada9b-0560-4c84-be1b-4b3f02de0b81" ,
"observed-data--56fada9b-71b4-4f72-886d-476802de0b81" ,
"url--56fada9b-71b4-4f72-886d-476802de0b81" ,
"indicator--56fada9c-9728-4797-a228-4e7702de0b81" ,
"indicator--56fada9c-7a6c-4620-bc4d-498a02de0b81" ,
"observed-data--56fada9c-001c-43ba-b312-483c02de0b81" ,
"url--56fada9c-001c-43ba-b312-483c02de0b81" ,
"indicator--56fada9c-35c8-4681-96f0-48f302de0b81" ,
"indicator--56fada9d-e094-4a29-80b3-4b9302de0b81" ,
"observed-data--56fada9d-8810-45a9-9188-48d002de0b81" ,
"url--56fada9d-8810-45a9-9188-48d002de0b81" ,
"indicator--56fada9d-0f70-4730-882e-4a3c02de0b81" ,
"indicator--56fada9e-0e5c-4899-a849-41d002de0b81" ,
"observed-data--56fada9e-83b8-4221-a9d6-462502de0b81" ,
"url--56fada9e-83b8-4221-a9d6-462502de0b81" ,
"indicator--56fada9e-82e8-4714-ac51-40ba02de0b81" ,
"indicator--56fada9f-ad6c-4d37-9077-46c402de0b81" ,
"observed-data--56fada9f-29d8-4bab-aaa5-4b9c02de0b81" ,
"url--56fada9f-29d8-4bab-aaa5-4b9c02de0b81" ,
"indicator--56fada9f-547c-4538-99a1-426f02de0b81" ,
"indicator--56fadaa0-1074-45e5-926f-4eb702de0b81" ,
"observed-data--56fadaa0-cd60-4d62-b54b-4ea302de0b81" ,
"url--56fadaa0-cd60-4d62-b54b-4ea302de0b81" ,
"indicator--56fadaa0-7fd8-45d6-abb7-4d4102de0b81" ,
"indicator--56fadaa0-f448-47ec-9c62-46f302de0b81" ,
"observed-data--56fadaa1-f2b8-48de-a5f3-42e402de0b81" ,
"url--56fadaa1-f2b8-48de-a5f3-42e402de0b81" ,
"indicator--56fadaa1-1b48-4e77-a8b3-4a9802de0b81" ,
"indicator--56fadaa1-6594-41b6-81fb-49ae02de0b81" ,
"observed-data--56fadaa2-b540-4079-a037-456a02de0b81" ,
"url--56fadaa2-b540-4079-a037-456a02de0b81" ,
"indicator--56fadaa2-dc2c-402e-9c09-47c902de0b81" ,
"indicator--56fadaa2-5390-40a9-a501-456602de0b81" ,
"observed-data--56fadaa2-67c0-4b0a-ac2a-4e3f02de0b81" ,
"url--56fadaa2-67c0-4b0a-ac2a-4e3f02de0b81" ,
"indicator--56fadaa3-2bf8-47ce-b2e7-4e8502de0b81" ,
"indicator--56fadaa3-6188-4896-895d-40b202de0b81" ,
"observed-data--56fadaa3-5b88-4573-983b-499f02de0b81" ,
"url--56fadaa3-5b88-4573-983b-499f02de0b81" ,
"indicator--56fadaa4-f920-47b4-9b70-4e2002de0b81" ,
"indicator--56fadaa4-cda8-45e8-99dd-4f2602de0b81" ,
"observed-data--56fadaa4-83f0-4c6e-95df-4b9602de0b81" ,
"url--56fadaa4-83f0-4c6e-95df-4b9602de0b81" ,
"indicator--56fadaa5-9b8c-4e3e-ae06-46e902de0b81" ,
"indicator--56fadaa5-3424-43ad-9339-409f02de0b81" ,
"observed-data--56fadaa5-28a4-45d6-a54a-44c002de0b81" ,
"url--56fadaa5-28a4-45d6-a54a-44c002de0b81" ,
"indicator--56fadaa6-84dc-4971-8d0d-4d3702de0b81" ,
"indicator--56fadaa6-d00c-4e29-94e9-4bb202de0b81" ,
"observed-data--56fadaa6-9ddc-4b7f-b5be-43cd02de0b81" ,
"url--56fadaa6-9ddc-4b7f-b5be-43cd02de0b81" ,
"indicator--56fadaa7-ec0c-42b9-acf7-476d02de0b81" ,
"indicator--56fadaa7-967c-44ba-b5e9-4f1002de0b81" ,
"observed-data--56fadaa7-cd88-4455-8649-403502de0b81" ,
"url--56fadaa7-cd88-4455-8649-403502de0b81" ,
"indicator--56fadaa8-d9c8-4c71-bd22-49c402de0b81" ,
"indicator--56fadaa8-21a8-4b3a-95a8-41e602de0b81" ,
"observed-data--56fadaa8-14d8-4bd7-97dc-422902de0b81" ,
"url--56fadaa8-14d8-4bd7-97dc-422902de0b81" ,
"indicator--56fadaa8-8f50-4e9b-a887-491802de0b81" ,
"indicator--56fadaa9-61cc-400a-ad2f-465902de0b81" ,
"observed-data--56fadaa9-01f8-4868-8d15-402302de0b81" ,
"url--56fadaa9-01f8-4868-8d15-402302de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT"
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fad78e-f4dc-4624-9a38-4bad02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:29:18.000Z" ,
"modified" : "2016-03-29T19:29:18.000Z" ,
"first_observed" : "2016-03-29T19:29:18Z" ,
"last_observed" : "2016-03-29T19:29:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fad78e-f4dc-4624-9a38-4bad02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fad78e-f4dc-4624-9a38-4bad02de0b81" ,
"value" : "https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--56fad7b5-b8c0-498c-a4ee-466c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:29:57.000Z" ,
"modified" : "2016-03-29T19:29:57.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "In what is likely to be a short-lived cessation in Dridex campaigns while the criminal proponents behind that malware scramble to find a new delivery channel, it appears as though other malware purveyors may be positioning themselves to take additional market share of the lucrative crimeware arena. One recent development saw Vawtrak, previously a second-tier banking and information stealing trojan, emerge with new capabilities -- most notably new methods for data encoding and changes to C2 communication that appear to be an attempt to improve on the malware\u00e2\u20ac\u2122s detection evasion. - See more at: https://www.proofpoint.com/us/threat-insight/post/In-The-Shadows#sthash.fy3M4b8M.dpuf"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fc-0fe4-47fb-8930-475e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:08.000Z" ,
"modified" : "2016-03-29T19:31:08.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fc-5214-4f97-91d5-4d4d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:08.000Z" ,
"modified" : "2016-03-29T19:31:08.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fc-8424-4fa3-a912-42b002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:08.000Z" ,
"modified" : "2016-03-29T19:31:08.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fd-9094-446e-8d0f-42bb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:09.000Z" ,
"modified" : "2016-03-29T19:31:09.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = 'b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fd-ca20-4fbb-883c-444e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:09.000Z" ,
"modified" : "2016-03-29T19:31:09.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fd-428c-4fb4-9568-436202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:09.000Z" ,
"modified" : "2016-03-29T19:31:09.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '7683afa68bf176249dfc61c5e3bf455dabc9d8b0696d6f8952d72ebb5500a798']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fd-83e4-4b75-98cb-4c2302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:09.000Z" ,
"modified" : "2016-03-29T19:31:09.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '78ceb2dbbd39831f84c6fe50742a778cb4610fb02c06072de02e798692279ae4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fe-bdb8-46e1-a5b3-45e702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:10.000Z" ,
"modified" : "2016-03-29T19:31:10.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '9337b6c7f6f4f300ebd11813dc6fe5a9646f394541139c96af27f45e1bb7eec2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fe-20dc-490f-854e-4b0902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:10.000Z" ,
"modified" : "2016-03-29T19:31:10.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '1eaac96f675fd29b06beed67cb89d5862183659a071062ca9440c46dc69b5a58']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7fe-fcb0-4657-a00b-425e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:10.000Z" ,
"modified" : "2016-03-29T19:31:10.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '0b9b361aaab7baa0ae49c0234d78bcb7cfbd0e529eeda1b126ef08a3b3e0ae89']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7ff-b354-49da-a6d9-459e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:11.000Z" ,
"modified" : "2016-03-29T19:31:11.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '2f87d666915cc345ae8ac57c5b975163828c2923cdfabc3cf436ebca50346eb0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7ff-cd64-496b-939b-407102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:11.000Z" ,
"modified" : "2016-03-29T19:31:11.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = 'b5681046f8a571f4fde991e349356e078498f1afb3d2a31a549df65b01ba6de7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad7ff-6498-4eb8-9baa-402002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:11.000Z" ,
"modified" : "2016-03-29T19:31:11.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = 'eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad800-897c-4dab-9c2b-4dc102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:12.000Z" ,
"modified" : "2016-03-29T19:31:12.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '606a489df381a8cc3fb43b8ca3b763c61ff91328aa39fa9be167c428d587c1bc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad800-33f8-4697-9f36-4ed102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:12.000Z" ,
"modified" : "2016-03-29T19:31:12.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad800-d30c-4671-af6f-46f302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:31:12.000Z" ,
"modified" : "2016-03-29T19:31:12.000Z" ,
"description" : "Macro Office documents leading to Vawtrak:" ,
"pattern" : "[file:hashes.SHA256 = '3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:31:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad88e-a73c-4a9c-bffb-495002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:34.000Z" ,
"modified" : "2016-03-29T19:33:34.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://pomona.pl/wp-content/plugins/wp-db-backup-made/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad88e-3480-481e-9d7c-481b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:34.000Z" ,
