2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--571de8da-be78-4d1d-851f-448d950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T13:09:32.000Z" ,
"modified" : "2016-04-25T13:09:32.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--571de8da-be78-4d1d-851f-448d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T13:09:32.000Z" ,
"modified" : "2016-04-25T13:09:32.000Z" ,
"name" : "OSINT - New FAREIT Strain Abuses PowerShell" ,
"published" : "2016-04-25T14:01:44Z" ,
"object_refs" : [
"x-misp-attribute--571de8e8-be8c-4f59-b5b2-4aad950d210f" ,
"observed-data--571de8fa-f540-4df1-ab19-460a950d210f" ,
"url--571de8fa-f540-4df1-ab19-460a950d210f" ,
"indicator--571deb15-7a84-4ad5-99fe-4804950d210f" ,
"indicator--571deb15-4824-409d-86e8-4692950d210f" ,
"indicator--571deb15-6290-4e20-8792-4738950d210f" ,
"indicator--571deb15-b778-4440-acbf-4bf6950d210f" ,
"indicator--571deb15-a658-458b-95f5-4654950d210f" ,
"indicator--571deb15-7dfc-44be-896f-43ff950d210f" ,
"indicator--571deb15-6974-4675-9e90-43bf950d210f" ,
"indicator--571deb22-78c0-40ea-8d6c-4e3502de0b81" ,
"indicator--571deb22-ca5c-4862-80cc-48e002de0b81" ,
"observed-data--571deb22-9160-47d9-9637-408002de0b81" ,
"url--571deb22-9160-47d9-9637-408002de0b81" ,
"indicator--571deb22-1348-4179-ab26-444502de0b81" ,
"indicator--571deb22-f794-4e33-9143-49f502de0b81" ,
"observed-data--571deb22-4568-49b2-a586-425902de0b81" ,
"url--571deb22-4568-49b2-a586-425902de0b81" ,
"indicator--571deb22-fe80-4838-a1b4-41c702de0b81" ,
"indicator--571deb23-9980-4ec2-9c3f-498e02de0b81" ,
"observed-data--571deb23-cbf0-45dd-8657-40bd02de0b81" ,
"url--571deb23-cbf0-45dd-8657-40bd02de0b81" ,
"indicator--571deb23-3e40-4959-9562-462202de0b81" ,
"indicator--571deb23-19c0-4d9c-af16-487902de0b81" ,
"observed-data--571deb23-512c-4434-a828-48f002de0b81" ,
"url--571deb23-512c-4434-a828-48f002de0b81" ,
"indicator--571deb23-a7f0-4248-b820-46d502de0b81" ,
"indicator--571deb23-3eec-43fe-b73a-4f7802de0b81" ,
"observed-data--571deb24-d2c8-4866-9b32-448802de0b81" ,
"url--571deb24-d2c8-4866-9b32-448802de0b81" ,
"indicator--571deb24-b0c8-4bdc-9b40-443c02de0b81" ,
"indicator--571deb24-4c08-4a14-a26b-498402de0b81" ,
"observed-data--571deb24-2ce8-44f5-9c39-442302de0b81" ,
"url--571deb24-2ce8-44f5-9c39-442302de0b81" ,
"indicator--571deb24-d6e8-4a42-81a0-483f02de0b81" ,
"indicator--571deb24-2bd8-4613-a160-40fc02de0b81" ,
"observed-data--571deb25-dc48-496f-9cb9-401d02de0b81" ,
"url--571deb25-dc48-496f-9cb9-401d02de0b81" ,
"observed-data--571e170d-e06c-4485-9a7a-40e802de0b81" ,
"url--571e170d-e06c-4485-9a7a-40e802de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"circl:topic=\"finance\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--571de8e8-be8c-4f59-b5b2-4aad950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T09:52:40.000Z" ,
"modified" : "2016-04-25T09:52:40.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "In 2014, we began seeing attacks that abused the Windows PowerShell. Back then, it was uncommon for malware to use this particular feature of Windows. However, there are several good reasons for an attacker to use this particular feature.\r\n\r\nFirst, users cannot easily spot any malicious behavior since PowerShell runs in the background. Secondly, PowerShell can be used to steal usernames, passwords, and other system information without an executable file being present. This makes it a powerful tool for attackers.\r\n\r\nLast March 2016, we noted that PowerWare crypto-ransomware also abused PowerShell. Recently, we spotted a new attack where PowerShell was abused to deliver a FAREIT variant. This particular family of information stealers has been around since 2011."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571de8fa-f540-4df1-ab19-460a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T09:52:58.000Z" ,
"modified" : "2016-04-25T09:52:58.000Z" ,
"first_observed" : "2016-04-25T09:52:58Z" ,
"last_observed" : "2016-04-25T09:52:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571de8fa-f540-4df1-ab19-460a950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571de8fa-f540-4df1-ab19-460a950d210f" ,
