misp-circl-feed/feeds/circl/misp/570c9451-ec50-4ecc-b031-47b4950d210f.json

{
    "type": "bundle",
    "id": "bundle--570c9451-ec50-4ecc-b031-47b4950d210f",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:01.000Z",
            "modified": "2016-04-12T07:02:01.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--570c9451-ec50-4ecc-b031-47b4950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:01.000Z",
            "modified": "2016-04-12T07:02:01.000Z",
            "name": "OSINT - New Locky Variant Implements Evasion Techniques",
            "published": "2016-04-12T07:03:29Z",
            "object_refs": [
                "observed-data--570c9481-4494-46ca-8e1c-4786950d210f",
                "url--570c9481-4494-46ca-8e1c-4786950d210f",
                "x-misp-attribute--570c9491-25e4-444a-908a-4f6f950d210f",
                "indicator--570c9d58-bdb8-44a3-bf86-430f950d210f",
                "indicator--570c9d58-4dfc-4c71-adb5-4fd9950d210f",
                "indicator--570c9d58-c0e8-4224-88f7-4b29950d210f",
                "indicator--570c9d59-78b8-4656-b296-4ec1950d210f",
                "indicator--570c9d59-401c-4127-9ce6-4bfb950d210f",
                "indicator--570c9d5a-2f18-4044-93b5-4ad0950d210f",
                "indicator--570c9d5a-4d48-46f5-81f3-484a950d210f",
                "indicator--570c9d5a-b614-4327-b70d-4c76950d210f",
                "indicator--570c9d5b-31d8-4216-ba1c-4782950d210f",
                "indicator--570c9d5b-7114-42d6-b606-48b7950d210f",
                "indicator--570c9d5b-4004-4d49-9ebe-4dd2950d210f",
                "indicator--570c9d69-deac-40cc-a8ab-434502de0b81",
                "indicator--570c9d69-413c-4c5c-a624-497f02de0b81",
                "observed-data--570c9d69-599c-46bb-93ae-47a402de0b81",
                "url--570c9d69-599c-46bb-93ae-47a402de0b81",
                "indicator--570c9d6a-5670-4c74-a38f-4b9502de0b81",
                "indicator--570c9d6a-0840-4603-8eb0-4ede02de0b81",
                "observed-data--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
                "url--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
                "indicator--570c9d6b-07f8-4bfe-ab59-48d302de0b81",
                "indicator--570c9d6b-d740-4b20-8476-40c202de0b81",
                "observed-data--570c9d6b-7534-4119-88f2-40a102de0b81",
                "url--570c9d6b-7534-4119-88f2-40a102de0b81",
                "indicator--570c9d6b-8278-455e-ac9f-4a7a02de0b81",
                "indicator--570c9d6c-464c-433a-909c-4f6d02de0b81",
                "observed-data--570c9d6c-4eac-4223-83be-49c802de0b81",
                "url--570c9d6c-4eac-4223-83be-49c802de0b81",
                "indicator--570c9d6d-4c88-4759-b81c-433402de0b81",
                "indicator--570c9d6d-22ac-402c-ab98-4a6602de0b81",
                "observed-data--570c9d6d-0e78-423b-91eb-480302de0b81",
                "url--570c9d6d-0e78-423b-91eb-480302de0b81",
                "indicator--570c9d6e-f308-4bcc-98a8-47cf02de0b81",
                "indicator--570c9d6e-db38-4f2f-aa28-46ba02de0b81",
                "observed-data--570c9d6e-ac6c-4287-8f7a-474402de0b81",
                "url--570c9d6e-ac6c-4287-8f7a-474402de0b81",
                "indicator--570c9d6e-22e8-4fca-b406-48d602de0b81",
                "indicator--570c9d6f-0410-4443-8036-48a802de0b81",
                "observed-data--570c9d6f-cfa8-402c-a027-42c802de0b81",
                "url--570c9d6f-cfa8-402c-a027-42c802de0b81",
                "indicator--570c9d6f-ab88-4ce2-8f07-4c7702de0b81",
                "indicator--570c9d70-3bd4-41c1-9e82-437f02de0b81",
                "observed-data--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
                "url--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
                "indicator--570c9d70-d444-4f7a-8d3b-4c0a02de0b81",
                "indicator--570c9d71-007c-4df4-a1db-47ba02de0b81",
                "observed-data--570c9d71-864c-4ae7-af74-42a802de0b81",
                "url--570c9d71-864c-4ae7-af74-42a802de0b81",
                "indicator--570c9d71-1c64-46b8-be3e-4dc302de0b81",
                "indicator--570c9d71-faa8-4253-95ce-4fa002de0b81",
                "observed-data--570c9d72-7658-4ae1-a57c-4ce402de0b81",
                "url--570c9d72-7658-4ae1-a57c-4ce402de0b81"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\"",
                "type:OSINT",
                "malware_classification:malware-category=\"Ransomware\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9481-4494-46ca-8e1c-4786950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T06:24:01.000Z",
            "modified": "2016-04-12T06:24:01.000Z",
            "first_observed": "2016-04-12T06:24:01Z",
            "last_observed": "2016-04-12T06:24:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9481-4494-46ca-8e1c-4786950d210f"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9481-4494-46ca-8e1c-4786950d210f",