"modified" : "2016-03-29T19:33:34.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://funsockfriday.com/wp-content/cache/db/000000/all/cd0/2a7/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad88e-1ea8-4e0f-8f62-4bf802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:34.000Z" ,
"modified" : "2016-03-29T19:33:34.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://pomona.pl/wp-content/plugins/wp-db-backup-made/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad88f-4bd4-49ea-ac66-49d902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:35.000Z" ,
"modified" : "2016-03-29T19:33:35.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://funsockfriday.com/wp-content/cache/db/000000/all/cd0/2a7/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad88f-f24c-4449-bd33-4e1102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:35.000Z" ,
"modified" : "2016-03-29T19:33:35.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://admtorg.ru/wp-includes/js/tinymce/plugins/compat3x/css/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad890-659c-4804-9a2f-4e6702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:36.000Z" ,
"modified" : "2016-03-29T19:33:36.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://ozgencfutbolokulu.com/wp-content/plugins/wp-db-backup-made/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad890-980c-4ab4-9099-4c5502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:36.000Z" ,
"modified" : "2016-03-29T19:33:36.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://admtorg.ru/wp-includes/js/tinymce/plugins/compat3x/css/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad890-8d90-41eb-918a-416b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:36.000Z" ,
"modified" : "2016-03-29T19:33:36.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://ozgencfutbolokulu.com/wp-content/plugins/wp-db-backup-made/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad891-6114-441a-a00d-4e7902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:37.000Z" ,
"modified" : "2016-03-29T19:33:37.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://unmaskedman.com/wp-content/themes/unmaskedman/assets/sass/layouts/pages/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad891-bb9c-429d-9cbe-488b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:37.000Z" ,
"modified" : "2016-03-29T19:33:37.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://ssgc.co/wp-content/uploads/cache/remote/www-abc-net-au/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad891-d4c4-4ea8-84cf-451802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:37.000Z" ,
"modified" : "2016-03-29T19:33:37.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://unmaskedman.com/wp-content/themes/unmaskedman/assets/sass/layouts/pages/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad892-a8ec-4165-a23c-408602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:38.000Z" ,
"modified" : "2016-03-29T19:33:38.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://ssgc.co/wp-content/uploads/cache/remote/www-abc-net-au/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad892-4c9c-469a-b3bb-479302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:38.000Z" ,
"modified" : "2016-03-29T19:33:38.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://shaliniandamar.com/wp-content/tfuse_bk_just-married-parent_2015-04-20/theme_config/extensions/slider/designs/round/static/images/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad893-1f90-4717-bd1e-499b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:39.000Z" ,
"modified" : "2016-03-29T19:33:39.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://kingmanmobile.com/wp-content/plugins/essential-grid/admin/assets/js/mode/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad893-1e8c-4df7-9b84-46ec02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:39.000Z" ,
"modified" : "2016-03-29T19:33:39.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://shaliniandamar.com/wp-content/tfuse_bk_just-married-parent_2015-04-20/theme_config/extensions/slider/designs/round/static/images/pipi/txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad893-90a0-4247-b05b-46f602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:39.000Z" ,
"modified" : "2016-03-29T19:33:39.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://kingmanmobile.com/wp-content/plugins/essential-grid/admin/assets/js/mode/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad894-120c-4c24-9aa1-484d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:40.000Z" ,
"modified" : "2016-03-29T19:33:40.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://dillardvideo.com/wp-admin/network/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad894-0660-49c9-9699-4b0a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:40.000Z" ,
"modified" : "2016-03-29T19:33:40.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://diputacion.ardinova.com/wp-admin/images/screenshots/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad894-8ca8-4dee-a8fe-47cd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:40.000Z" ,
"modified" : "2016-03-29T19:33:40.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://dillardvideo.com/wp-admin/network/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad895-38f8-4a02-9088-401d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:41.000Z" ,
"modified" : "2016-03-29T19:33:41.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://diputacion.ardinova.com/wp-admin/images/screenshots/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad895-0e40-4e61-b04f-4a8102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:41.000Z" ,
"modified" : "2016-03-29T19:33:41.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://diy-router.com/wp-includes/css/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad896-0440-4793-9755-4b8e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:42.000Z" ,
"modified" : "2016-03-29T19:33:42.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://depositionstream.com/scripts/img/5716367236.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad896-83ec-4a91-8513-4b2202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:42.000Z" ,
"modified" : "2016-03-29T19:33:42.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://diy-router.com/wp-includes/css/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad896-2038-4856-bf77-445702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:33:42.000Z" ,
"modified" : "2016-03-29T19:33:42.000Z" ,
"description" : "Xbagging/Bartalex additional code downloads:" ,
"pattern" : "[url:value = 'http://depositionstream.com/scripts/img/pipi.txt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:33:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8c2-dbf0-413a-87e0-442b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:34:26.000Z" ,
"modified" : "2016-03-29T19:34:26.000Z" ,
"description" : "Pony downloads" ,
"pattern" : "[url:value = 'http://freshbox.pl/przypomnienie_lss/WEFiles/Client/jQuery/Plugins/s1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:34:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8c3-1a38-44fe-bbfe-4a0b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:34:27.000Z" ,
"modified" : "2016-03-29T19:34:27.000Z" ,
"description" : "Pony downloads" ,
"pattern" : "[url:value = 'http://petalsbythechesapeake.com/wp-content/themes/x/framework/scss/site/stacks/integrity/inc/s1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:34:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8c3-d27c-453e-8277-4df702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:34:27.000Z" ,
"modified" : "2016-03-29T19:34:27.000Z" ,
"description" : "Pony downloads" ,
"pattern" : "[url:value = 'http://longcroftcarehome.com/wp-content/themes/Impreza/s1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:34:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8c3-d4bc-4847-9f1b-4b3202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:34:27.000Z" ,
"modified" : "2016-03-29T19:34:27.000Z" ,
"description" : "Pony downloads" ,
"pattern" : "[url:value = 'http://glovestix.com/wp-content/plugins/woocommerce-subscriptions/lib/action-scheduler/tests/phpunit/jobstore/s1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:34:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8c4-0500-4c40-9613-4ae002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:34:28.000Z" ,
"modified" : "2016-03-29T19:34:28.000Z" ,
"description" : "Pony downloads" ,
"pattern" : "[url:value = 'http://datanetsolution.com/ujksew1/templates/s1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:34:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8c4-4cd8-48b4-b8fa-447802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:34:28.000Z" ,
"modified" : "2016-03-29T19:34:28.000Z" ,
"description" : "Pony downloads" ,
"pattern" : "[url:value = 'http://dominamarketingporinternet.com/wp-admin/user/s1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:34:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8e8-00b8-4273-8d8b-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:04.000Z" ,
"modified" : "2016-03-29T19:35:04.000Z" ,
"description" : "Pony hashes" ,