"value" : "http://blog.trendmicro.com/trendlabs-security-intelligence/new-fareit-strain-delivered-abusing-powershell/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb15-7a84-4ad5-99fe-4804950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:01:57.000Z" ,
"modified" : "2016-04-25T10:01:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:hashes.SHA1 = 'acaeb29abf2458b862646366917f44e987176ec9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:01:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb15-4824-409d-86e8-4692950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:01:57.000Z" ,
"modified" : "2016-04-25T10:01:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:hashes.SHA1 = 'cfd1a77155b9af917e22a8ac0fe16eeb26e00c6e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:01:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb15-6290-4e20-8792-4738950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:01:57.000Z" ,
"modified" : "2016-04-25T10:01:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:hashes.SHA1 = 'da3b7c89ec9ca4157af52d40db76b2c23a62a15e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:01:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb15-b778-4440-acbf-4bf6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:01:57.000Z" ,
"modified" : "2016-04-25T10:01:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:hashes.SHA1 = '03798dc7221efdcec95b991735f38b49dff29542']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:01:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb15-a658-458b-95f5-4654950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:01:57.000Z" ,
"modified" : "2016-04-25T10:01:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:hashes.SHA1 = '04fffc28bed615d7da50c0286290d452b9c5ee50']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:01:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb15-7dfc-44be-896f-43ff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:01:57.000Z" ,
"modified" : "2016-04-25T10:01:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:hashes.SHA1 = '125156e24958f18ad86cc406868948dc100791d4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:01:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb15-6974-4675-9e90-43bf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:01:57.000Z" ,
"modified" : "2016-04-25T10:01:57.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:hashes.SHA1 = '4f739261372d4adce7f152f16fbf20a5c18b8903']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:01:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb22-78c0-40ea-8d6c-4e3502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:10.000Z" ,
"modified" : "2016-04-25T10:02:10.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 4f739261372d4adce7f152f16fbf20a5c18b8903" ,
"pattern" : "[file:hashes.SHA256 = '6dceceeb1aff7b613f7bdf9259173d30cabda4a1d142af5f52e03c291c8adb9f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb22-ca5c-4862-80cc-48e002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:10.000Z" ,
"modified" : "2016-04-25T10:02:10.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 4f739261372d4adce7f152f16fbf20a5c18b8903" ,
"pattern" : "[file:hashes.MD5 = 'b3dbdb86a443be3d6e310ceb84bb4c2c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571deb22-9160-47d9-9637-408002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:10.000Z" ,
"modified" : "2016-04-25T10:02:10.000Z" ,
"first_observed" : "2016-04-25T10:02:10Z" ,
"last_observed" : "2016-04-25T10:02:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571deb22-9160-47d9-9637-408002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571deb22-9160-47d9-9637-408002de0b81" ,
"value" : "https://www.virustotal.com/file/6dceceeb1aff7b613f7bdf9259173d30cabda4a1d142af5f52e03c291c8adb9f/analysis/1461305595/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb22-1348-4179-ab26-444502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:10.000Z" ,
"modified" : "2016-04-25T10:02:10.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 125156e24958f18ad86cc406868948dc100791d4" ,