            "value": "http://blog.checkpoint.com/2016/04/11/new-locky-variant-implements-evasion-techniques/"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--570c9491-25e4-444a-908a-4f6f950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T06:24:17.000Z",
            "modified": "2016-04-12T06:24:17.000Z",
            "labels": [
                "misp:type=\"comment\"",
                "misp:category=\"External analysis\""
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "comment",
            "x_misp_value": "Following Check Point\u00e2\u20ac\u2122s recent discovery of a new communication scheme implemented by the Locky ransomware, our research teams decided to take a closer look at the inner workings of this new variant and map any new features it introduces.\r\n\r\nWhen Locky first appeared, we thoroughly analyzed its logic, like many other industry researchers. Our analysis showed that while not very sophisticated, Locky is a very efficient malware with a solid functionality and encryption algorithms. Judging by the amount of victim reports and detections generated by Locky in the past month alone, it is safe to say our observation was indeed correct.\r\n\r\nLocky\u00e2\u20ac\u2122s major drawback is not in its code, but rather in the quick and effective response by the security industry. Many successful security detections, on almost any possible security platform, caused the actors behind Locky to miss out on potential victims, as the malware was blocked from execution or even blocked altogether by internet gateways, not reaching the victim\u00e2\u20ac\u2122s computer at all. The changes we observed in this new Locky variant clearly show the Locky creators are very much aware of this fact, and therefore increased their efforts to evade security controls to gain a higher infection rate."
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d58-bdb8-44a3-bf86-430f950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:44.000Z",
            "modified": "2016-04-12T07:01:44.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = '8f708c299215e2d0e8ce557c96ec771acdbbfffa46a25330caa61fe841e23877']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d58-4dfc-4c71-adb5-4fd9950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:44.000Z",
            "modified": "2016-04-12T07:01:44.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = '003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d58-c0e8-4224-88f7-4b29950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:44.000Z",
            "modified": "2016-04-12T07:01:44.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = '2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:44Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d59-78b8-4656-b296-4ec1950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:45.000Z",
            "modified": "2016-04-12T07:01:45.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = '5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d59-401c-4127-9ce6-4bfb950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:45.000Z",
            "modified": "2016-04-12T07:01:45.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = '588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:45Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d5a-2f18-4044-93b5-4ad0950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:46.000Z",
            "modified": "2016-04-12T07:01:46.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = '64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d5a-4d48-46f5-81f3-484a950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:46.000Z",
            "modified": "2016-04-12T07:01:46.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = 'a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d5a-b614-4327-b70d-4c76950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:46.000Z",
            "modified": "2016-04-12T07:01:46.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = 'a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:46Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d5b-31d8-4216-ba1c-4782950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:47.000Z",
            "modified": "2016-04-12T07:01:47.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = 'abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d5b-7114-42d6-b606-48b7950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:47.000Z",
            "modified": "2016-04-12T07:01:47.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = 'e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d5b-4004-4d49-9ebe-4dd2950d210f",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:01:47.000Z",
            "modified": "2016-04-12T07:01:47.000Z",