"pattern" : "[file:hashes.SHA256 = '3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8e8-5bf8-4036-97c6-493902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:04.000Z" ,
"modified" : "2016-03-29T19:35:04.000Z" ,
"description" : "Pony hashes" ,
"pattern" : "[file:hashes.SHA256 = 'cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8e9-4124-4dac-81bd-412a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:05.000Z" ,
"modified" : "2016-03-29T19:35:05.000Z" ,
"description" : "Pony hashes" ,
"pattern" : "[file:hashes.SHA256 = 'c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8e9-9440-445b-b3f7-4a1002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:05.000Z" ,
"modified" : "2016-03-29T19:35:05.000Z" ,
"description" : "Pony hashes" ,
"pattern" : "[file:hashes.SHA256 = 'a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8e9-8c08-4ee4-8cd6-4d6102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:05.000Z" ,
"modified" : "2016-03-29T19:35:05.000Z" ,
"description" : "Pony hashes" ,
"pattern" : "[file:hashes.SHA256 = '6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8ea-0914-4496-8be8-495d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:06.000Z" ,
"modified" : "2016-03-29T19:35:06.000Z" ,
"description" : "Pony hashes" ,
"pattern" : "[file:hashes.SHA256 = 'a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad8ea-74d4-427a-b7be-478402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:06.000Z" ,
"modified" : "2016-03-29T19:35:06.000Z" ,
"description" : "Pony hashes" ,
"pattern" : "[file:hashes.SHA256 = '3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad91f-6720-469f-9670-4e3302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:59.000Z" ,
"modified" : "2016-03-29T19:35:59.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://dicalburep.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad91f-c63c-4cd7-9946-4dd102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:35:59.000Z" ,
"modified" : "2016-03-29T19:35:59.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://toldwassmause.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:35:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad920-510c-4bf1-b67e-405d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:00.000Z" ,
"modified" : "2016-03-29T19:36:00.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://uthatinuse.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad920-d788-494e-86f5-4c5902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:00.000Z" ,
"modified" : "2016-03-29T19:36:00.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://paughesdidn.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad920-86e8-4b6e-8278-4e8102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:00.000Z" ,
"modified" : "2016-03-29T19:36:00.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://rectalrenlo.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad920-f6dc-4d46-88e2-41a402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:00.000Z" ,
"modified" : "2016-03-29T19:36:00.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://ritoftwithhers.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad921-342c-4a7b-8d57-48a402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:01.000Z" ,
"modified" : "2016-03-29T19:36:01.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://rindititred.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad921-87cc-49b7-ab38-4c4e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:01.000Z" ,
"modified" : "2016-03-29T19:36:01.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://wassfethefa.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad921-b43c-468b-a684-47b102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:01.000Z" ,
"modified" : "2016-03-29T19:36:01.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://kerehiled.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad922-0d64-47bb-80f6-4d7002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:02.000Z" ,
"modified" : "2016-03-29T19:36:02.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://ropaketsed.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad922-c700-4e5e-b5bf-43f202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:02.000Z" ,
"modified" : "2016-03-29T19:36:02.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://utrewserat.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad922-6ecc-4361-97ff-4f2602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:02.000Z" ,
"modified" : "2016-03-29T19:36:02.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://joorrolwas.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad923-b310-4bcf-9a00-403102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:03.000Z" ,
"modified" : "2016-03-29T19:36:03.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://fortthenranled.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad923-c3a8-45fa-8046-469702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:03.000Z" ,
"modified" : "2016-03-29T19:36:03.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://harlosion.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad923-cdf4-4f7c-bdb7-4d5802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:03.000Z" ,
"modified" : "2016-03-29T19:36:03.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://onerophegre.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad923-0980-4781-9e7b-4b2a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:03.000Z" ,
"modified" : "2016-03-29T19:36:03.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://duorgoho.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad924-ee4c-422b-ad75-48fe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:04.000Z" ,
"modified" : "2016-03-29T19:36:04.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://idwigalitt.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad924-a72c-4a42-9102-419202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:04.000Z" ,
"modified" : "2016-03-29T19:36:04.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://robbetotso.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad924-bd7c-45de-b570-483e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:04.000Z" ,
"modified" : "2016-03-29T19:36:04.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://ledrewharte.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad925-ed28-43c8-a5bf-426602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:05.000Z" ,
"modified" : "2016-03-29T19:36:05.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://dotindintres.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad925-cfdc-4314-9b47-45db02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:05.000Z" ,
"modified" : "2016-03-29T19:36:05.000Z" ,
"description" : "Pony Gates" ,
"pattern" : "[url:value = 'http://tetotgane.ru/gate.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94a-50f8-4dbb-95ea-4cc302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:42.000Z" ,
"modified" : "2016-03-29T19:36:42.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://oka-dentalshop.com/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94a-e8bc-4240-aa85-437902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:42.000Z" ,
"modified" : "2016-03-29T19:36:42.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://9.rent-shops.ru/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94a-1a18-4f0a-8b60-41d802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:42.000Z" ,
"modified" : "2016-03-29T19:36:42.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://hubsportsmed.com/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94b-2aec-48ec-aee3-44ab02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:43.000Z" ,
"modified" : "2016-03-29T19:36:43.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://xn--80aa8argd0e.xn--80aswg/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94b-cdcc-422d-bf53-417c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:43.000Z" ,
"modified" : "2016-03-29T19:36:43.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://www.brindesgama.com.br/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94b-da98-4feb-b199-4c6a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:43.000Z" ,
"modified" : "2016-03-29T19:36:43.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://mysocceruniforms.com/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94b-f5a4-4420-b0c0-490202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:43.000Z" ,
"modified" : "2016-03-29T19:36:43.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://worldhealthsupply.com/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94c-003c-4e67-b96a-4dba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:44.000Z" ,
"modified" : "2016-03-29T19:36:44.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://errors-seeds.cz/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94c-8a18-4321-a97d-477a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:44.000Z" ,
"modified" : "2016-03-29T19:36:44.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://bloomgifts4u.com/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94d-354c-48d3-8741-458f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:45.000Z" ,