"pattern" : "[file:hashes.SHA256 = '658b0994a6ccfde063293ffbc3f2b85c4cdab2489ed5351f85011e3957e1e143']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb22-f794-4e33-9143-49f502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:10.000Z" ,
"modified" : "2016-04-25T10:02:10.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 125156e24958f18ad86cc406868948dc100791d4" ,
"pattern" : "[file:hashes.MD5 = '1eeb67994aae158dc8486269728fc177']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571deb22-4568-49b2-a586-425902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:10.000Z" ,
"modified" : "2016-04-25T10:02:10.000Z" ,
"first_observed" : "2016-04-25T10:02:10Z" ,
"last_observed" : "2016-04-25T10:02:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571deb22-4568-49b2-a586-425902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571deb22-4568-49b2-a586-425902de0b81" ,
"value" : "https://www.virustotal.com/file/658b0994a6ccfde063293ffbc3f2b85c4cdab2489ed5351f85011e3957e1e143/analysis/1461303615/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb22-fe80-4838-a1b4-41c702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:10.000Z" ,
"modified" : "2016-04-25T10:02:10.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 04fffc28bed615d7da50c0286290d452b9c5ee50" ,
"pattern" : "[file:hashes.SHA256 = '30bcc5a700e08c91095c3a8e6c52495a6b60f9ff07ac3c0b96e75befc44b1f5a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb23-9980-4ec2-9c3f-498e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:11.000Z" ,
"modified" : "2016-04-25T10:02:11.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 04fffc28bed615d7da50c0286290d452b9c5ee50" ,
"pattern" : "[file:hashes.MD5 = '8ce49433b0442f3d9d81662f9f3c9342']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571deb23-cbf0-45dd-8657-40bd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:11.000Z" ,
"modified" : "2016-04-25T10:02:11.000Z" ,
"first_observed" : "2016-04-25T10:02:11Z" ,
"last_observed" : "2016-04-25T10:02:11Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571deb23-cbf0-45dd-8657-40bd02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571deb23-cbf0-45dd-8657-40bd02de0b81" ,
"value" : "https://www.virustotal.com/file/30bcc5a700e08c91095c3a8e6c52495a6b60f9ff07ac3c0b96e75befc44b1f5a/analysis/1461393556/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb23-3e40-4959-9562-462202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:11.000Z" ,
"modified" : "2016-04-25T10:02:11.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 03798dc7221efdcec95b991735f38b49dff29542" ,
"pattern" : "[file:hashes.SHA256 = '300a50991cb2c6eb16b7e14ba5ef72a3a83c9f2b7d6cd7da259b866fbc527985']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb23-19c0-4d9c-af16-487902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:11.000Z" ,
"modified" : "2016-04-25T10:02:11.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: 03798dc7221efdcec95b991735f38b49dff29542" ,
"pattern" : "[file:hashes.MD5 = 'f43c1178362caf94e7670208b054d285']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571deb23-512c-4434-a828-48f002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:11.000Z" ,
"modified" : "2016-04-25T10:02:11.000Z" ,
"first_observed" : "2016-04-25T10:02:11Z" ,
"last_observed" : "2016-04-25T10:02:11Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571deb23-512c-4434-a828-48f002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571deb23-512c-4434-a828-48f002de0b81" ,
"value" : "https://www.virustotal.com/file/300a50991cb2c6eb16b7e14ba5ef72a3a83c9f2b7d6cd7da259b866fbc527985/analysis/1460188306/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb23-a7f0-4248-b820-46d502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:11.000Z" ,
"modified" : "2016-04-25T10:02:11.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: da3b7c89ec9ca4157af52d40db76b2c23a62a15e" ,
"pattern" : "[file:hashes.SHA256 = '5f6cfc97884476c469b11ef2c22d0d181879ba9ac1d26176f9f1b35b009a6646']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb23-3eec-43fe-b73a-4f7802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:11.000Z" ,