            "description": "Sample",
            "pattern": "[file:hashes.SHA256 = 'f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:01:47Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d69-deac-40cc-a8ab-434502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:01.000Z",
            "modified": "2016-04-12T07:02:01.000Z",
            "description": "Sample - Xchecked via VT: f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e",
            "pattern": "[file:hashes.SHA1 = '16cc2d7f4892114c2d6c2a134e923e693868c711']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d69-413c-4c5c-a624-497f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:01.000Z",
            "modified": "2016-04-12T07:02:01.000Z",
            "description": "Sample - Xchecked via VT: f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e",
            "pattern": "[file:hashes.MD5 = 'b686846507cfdbf480e8002ca12ad2f1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:01Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d69-599c-46bb-93ae-47a402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:01.000Z",
            "modified": "2016-04-12T07:02:01.000Z",
            "first_observed": "2016-04-12T07:02:01Z",
            "last_observed": "2016-04-12T07:02:01Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d69-599c-46bb-93ae-47a402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d69-599c-46bb-93ae-47a402de0b81",
            "value": "https://www.virustotal.com/file/f229c3ffa4de0bd43eaf1f7cbad920147982dd79f6032027117e23d5f6369f7e/analysis/1460375902/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6a-5670-4c74-a38f-4b9502de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:02.000Z",
            "modified": "2016-04-12T07:02:02.000Z",
            "description": "Sample - Xchecked via VT: e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691",
            "pattern": "[file:hashes.SHA1 = '9d4f5902806c4030e6aa1f89f4a5b30f871b34d2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6a-0840-4603-8eb0-4ede02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:02.000Z",
            "modified": "2016-04-12T07:02:02.000Z",
            "description": "Sample - Xchecked via VT: e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691",
            "pattern": "[file:hashes.MD5 = '4baa17713e2937d31aaaa327ee4af83a']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:02Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:02.000Z",
            "modified": "2016-04-12T07:02:02.000Z",
            "first_observed": "2016-04-12T07:02:02Z",
            "last_observed": "2016-04-12T07:02:02Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d6a-f8dc-4480-a3e9-433b02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d6a-f8dc-4480-a3e9-433b02de0b81",
            "value": "https://www.virustotal.com/file/e608637e38fc964bee96984ed568e5095451787030d6a8f75bf9be8511a91691/analysis/1460405757/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6b-07f8-4bfe-ab59-48d302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:03.000Z",
            "modified": "2016-04-12T07:02:03.000Z",
            "description": "Sample - Xchecked via VT: abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5",
            "pattern": "[file:hashes.SHA1 = 'f32cc53d6fd08efbe38530b5c32651a432380733']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6b-d740-4b20-8476-40c202de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:03.000Z",
            "modified": "2016-04-12T07:02:03.000Z",
            "description": "Sample - Xchecked via VT: abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5",
            "pattern": "[file:hashes.MD5 = 'deaa2618c7c021fe99e742633768d7f6']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d6b-7534-4119-88f2-40a102de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:03.000Z",
            "modified": "2016-04-12T07:02:03.000Z",
            "first_observed": "2016-04-12T07:02:03Z",
            "last_observed": "2016-04-12T07:02:03Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d6b-7534-4119-88f2-40a102de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d6b-7534-4119-88f2-40a102de0b81",
            "value": "https://www.virustotal.com/file/abf1caa982e32c8eb73916083504d42e6851fcbc09772a52e815df0e4fbdcdb5/analysis/1460160638/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6b-8278-455e-ac9f-4a7a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:03.000Z",
            "modified": "2016-04-12T07:02:03.000Z",
            "description": "Sample - Xchecked via VT: a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518",
            "pattern": "[file:hashes.SHA1 = 'a8b628d6cd9da9c15fe257ad1c4df193f3e106ec']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:03Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6c-464c-433a-909c-4f6d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:04.000Z",