"modified" : "2016-03-29T19:36:45.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://plan.computer-repair.org.ua/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94d-cdc8-452b-8791-47ef02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:45.000Z" ,
"modified" : "2016-03-29T19:36:45.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://wildcardzwincanton.bricks-and-clicks.co.uk/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94d-a930-4335-bdca-45f302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:45.000Z" ,
"modified" : "2016-03-29T19:36:45.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://kosikyhana.sk/system/logs/k1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94e-6920-4753-8e4c-47fc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:46.000Z" ,
"modified" : "2016-03-29T19:36:46.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://electro-cablaj.ro/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94e-ff4c-4051-99ec-49cb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:46.000Z" ,
"modified" : "2016-03-29T19:36:46.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://juuze.demowebsite.net/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94e-a17c-409d-b786-471202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:46.000Z" ,
"modified" : "2016-03-29T19:36:46.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://wierdensewijnhandel.nl/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94f-1bd0-4da7-aab2-435702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:47.000Z" ,
"modified" : "2016-03-29T19:36:47.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://globalshow.com.ua/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad94f-b8b4-4a13-b104-494b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:47.000Z" ,
"modified" : "2016-03-29T19:36:47.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://chackochacko.com/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad950-541c-4a62-a9d4-43dc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:48.000Z" ,
"modified" : "2016-03-29T19:36:48.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://es.healthyliverplus.com/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad950-f474-464e-8be9-43e502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:48.000Z" ,
"modified" : "2016-03-29T19:36:48.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://boxx96.com.br/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad950-ba74-4315-bcd0-43e702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:48.000Z" ,
"modified" : "2016-03-29T19:36:48.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://store.lumos.my/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad951-5024-4770-be02-4dc402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:36:49.000Z" ,
"modified" : "2016-03-29T19:36:49.000Z" ,
"description" : "Vawtrak downloads" ,
"pattern" : "[url:value = 'http://pudore.com.my/system/logs/m1.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:36:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad972-c574-41c6-b432-401402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:22.000Z" ,
"modified" : "2016-03-29T19:37:22.000Z" ,
"description" : "Vawtrak hashes from email" ,
"pattern" : "[file:hashes.SHA256 = 'a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad972-9910-4296-b15b-462e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:22.000Z" ,
"modified" : "2016-03-29T19:37:22.000Z" ,
"description" : "Vawtrak hashes from email" ,
"pattern" : "[file:hashes.SHA256 = 'afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad972-d46c-4acc-bdb5-442502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:22.000Z" ,
"modified" : "2016-03-29T19:37:22.000Z" ,
"description" : "Vawtrak hashes from email" ,
"pattern" : "[file:hashes.SHA256 = '4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad973-143c-466a-a6fa-4a2602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:23.000Z" ,
"modified" : "2016-03-29T19:37:23.000Z" ,
"description" : "Vawtrak hashes from email" ,
"pattern" : "[file:hashes.SHA256 = 'd3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad973-1cf0-459f-a4e4-4aea02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:23.000Z" ,
"modified" : "2016-03-29T19:37:23.000Z" ,
"description" : "Vawtrak hashes from email" ,
"pattern" : "[file:hashes.SHA256 = 'caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad973-e568-4a9c-a3f0-480e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:23.000Z" ,
"modified" : "2016-03-29T19:37:23.000Z" ,
"description" : "Vawtrak hashes from email" ,
"pattern" : "[file:hashes.SHA256 = '5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad974-3260-465a-9a9b-44df02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:24.000Z" ,
"modified" : "2016-03-29T19:37:24.000Z" ,
"description" : "Vawtrak hashes from email" ,
"pattern" : "[file:hashes.SHA256 = '2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad98f-1888-4b21-9662-446102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:37:51.000Z" ,
"modified" : "2016-03-29T19:37:51.000Z" ,
"description" : "Vawtrak hashes from Angler EK chain" ,
"pattern" : "[file:hashes.SHA256 = '75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:37:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9a6-39e4-4423-8a88-460402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:14.000Z" ,
"modified" : "2016-03-29T19:38:14.000Z" ,
"description" : "Vawtrak c2" ,
"pattern" : "[url:value = 'http://ninthclub.com/Work/new/index.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9a7-7ef0-4421-b767-4d5802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:15.000Z" ,
"modified" : "2016-03-29T19:38:15.000Z" ,
"description" : "Vawtrak c2" ,
"pattern" : "[url:value = 'http://camelcap.com/Work/new/index.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9a7-6d5c-4fde-9c19-49ed02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:15.000Z" ,
"modified" : "2016-03-29T19:38:15.000Z" ,
"description" : "Vawtrak c2" ,
"pattern" : "[url:value = 'http://ideagreens.com/Work/new/index.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9a7-5ea8-4ee9-86a4-4b5d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:15.000Z" ,
"modified" : "2016-03-29T19:38:15.000Z" ,
"description" : "Vawtrak c2" ,
"pattern" : "[url:value = 'http://guesstrade.com/Work/new/index.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9a8-b5f4-48df-af20-4e5002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:16.000Z" ,
"modified" : "2016-03-29T19:38:16.000Z" ,
"description" : "Vawtrak c2" ,
"pattern" : "[url:value = 'http://castuning.ru/Work/new/index.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9a8-c3c4-4133-aeb2-4bac02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:16.000Z" ,
"modified" : "2016-03-29T19:38:16.000Z" ,
"description" : "Vawtrak c2" ,
"pattern" : "[url:value = 'http://mgsmedia.ru/Work/new/index.php']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9c2-a9dc-411d-9c25-408202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:42.000Z" ,
"modified" : "2016-03-29T19:38:42.000Z" ,
"description" : "Vawtrak module downloads" ,
"pattern" : "[url:value = 'http://185.66.10.57/module/9f3359a7b12ceea791a4afc21a971152']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9c3-3688-4f25-9f81-43e102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:43.000Z" ,
"modified" : "2016-03-29T19:38:43.000Z" ,
"description" : "Vawtrak module downloads" ,
"pattern" : "[url:value = 'http://185.66.10.57/module/4c06c7a4c2bc6fb51cd998e9bbcf5846']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9c3-4fc0-4373-bd20-4d1902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:38:43.000Z" ,
"modified" : "2016-03-29T19:38:43.000Z" ,
"description" : "Vawtrak module downloads" ,
"pattern" : "[url:value = 'http://185.66.10.57/module/221680f17a95443c798c701eff36cbe6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:38:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9df-58a8-4337-88a0-423602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:11.000Z" ,
"modified" : "2016-03-29T19:39:11.000Z" ,
"description" : "Vawtrak update" ,
"pattern" : "[url:value = 'http://185.66.10.57/upd/2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9df-d1c0-4c0a-bc4e-4c3c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:11.000Z" ,
"modified" : "2016-03-29T19:39:11.000Z" ,
"description" : "Vawtrak update" ,
"pattern" : "[url:value = 'http://185.66.10.57/upd/3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9df-017c-4477-b015-4c7702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:11.000Z" ,
"modified" : "2016-03-29T19:39:11.000Z" ,
"description" : "Vawtrak update" ,
"pattern" : "[url:value = 'http://185.66.10.57/upd/4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9e0-0c6c-4ef5-a5e3-4fc402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:12.000Z" ,
"modified" : "2016-03-29T19:39:12.000Z" ,
"description" : "Vawtrak update" ,
"pattern" : "[url:value = 'http://185.66.10.57/upd/5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9f8-ef64-4987-b637-479802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:36.000Z" ,
"modified" : "2016-03-29T19:39:36.000Z" ,