"modified" : "2016-04-25T10:02:11.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: da3b7c89ec9ca4157af52d40db76b2c23a62a15e" ,
"pattern" : "[file:hashes.MD5 = 'c04d18f4e9e8fd4ffba04a9ced5c27bc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571deb24-d2c8-4866-9b32-448802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:12.000Z" ,
"modified" : "2016-04-25T10:02:12.000Z" ,
"first_observed" : "2016-04-25T10:02:12Z" ,
"last_observed" : "2016-04-25T10:02:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571deb24-d2c8-4866-9b32-448802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571deb24-d2c8-4866-9b32-448802de0b81" ,
"value" : "https://www.virustotal.com/file/5f6cfc97884476c469b11ef2c22d0d181879ba9ac1d26176f9f1b35b009a6646/analysis/1461206794/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb24-b0c8-4bdc-9b40-443c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:12.000Z" ,
"modified" : "2016-04-25T10:02:12.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: cfd1a77155b9af917e22a8ac0fe16eeb26e00c6e" ,
"pattern" : "[file:hashes.SHA256 = '933e8206dd259578c14ffecf9166ac937c6f2c49f0fb8a126283f7211a442fe5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb24-4c08-4a14-a26b-498402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:12.000Z" ,
"modified" : "2016-04-25T10:02:12.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: cfd1a77155b9af917e22a8ac0fe16eeb26e00c6e" ,
"pattern" : "[file:hashes.MD5 = '10492d71bf833499217c0a3f48278dc0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571deb24-2ce8-44f5-9c39-442302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:12.000Z" ,
"modified" : "2016-04-25T10:02:12.000Z" ,
"first_observed" : "2016-04-25T10:02:12Z" ,
"last_observed" : "2016-04-25T10:02:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571deb24-2ce8-44f5-9c39-442302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571deb24-2ce8-44f5-9c39-442302de0b81" ,
"value" : "https://www.virustotal.com/file/933e8206dd259578c14ffecf9166ac937c6f2c49f0fb8a126283f7211a442fe5/analysis/1461238630/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb24-d6e8-4a42-81a0-483f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:12.000Z" ,
"modified" : "2016-04-25T10:02:12.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: acaeb29abf2458b862646366917f44e987176ec9" ,
"pattern" : "[file:hashes.SHA256 = 'c8ec0981f22303b81f5463dce7e9bb3d34f9c162710be9fb766ecaad86a9afa3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--571deb24-2bd8-4613-a160-40fc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:12.000Z" ,
"modified" : "2016-04-25T10:02:12.000Z" ,
"description" : "Imported via the freetext import. - Xchecked via VT: acaeb29abf2458b862646366917f44e987176ec9" ,
"pattern" : "[file:hashes.MD5 = 'f0e55995b81e974e9df4d1c060bc4bcc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-25T10:02:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571deb25-dc48-496f-9cb9-401d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T10:02:12.000Z" ,
"modified" : "2016-04-25T10:02:12.000Z" ,
"first_observed" : "2016-04-25T10:02:12Z" ,
"last_observed" : "2016-04-25T10:02:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571deb25-dc48-496f-9cb9-401d02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571deb25-dc48-496f-9cb9-401d02de0b81" ,
"value" : "https://www.virustotal.com/file/c8ec0981f22303b81f5463dce7e9bb3d34f9c162710be9fb766ecaad86a9afa3/analysis/1461421373/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--571e170d-e06c-4485-9a7a-40e802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-25T13:09:33.000Z" ,
"modified" : "2016-04-25T13:09:33.000Z" ,
"first_observed" : "2016-04-25T13:09:33Z" ,
"last_observed" : "2016-04-25T13:09:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--571e170d-e06c-4485-9a7a-40e802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--571e170d-e06c-4485-9a7a-40e802de0b81" ,
"value" : "https://www.virustotal.com/file/30bcc5a700e08c91095c3a8e6c52495a6b60f9ff07ac3c0b96e75befc44b1f5a/analysis/1461585661/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