            "modified": "2016-04-12T07:02:04.000Z",
            "description": "Sample - Xchecked via VT: a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518",
            "pattern": "[file:hashes.MD5 = '3bbe188f3cfe4a013a0c0050b1e500aa']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:04Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d6c-4eac-4223-83be-49c802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:04.000Z",
            "modified": "2016-04-12T07:02:04.000Z",
            "first_observed": "2016-04-12T07:02:04Z",
            "last_observed": "2016-04-12T07:02:04Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d6c-4eac-4223-83be-49c802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d6c-4eac-4223-83be-49c802de0b81",
            "value": "https://www.virustotal.com/file/a5dc65cbe073898d09d2e07480f430a585cb309316cb4a32e3548b68c7416518/analysis/1460053639/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6d-4c88-4759-b81c-433402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:05.000Z",
            "modified": "2016-04-12T07:02:05.000Z",
            "description": "Sample - Xchecked via VT: a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c",
            "pattern": "[file:hashes.SHA1 = '982a12e64a3ea4042a07727c767d137745b771a9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6d-22ac-402c-ab98-4a6602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:05.000Z",
            "modified": "2016-04-12T07:02:05.000Z",
            "description": "Sample - Xchecked via VT: a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c",
            "pattern": "[file:hashes.MD5 = '8f622a4e2bce80717c71ca255af04c51']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:05Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d6d-0e78-423b-91eb-480302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:05.000Z",
            "modified": "2016-04-12T07:02:05.000Z",
            "first_observed": "2016-04-12T07:02:05Z",
            "last_observed": "2016-04-12T07:02:05Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d6d-0e78-423b-91eb-480302de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d6d-0e78-423b-91eb-480302de0b81",
            "value": "https://www.virustotal.com/file/a2e965cde2b734cc99a8f69ad1a7549ba740c5983a90490f6a3701ca2bca966c/analysis/1459941472/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6e-f308-4bcc-98a8-47cf02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:06.000Z",
            "modified": "2016-04-12T07:02:06.000Z",
            "description": "Sample - Xchecked via VT: 64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d",
            "pattern": "[file:hashes.SHA1 = 'c869a3a1030f19a1cf5e1656e3d747eee51b2ba8']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6e-db38-4f2f-aa28-46ba02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:06.000Z",
            "modified": "2016-04-12T07:02:06.000Z",
            "description": "Sample - Xchecked via VT: 64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d",
            "pattern": "[file:hashes.MD5 = '3621540d2088c6b1215a4a965348a333']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d6e-ac6c-4287-8f7a-474402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:06.000Z",
            "modified": "2016-04-12T07:02:06.000Z",
            "first_observed": "2016-04-12T07:02:06Z",
            "last_observed": "2016-04-12T07:02:06Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d6e-ac6c-4287-8f7a-474402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d6e-ac6c-4287-8f7a-474402de0b81",
            "value": "https://www.virustotal.com/file/64d51aaf4abe4e87013056277277f05c55c6554d2a7005374f254983ac846c4d/analysis/1460251565/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6e-22e8-4fca-b406-48d602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:06.000Z",
            "modified": "2016-04-12T07:02:06.000Z",
            "description": "Sample - Xchecked via VT: 588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4",
            "pattern": "[file:hashes.SHA1 = '1048807f48dd1a8b72bb36903930a91014638afd']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:06Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6f-0410-4443-8036-48a802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:07.000Z",
            "modified": "2016-04-12T07:02:07.000Z",
            "description": "Sample - Xchecked via VT: 588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4",
            "pattern": "[file:hashes.MD5 = 'f79c950fa3efc3bb29a4f15ae05448f2']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d6f-cfa8-402c-a027-42c802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:07.000Z",
            "modified": "2016-04-12T07:02:07.000Z",