"description" : "Vawtrak updates, decoded (respectively)" ,
"pattern" : "[file:hashes.SHA256 = '6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9f8-1d4c-4de2-878c-4e4802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:36.000Z" ,
"modified" : "2016-03-29T19:39:36.000Z" ,
"description" : "Vawtrak updates, decoded (respectively)" ,
"pattern" : "[file:hashes.SHA256 = '592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9f9-7e1c-4044-8b5e-422202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:37.000Z" ,
"modified" : "2016-03-29T19:39:37.000Z" ,
"description" : "Vawtrak updates, decoded (respectively)" ,
"pattern" : "[file:hashes.SHA256 = '75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fad9f9-3ab0-49c3-8dbe-461402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:39:37.000Z" ,
"modified" : "2016-03-29T19:39:37.000Z" ,
"description" : "Vawtrak updates, decoded (respectively)" ,
"pattern" : "[file:hashes.SHA256 = 'b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:39:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada2b-5598-45ff-a783-479b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:40:27.000Z" ,
"modified" : "2016-03-29T19:40:27.000Z" ,
"description" : "Analyzed Vawtrak Dropper" ,
"pattern" : "[file:hashes.SHA256 = '7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:40:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada42-bf7c-4d09-b3dc-4b9602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:40:50.000Z" ,
"modified" : "2016-03-29T19:40:50.000Z" ,
"description" : "Analyzed unpacked Vawtrak x86 DLL" ,
"pattern" : "[file:hashes.SHA256 = '1818967235b1e86f9b5e956ab55e1fb47ea44c6579c91e9a48d8bd428f14f165']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:40:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada90-b3a8-4c77-80b6-4e9f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:08.000Z" ,
"modified" : "2016-03-29T19:42:08.000Z" ,
"description" : "Analyzed Vawtrak Dropper - Xchecked via VT: 7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be" ,
"pattern" : "[file:hashes.SHA1 = '7a479295549330798bed66599e22b5cf5580194c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada90-bf28-498c-8a15-46b102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:08.000Z" ,
"modified" : "2016-03-29T19:42:08.000Z" ,
"description" : "Analyzed Vawtrak Dropper - Xchecked via VT: 7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be" ,
"pattern" : "[file:hashes.MD5 = '9724934a3ed3a92b38b89fe7a2e9b6fd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada90-a1c0-4a27-96f5-473a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:08.000Z" ,
"modified" : "2016-03-29T19:42:08.000Z" ,
"first_observed" : "2016-03-29T19:42:08Z" ,
"last_observed" : "2016-03-29T19:42:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada90-a1c0-4a27-96f5-473a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada90-a1c0-4a27-96f5-473a02de0b81" ,
"value" : "https://www.virustotal.com/file/7e7d0557cc95e3f509f71a72aad9b8ab85d6a681df4a46e1648e928a4be5f4be/analysis/1459258992/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada91-1920-4ff8-8830-4e6002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:09.000Z" ,
"modified" : "2016-03-29T19:42:09.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904" ,
"pattern" : "[file:hashes.SHA1 = 'b2673c2918dbad83b3ad7776d5d5d21454157c1e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada91-87fc-4aa8-8f71-4dd402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:09.000Z" ,
"modified" : "2016-03-29T19:42:09.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904" ,
"pattern" : "[file:hashes.MD5 = 'bb2214f714cf9ed142f3b300694a415c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada91-dd70-447b-8036-4cc402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:09.000Z" ,
"modified" : "2016-03-29T19:42:09.000Z" ,
"first_observed" : "2016-03-29T19:42:09Z" ,
"last_observed" : "2016-03-29T19:42:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada91-dd70-447b-8036-4cc402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada91-dd70-447b-8036-4cc402de0b81" ,
"value" : "https://www.virustotal.com/file/b7475a729083a11b8e99ae7a293807b6e35fa4c2735789847afdee97eddfb904/analysis/1447017715/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada92-a9f4-4107-988d-467602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:10.000Z" ,
"modified" : "2016-03-29T19:42:10.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: 75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09" ,
"pattern" : "[file:hashes.SHA1 = 'c56a16353874c4f0dd1fe77befee07da49b3608e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada92-be64-4b44-acb3-4f3102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:10.000Z" ,
"modified" : "2016-03-29T19:42:10.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: 75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09" ,
"pattern" : "[file:hashes.MD5 = '94f86b4abfd82cf0f1cf79a39cad9c40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada92-6b08-4dcf-b88c-4a9402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:10.000Z" ,
"modified" : "2016-03-29T19:42:10.000Z" ,
"first_observed" : "2016-03-29T19:42:10Z" ,
"last_observed" : "2016-03-29T19:42:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada92-6b08-4dcf-b88c-4a9402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada92-6b08-4dcf-b88c-4a9402de0b81" ,
"value" : "https://www.virustotal.com/file/75ff95ef4cdf7511264df09daa93f44e72acfc5084c4f058071ddd2fc8ad2d09/analysis/1447015700/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada92-bce4-4be5-b40e-4f8f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:10.000Z" ,
"modified" : "2016-03-29T19:42:10.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: 592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04" ,
"pattern" : "[file:hashes.SHA1 = 'c809f2b2e4bd18094695247a1fb3193acb320bb5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada93-4b6c-439f-94fa-4ffd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:11.000Z" ,
"modified" : "2016-03-29T19:42:11.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: 592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04" ,
"pattern" : "[file:hashes.MD5 = '40447357439539454d710b3adf107876']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada93-a774-4758-8163-4cb602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:11.000Z" ,
"modified" : "2016-03-29T19:42:11.000Z" ,
"first_observed" : "2016-03-29T19:42:11Z" ,
"last_observed" : "2016-03-29T19:42:11Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada93-a774-4758-8163-4cb602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada93-a774-4758-8163-4cb602de0b81" ,
"value" : "https://www.virustotal.com/file/592a84f6c913e8bdccabf3d4a36deb0844d037ca3aa19029755d2d658c873c04/analysis/1456316110/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada93-0430-4c23-8f47-417b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:11.000Z" ,
"modified" : "2016-03-29T19:42:11.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: 6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda" ,
"pattern" : "[file:hashes.SHA1 = 'fd6c52d3a54ffa0bb174a1fe42456c10807f58a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada94-76d4-478e-922d-439c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:12.000Z" ,
"modified" : "2016-03-29T19:42:12.000Z" ,
"description" : "Vawtrak updates, decoded (respectively) - Xchecked via VT: 6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda" ,
"pattern" : "[file:hashes.MD5 = '54ee09199c34e368575c10f01c114550']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada94-78bc-40ca-95ea-467502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:12.000Z" ,
"modified" : "2016-03-29T19:42:12.000Z" ,
"first_observed" : "2016-03-29T19:42:12Z" ,
"last_observed" : "2016-03-29T19:42:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada94-78bc-40ca-95ea-467502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada94-78bc-40ca-95ea-467502de0b81" ,
"value" : "https://www.virustotal.com/file/6ca5edee52615821bd25f6872b86ccb61329d047c9de8817c8fea17679076eda/analysis/1447013707/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada94-979c-49f7-83a9-447102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:12.000Z" ,
"modified" : "2016-03-29T19:42:12.000Z" ,
"description" : "Vawtrak hashes from Angler EK chain - Xchecked via VT: 75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d" ,
"pattern" : "[file:hashes.SHA1 = '367a8ebae82f56594ee9d5ddd2a50dd5539c1a8f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada95-558c-4f4b-b20b-48ea02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:13.000Z" ,
"modified" : "2016-03-29T19:42:13.000Z" ,
"description" : "Vawtrak hashes from Angler EK chain - Xchecked via VT: 75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d" ,
"pattern" : "[file:hashes.MD5 = 'ce165288ed5a19ac7aa74ddb93164486']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada95-0d04-4b57-aef3-4bce02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:13.000Z" ,
"modified" : "2016-03-29T19:42:13.000Z" ,
"first_observed" : "2016-03-29T19:42:13Z" ,
"last_observed" : "2016-03-29T19:42:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada95-0d04-4b57-aef3-4bce02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada95-0d04-4b57-aef3-4bce02de0b81" ,
"value" : "https://www.virustotal.com/file/75db66d0aaff0d6adc4bedcb652ae041071852fbb550d5c3446502de29246c3d/analysis/1443198520/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada95-5e84-4a14-a272-4f5502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:13.000Z" ,
"modified" : "2016-03-29T19:42:13.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: 2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e" ,
"pattern" : "[file:hashes.SHA1 = '754d5d168e90a5335cafa280f637cf6804b2f6e5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada96-c6e0-4c32-86bb-489602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:14.000Z" ,
"modified" : "2016-03-29T19:42:14.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: 2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e" ,
"pattern" : "[file:hashes.MD5 = '887121e6227d640d2775460a2104e733']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada96-6c24-456f-838b-418802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:14.000Z" ,
"modified" : "2016-03-29T19:42:14.000Z" ,
"first_observed" : "2016-03-29T19:42:14Z" ,
"last_observed" : "2016-03-29T19:42:14Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada96-6c24-456f-838b-418802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada96-6c24-456f-838b-418802de0b81" ,
"value" : "https://www.virustotal.com/file/2350f4617102c51542682219761e7a3e2cd6efd7529599dbc579ac6882c0343e/analysis/1457382241/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada96-2ddc-4677-857d-43d602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:14.000Z" ,
"modified" : "2016-03-29T19:42:14.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: 5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a" ,
"pattern" : "[file:hashes.SHA1 = 'c0fb3a4ac6b3af441b002066337bdcec330b319c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada96-ad28-4832-8cdd-4a1202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:14.000Z" ,
"modified" : "2016-03-29T19:42:14.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: 5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a" ,
"pattern" : "[file:hashes.MD5 = '54845ebfcfc257eacd0d6aeb8087d810']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada97-1ddc-4afb-9699-4dec02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:15.000Z" ,
"modified" : "2016-03-29T19:42:15.000Z" ,
"first_observed" : "2016-03-29T19:42:15Z" ,
"last_observed" : "2016-03-29T19:42:15Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada97-1ddc-4afb-9699-4dec02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada97-1ddc-4afb-9699-4dec02de0b81" ,
"value" : "https://www.virustotal.com/file/5b0e4024c12e21ca5f7552a555dc20499fd7a439a669c963ab5d02227cc1be9a/analysis/1446111848/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada97-6b88-453f-8f23-4d0302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:15.000Z" ,
"modified" : "2016-03-29T19:42:15.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9" ,
"pattern" : "[file:hashes.SHA1 = '94469cb576386f3a4ab8a1c2e994b6d42e89797f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada97-2f6c-4deb-b0cd-42f002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:15.000Z" ,
"modified" : "2016-03-29T19:42:15.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9" ,
"pattern" : "[file:hashes.MD5 = 'f04dfcdf6ebd65abc4ac02835b63680b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada98-7ffc-4449-8f1a-463602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:16.000Z" ,
"modified" : "2016-03-29T19:42:16.000Z" ,
"first_observed" : "2016-03-29T19:42:16Z" ,
"last_observed" : "2016-03-29T19:42:16Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada98-7ffc-4449-8f1a-463602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada98-7ffc-4449-8f1a-463602de0b81" ,
"value" : "https://www.virustotal.com/file/caac605b2d5dec2ec314eb0a9f9273595935791509df27f599402a92beb107b9/analysis/1446750400/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada98-2908-496b-a5af-430802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:16.000Z" ,
"modified" : "2016-03-29T19:42:16.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: d3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511" ,
"pattern" : "[file:hashes.SHA1 = 'e59a254648157f27350d0d1de1841697c663b81f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada98-9914-4cf2-9278-4cdd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:16.000Z" ,
"modified" : "2016-03-29T19:42:16.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: d3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511" ,
"pattern" : "[file:hashes.MD5 = '631a5ef483f1e12b732f9827e213f5b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada99-9c48-4414-89a7-4aae02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:17.000Z" ,
"modified" : "2016-03-29T19:42:17.000Z" ,
"first_observed" : "2016-03-29T19:42:17Z" ,
"last_observed" : "2016-03-29T19:42:17Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada99-9c48-4414-89a7-4aae02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada99-9c48-4414-89a7-4aae02de0b81" ,
"value" : "https://www.virustotal.com/file/d3ccde340b36b55dc2db2abc323f728a8c135b8d27ec18f2afc756675008b511/analysis/1457484405/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada99-224c-467d-b09d-498f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:17.000Z" ,
"modified" : "2016-03-29T19:42:17.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: 4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584" ,
"pattern" : "[file:hashes.SHA1 = 'ddc86574dda8f072aeceaf48f01507f7095ded50']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada99-a3f0-4427-a1fb-4a0202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:17.000Z" ,
"modified" : "2016-03-29T19:42:17.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: 4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584" ,
"pattern" : "[file:hashes.MD5 = '9f2273b3ff941ecebe9b04b7ce0a88a6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada99-211c-48ff-985c-484502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:17.000Z" ,
"modified" : "2016-03-29T19:42:17.000Z" ,
"first_observed" : "2016-03-29T19:42:17Z" ,
"last_observed" : "2016-03-29T19:42:17Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada99-211c-48ff-985c-484502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada99-211c-48ff-985c-484502de0b81" ,
"value" : "https://www.virustotal.com/file/4d47396e1e9c7538c59da8b5574fb8f208154cdfc6590e33b74b7e9feada7584/analysis/1448877301/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9a-2ce0-48e1-841e-4f7102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:18.000Z" ,
"modified" : "2016-03-29T19:42:18.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a" ,
"pattern" : "[file:hashes.SHA1 = 'fb403947858d896b435c03bf00f26874ab181b14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9a-0318-45ec-a1d5-462f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:18.000Z" ,
"modified" : "2016-03-29T19:42:18.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a" ,
"pattern" : "[file:hashes.MD5 = 'e2919b930e31e138185c6df14feff5ae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada9a-0130-4c13-96e2-47eb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:18.000Z" ,
"modified" : "2016-03-29T19:42:18.000Z" ,
"first_observed" : "2016-03-29T19:42:18Z" ,
"last_observed" : "2016-03-29T19:42:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada9a-0130-4c13-96e2-47eb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada9a-0130-4c13-96e2-47eb02de0b81" ,
"value" : "https://www.virustotal.com/file/afdebec93fd6e133e24809e7b476927f7403a119c428698645abd0e380048f6a/analysis/1444567214/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9b-9400-4a9d-ab10-428c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:19.000Z" ,
"modified" : "2016-03-29T19:42:19.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158" ,
"pattern" : "[file:hashes.SHA1 = '8b3e6cfac110e602cb5e1a826c504c5bec13a646']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9b-0560-4c84-be1b-4b3f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:19.000Z" ,
"modified" : "2016-03-29T19:42:19.000Z" ,
"description" : "Vawtrak hashes from email - Xchecked via VT: a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158" ,
"pattern" : "[file:hashes.MD5 = '286ff1d9bf02d7355244cde6cbcd0f2e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada9b-71b4-4f72-886d-476802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:19.000Z" ,
"modified" : "2016-03-29T19:42:19.000Z" ,
"first_observed" : "2016-03-29T19:42:19Z" ,
"last_observed" : "2016-03-29T19:42:19Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada9b-71b4-4f72-886d-476802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada9b-71b4-4f72-886d-476802de0b81" ,
"value" : "https://www.virustotal.com/file/a0b3bef0804ca6fb0dd7ab180f6cc38fa1ef4c247d152eaecf9081729cb2b158/analysis/1444225480/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9c-9728-4797-a228-4e7702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:20.000Z" ,