            "first_observed": "2016-04-12T07:02:07Z",
            "last_observed": "2016-04-12T07:02:07Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d6f-cfa8-402c-a027-42c802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d6f-cfa8-402c-a027-42c802de0b81",
            "value": "https://www.virustotal.com/file/588dfcfe90feaedc724b80919b580e4398f1b8474f5aae979de0e76e7c6c07e4/analysis/1459908170/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d6f-ab88-4ce2-8f07-4c7702de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:07.000Z",
            "modified": "2016-04-12T07:02:07.000Z",
            "description": "Sample - Xchecked via VT: 5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051",
            "pattern": "[file:hashes.SHA1 = '251b2892efb68540bfca93c092ac88c47f3f629e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:07Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d70-3bd4-41c1-9e82-437f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:08.000Z",
            "modified": "2016-04-12T07:02:08.000Z",
            "description": "Sample - Xchecked via VT: 5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051",
            "pattern": "[file:hashes.MD5 = '8dacc97d71cefc25bad375a9b5bc67d4']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:08.000Z",
            "modified": "2016-04-12T07:02:08.000Z",
            "first_observed": "2016-04-12T07:02:08Z",
            "last_observed": "2016-04-12T07:02:08Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d70-3e9c-46ae-8993-4d5d02de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d70-3e9c-46ae-8993-4d5d02de0b81",
            "value": "https://www.virustotal.com/file/5780dde27ff31a38c269e763f3648bdabcad25d5db083c43c55502fdefe9f051/analysis/1459958907/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d70-d444-4f7a-8d3b-4c0a02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:08.000Z",
            "modified": "2016-04-12T07:02:08.000Z",
            "description": "Sample - Xchecked via VT: 2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d",
            "pattern": "[file:hashes.SHA1 = '412eb41a02682d056c61cb03c30852d397c7132c']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:08Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d71-007c-4df4-a1db-47ba02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:09.000Z",
            "modified": "2016-04-12T07:02:09.000Z",
            "description": "Sample - Xchecked via VT: 2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d",
            "pattern": "[file:hashes.MD5 = 'd8771f8d6fc74f03c453dc06284e5f5e']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d71-864c-4ae7-af74-42a802de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:09.000Z",
            "modified": "2016-04-12T07:02:09.000Z",
            "first_observed": "2016-04-12T07:02:09Z",
            "last_observed": "2016-04-12T07:02:09Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d71-864c-4ae7-af74-42a802de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d71-864c-4ae7-af74-42a802de0b81",
            "value": "https://www.virustotal.com/file/2674aebd85c3d0a384edf57c82ef22b3de5fa8aaa1217f80a1d47f71d71ae87d/analysis/1459872907/"
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d71-1c64-46b8-be3e-4dc302de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:09.000Z",
            "modified": "2016-04-12T07:02:09.000Z",
            "description": "Sample - Xchecked via VT: 003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3",
            "pattern": "[file:hashes.SHA1 = '456ca2c7c5b1fe65db7b26810cf2e2a89b8eb2c9']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--570c9d71-faa8-4253-95ce-4fa002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:09.000Z",
            "modified": "2016-04-12T07:02:09.000Z",
            "description": "Sample - Xchecked via VT: 003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3",
            "pattern": "[file:hashes.MD5 = 'ec0fae82b75ee1d7ce72b49d97dec4a1']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2016-04-12T07:02:09Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--570c9d72-7658-4ae1-a57c-4ce402de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2016-04-12T07:02:10.000Z",
            "modified": "2016-04-12T07:02:10.000Z",
            "first_observed": "2016-04-12T07:02:10Z",
            "last_observed": "2016-04-12T07:02:10Z",
            "number_observed": 1,
            "object_refs": [
                "url--570c9d72-7658-4ae1-a57c-4ce402de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--570c9d72-7658-4ae1-a57c-4ce402de0b81",
            "value": "https://www.virustotal.com/file/003d28f180472b832722435d27e216835a8a330f992797006d307f8f14c4a2d3/analysis/1460015668/"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}