"modified" : "2016-03-29T19:42:20.000Z" ,
"description" : "Pony hashes - Xchecked via VT: 3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82" ,
"pattern" : "[file:hashes.SHA1 = '8adb023e542b197d8da1a736cc043c3e1c80734a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9c-7a6c-4620-bc4d-498a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:20.000Z" ,
"modified" : "2016-03-29T19:42:20.000Z" ,
"description" : "Pony hashes - Xchecked via VT: 3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82" ,
"pattern" : "[file:hashes.MD5 = 'c9daac91d4ca3a66ff890d6a6774b161']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada9c-001c-43ba-b312-483c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:20.000Z" ,
"modified" : "2016-03-29T19:42:20.000Z" ,
"first_observed" : "2016-03-29T19:42:20Z" ,
"last_observed" : "2016-03-29T19:42:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada9c-001c-43ba-b312-483c02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada9c-001c-43ba-b312-483c02de0b81" ,
"value" : "https://www.virustotal.com/file/3de2503dfdc3d108da6676565612ac8bbfc4317026fdcf99543c0de5301f4e82/analysis/1457571672/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9c-35c8-4681-96f0-48f302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:20.000Z" ,
"modified" : "2016-03-29T19:42:20.000Z" ,
"description" : "Pony hashes - Xchecked via VT: a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8" ,
"pattern" : "[file:hashes.SHA1 = '316feac35d1e448449beff96132589afc636e23f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9d-e094-4a29-80b3-4b9302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:21.000Z" ,
"modified" : "2016-03-29T19:42:21.000Z" ,
"description" : "Pony hashes - Xchecked via VT: a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8" ,
"pattern" : "[file:hashes.MD5 = '4ec46b5f4a90a49641efcf8a69a63e9f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada9d-8810-45a9-9188-48d002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:21.000Z" ,
"modified" : "2016-03-29T19:42:21.000Z" ,
"first_observed" : "2016-03-29T19:42:21Z" ,
"last_observed" : "2016-03-29T19:42:21Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada9d-8810-45a9-9188-48d002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada9d-8810-45a9-9188-48d002de0b81" ,
"value" : "https://www.virustotal.com/file/a33f5441949760569756062788077391d5a3611c6cb35a3c97ef76821261d2c8/analysis/1446111688/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9d-0f70-4730-882e-4a3c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:21.000Z" ,
"modified" : "2016-03-29T19:42:21.000Z" ,
"description" : "Pony hashes - Xchecked via VT: 6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9" ,
"pattern" : "[file:hashes.SHA1 = '2cf017acdbec6cb714a33b111fb72d7262236b39']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9e-0e5c-4899-a849-41d002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:22.000Z" ,
"modified" : "2016-03-29T19:42:22.000Z" ,
"description" : "Pony hashes - Xchecked via VT: 6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9" ,
"pattern" : "[file:hashes.MD5 = '509f565adcf837bc3620a660e6ed0f3e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada9e-83b8-4221-a9d6-462502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:22.000Z" ,
"modified" : "2016-03-29T19:42:22.000Z" ,
"first_observed" : "2016-03-29T19:42:22Z" ,
"last_observed" : "2016-03-29T19:42:22Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada9e-83b8-4221-a9d6-462502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada9e-83b8-4221-a9d6-462502de0b81" ,
"value" : "https://www.virustotal.com/file/6f8901cbe86e0633b75d772ac7b888d9f9fec7f0eff1c5c12adf1b1b20b86bd9/analysis/1446748194/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9e-82e8-4714-ac51-40ba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:22.000Z" ,
"modified" : "2016-03-29T19:42:22.000Z" ,
"description" : "Pony hashes - Xchecked via VT: a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece" ,
"pattern" : "[file:hashes.SHA1 = '9cf409ee8e4cd30d10c6012b2eb7f836048ea5dc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9f-ad6c-4d37-9077-46c402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:23.000Z" ,
"modified" : "2016-03-29T19:42:23.000Z" ,
"description" : "Pony hashes - Xchecked via VT: a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece" ,
"pattern" : "[file:hashes.MD5 = '720336f6320859841694470efa4c6da3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fada9f-29d8-4bab-aaa5-4b9c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:23.000Z" ,
"modified" : "2016-03-29T19:42:23.000Z" ,
"first_observed" : "2016-03-29T19:42:23Z" ,
"last_observed" : "2016-03-29T19:42:23Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fada9f-29d8-4bab-aaa5-4b9c02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fada9f-29d8-4bab-aaa5-4b9c02de0b81" ,
"value" : "https://www.virustotal.com/file/a2ba57cec0392cbe781ed67f3ed3ec38f9aaa1e6a232536bcddba171889b9ece/analysis/1444665100/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fada9f-547c-4538-99a1-426f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:23.000Z" ,
"modified" : "2016-03-29T19:42:23.000Z" ,
"description" : "Pony hashes - Xchecked via VT: c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd" ,
"pattern" : "[file:hashes.SHA1 = '3f2f3d1956c78a86062b367d298a154e4d755487']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa0-1074-45e5-926f-4eb702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:24.000Z" ,
"modified" : "2016-03-29T19:42:24.000Z" ,
"description" : "Pony hashes - Xchecked via VT: c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd" ,
"pattern" : "[file:hashes.MD5 = '6740944268a22221d0068dc44980dfcb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa0-cd60-4d62-b54b-4ea302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:24.000Z" ,
"modified" : "2016-03-29T19:42:24.000Z" ,
"first_observed" : "2016-03-29T19:42:24Z" ,
"last_observed" : "2016-03-29T19:42:24Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa0-cd60-4d62-b54b-4ea302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa0-cd60-4d62-b54b-4ea302de0b81" ,
"value" : "https://www.virustotal.com/file/c1afb96d2a3b436444313fde02d103ff86f9b68d7e2ca3151b64cb7caa3696cd/analysis/1454060061/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa0-7fd8-45d6-abb7-4d4102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:24.000Z" ,
"modified" : "2016-03-29T19:42:24.000Z" ,
"description" : "Pony hashes - Xchecked via VT: cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00" ,
"pattern" : "[file:hashes.SHA1 = '6cb4c15371ca9cf7e358ef3d2fc29b08835b3b92']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa0-f448-47ec-9c62-46f302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:24.000Z" ,
"modified" : "2016-03-29T19:42:24.000Z" ,
"description" : "Pony hashes - Xchecked via VT: cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00" ,
"pattern" : "[file:hashes.MD5 = '1629f6ea046aabf00dac4c75186d671f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa1-f2b8-48de-a5f3-42e402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:25.000Z" ,
"modified" : "2016-03-29T19:42:25.000Z" ,
"first_observed" : "2016-03-29T19:42:25Z" ,
"last_observed" : "2016-03-29T19:42:25Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa1-f2b8-48de-a5f3-42e402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa1-f2b8-48de-a5f3-42e402de0b81" ,
"value" : "https://www.virustotal.com/file/cbaa784cba00750ae5d46aa242fe7337022317ac3d4e02906c9068140532de00/analysis/1450259323/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa1-1b48-4e77-a8b3-4a9802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:25.000Z" ,
"modified" : "2016-03-29T19:42:25.000Z" ,
"description" : "Pony hashes - Xchecked via VT: 3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740" ,
"pattern" : "[file:hashes.SHA1 = '4cf3b9bcbbf2c16105458d8d43c19ceb064c7819']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa1-6594-41b6-81fb-49ae02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:25.000Z" ,
"modified" : "2016-03-29T19:42:25.000Z" ,
"description" : "Pony hashes - Xchecked via VT: 3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740" ,
"pattern" : "[file:hashes.MD5 = 'ff7fdc89eda550667dabf0e7b65ace8e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa2-b540-4079-a037-456a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:26.000Z" ,
"modified" : "2016-03-29T19:42:26.000Z" ,
"first_observed" : "2016-03-29T19:42:26Z" ,
"last_observed" : "2016-03-29T19:42:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa2-b540-4079-a037-456a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa2-b540-4079-a037-456a02de0b81" ,
"value" : "https://www.virustotal.com/file/3fbffc12ddeedff72e0d73e48965a9bebabe4a527b1ebc030bbbf756ce3d3740/analysis/1456864199/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa2-dc2c-402e-9c09-47c902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:26.000Z" ,
"modified" : "2016-03-29T19:42:26.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df" ,
"pattern" : "[file:hashes.SHA1 = 'cb7bfd893cfed468efcd7d45bb4cac5fee7c3e08']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa2-5390-40a9-a501-456602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:26.000Z" ,
"modified" : "2016-03-29T19:42:26.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df" ,
"pattern" : "[file:hashes.MD5 = '19b7de57b42837b0132b5f6a838aa941']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa2-67c0-4b0a-ac2a-4e3f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:26.000Z" ,
"modified" : "2016-03-29T19:42:26.000Z" ,
"first_observed" : "2016-03-29T19:42:26Z" ,
"last_observed" : "2016-03-29T19:42:26Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa2-67c0-4b0a-ac2a-4e3f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa2-67c0-4b0a-ac2a-4e3f02de0b81" ,
"value" : "https://www.virustotal.com/file/3d1e7e54db786c6aef572d1ef57ad1c26413aacbf2fd91eb700d469c550dd4df/analysis/1456254787/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa3-2bf8-47ce-b2e7-4e8502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:27.000Z" ,
"modified" : "2016-03-29T19:42:27.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b" ,
"pattern" : "[file:hashes.SHA1 = '22ac448b705ba712f2c16ba94e4546322843c191']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa3-6188-4896-895d-40b202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:27.000Z" ,
"modified" : "2016-03-29T19:42:27.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b" ,
"pattern" : "[file:hashes.MD5 = '6b8b03f00d17b0af721dc81fbecb3468']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa3-5b88-4573-983b-499f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:27.000Z" ,
"modified" : "2016-03-29T19:42:27.000Z" ,
"first_observed" : "2016-03-29T19:42:27Z" ,
"last_observed" : "2016-03-29T19:42:27Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa3-5b88-4573-983b-499f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa3-5b88-4573-983b-499f02de0b81" ,
"value" : "https://www.virustotal.com/file/3ffbe191d9326f97db4ffaf6b294c166397bf1c77d28e2ab44d41fca511ce55b/analysis/1446904476/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa4-f920-47b4-9b70-4e2002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:28.000Z" ,
"modified" : "2016-03-29T19:42:28.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011" ,
"pattern" : "[file:hashes.SHA1 = '7374a3e1871a384eb36967c274919fa4a39231af']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa4-cda8-45e8-99dd-4f2602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:28.000Z" ,
"modified" : "2016-03-29T19:42:28.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011" ,
"pattern" : "[file:hashes.MD5 = '23f2b10030a51206c7998bb1405cbae6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa4-83f0-4c6e-95df-4b9602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:28.000Z" ,
"modified" : "2016-03-29T19:42:28.000Z" ,
"first_observed" : "2016-03-29T19:42:28Z" ,
"last_observed" : "2016-03-29T19:42:28Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa4-83f0-4c6e-95df-4b9602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa4-83f0-4c6e-95df-4b9602de0b81" ,
"value" : "https://www.virustotal.com/file/eabbcb1af0022dbf1a0b4465e73b6c98458c3c3887b06df13c893a9413556011/analysis/1454652374/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa5-9b8c-4e3e-ae06-46e902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:29.000Z" ,
"modified" : "2016-03-29T19:42:29.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d" ,
"pattern" : "[file:hashes.SHA1 = 'af284c7039e6ca81afb9699d0aa706ab53b8c38f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa5-3424-43ad-9339-409f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:29.000Z" ,
"modified" : "2016-03-29T19:42:29.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d" ,
"pattern" : "[file:hashes.MD5 = 'b37353c047b71952d0f46cebdf7422cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa5-28a4-45d6-a54a-44c002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:29.000Z" ,
"modified" : "2016-03-29T19:42:29.000Z" ,
"first_observed" : "2016-03-29T19:42:29Z" ,
"last_observed" : "2016-03-29T19:42:29Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa5-28a4-45d6-a54a-44c002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa5-28a4-45d6-a54a-44c002de0b81" ,
"value" : "https://www.virustotal.com/file/6741e88fcd83fe32a8731d0714fba500ea6a3d9735b3829d51aeb7478061d93d/analysis/1455757412/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa6-84dc-4971-8d0d-4d3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:30.000Z" ,
"modified" : "2016-03-29T19:42:30.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec" ,
"pattern" : "[file:hashes.SHA1 = 'a512ad9c1a364e8b7070268dfc6d3dbed82391ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa6-d00c-4e29-94e9-4bb202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:30.000Z" ,
"modified" : "2016-03-29T19:42:30.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec" ,
"pattern" : "[file:hashes.MD5 = '02642d77b53373dc01babe77e339cfbd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa6-9ddc-4b7f-b5be-43cd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:30.000Z" ,
"modified" : "2016-03-29T19:42:30.000Z" ,
"first_observed" : "2016-03-29T19:42:30Z" ,
"last_observed" : "2016-03-29T19:42:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa6-9ddc-4b7f-b5be-43cd02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa6-9ddc-4b7f-b5be-43cd02de0b81" ,
"value" : "https://www.virustotal.com/file/b6441a6ea25a4ea5cb38f9f186805501379ceb132cfe8907d174e00dab8526ec/analysis/1456249367/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa7-ec0c-42b9-acf7-476d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:31.000Z" ,
"modified" : "2016-03-29T19:42:31.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb" ,
"pattern" : "[file:hashes.SHA1 = '7888f662d9b16b480f5e65bdbdbf4e94e1afbe4a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa7-967c-44ba-b5e9-4f1002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:31.000Z" ,
"modified" : "2016-03-29T19:42:31.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb" ,
"pattern" : "[file:hashes.MD5 = 'facec082a3cffddc43e668a3080487f5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa7-cd88-4455-8649-403502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:31.000Z" ,
"modified" : "2016-03-29T19:42:31.000Z" ,
"first_observed" : "2016-03-29T19:42:31Z" ,
"last_observed" : "2016-03-29T19:42:31Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa7-cd88-4455-8649-403502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa7-cd88-4455-8649-403502de0b81" ,
"value" : "https://www.virustotal.com/file/120d5320a59a86f9b3e0774609a3f0773d76a7d66689525a023bee7f8666f2eb/analysis/1456247097/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa8-d9c8-4c71-bd22-49c402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:32.000Z" ,
"modified" : "2016-03-29T19:42:32.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b" ,
"pattern" : "[file:hashes.SHA1 = '7226e64f011436880062d905b5582ebcfb7b7b76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa8-21a8-4b3a-95a8-41e602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:32.000Z" ,
"modified" : "2016-03-29T19:42:32.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b" ,
"pattern" : "[file:hashes.MD5 = '35badc0da0825261189f79aded5ba9ca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa8-14d8-4bd7-97dc-422902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:32.000Z" ,
"modified" : "2016-03-29T19:42:32.000Z" ,
"first_observed" : "2016-03-29T19:42:32Z" ,
"last_observed" : "2016-03-29T19:42:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa8-14d8-4bd7-97dc-422902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa8-14d8-4bd7-97dc-422902de0b81" ,
"value" : "https://www.virustotal.com/file/93941f506feca505510b60d3ccaea8127a6450836642e97bf936b8875777e26b/analysis/1456248544/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa8-8f50-4e9b-a887-491802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:32.000Z" ,
"modified" : "2016-03-29T19:42:32.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169" ,
"pattern" : "[file:hashes.SHA1 = 'a911b713b63fca165730e86619331b07195f6b95']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56fadaa9-61cc-400a-ad2f-465902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:33.000Z" ,
"modified" : "2016-03-29T19:42:33.000Z" ,
"description" : "Macro Office documents leading to Vawtrak: - Xchecked via VT: 26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169" ,
"pattern" : "[file:hashes.MD5 = '86a5b6dda0dfcab5317e52f7ffd51aca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-03-29T19:42:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--56fadaa9-01f8-4868-8d15-402302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-03-29T19:42:33.000Z" ,
"modified" : "2016-03-29T19:42:33.000Z" ,
"first_observed" : "2016-03-29T19:42:33Z" ,
"last_observed" : "2016-03-29T19:42:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--56fadaa9-01f8-4868-8d15-402302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--56fadaa9-01f8-4868-8d15-402302de0b81" ,
"value" : "https://www.virustotal.com/file/26a92873992b5a674ea953131a4effc119dee0bc74da8ffa43f4d8de7df3c169/analysis/1457575329/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}