2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--574efbb3-e924-4d54-a701-43a1950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:12.000Z" ,
"modified" : "2016-06-01T19:27:12.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--574efbb3-e924-4d54-a701-43a1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:12.000Z" ,
"modified" : "2016-06-01T19:27:12.000Z" ,
"name" : "OSINT - \u00d0\u2018\u00d0\u00b0\u00d0\u00bd\u00d0\u00ba\u00d0\u00be\u00d0\u00b2\u00d1\u0081\u00d0\u00ba\u00d0\u00b8\u00d0\u00b9 \u00d1\u201a\u00d1\u20ac\u00d0\u00be\u00d1\u008f\u00d0\u00bd\u00d0\u00b5\u00d1\u2020 Lurk: \u00d1\u0081\u00d0\u00bf\u00d0\u00b5\u00d1\u2020\u00d0\u00b8\u00d0\u00b0\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be \u00d0\u00b4\u00d0\u00bb\u00d1\u008f \u00d0\u00a0\u00d0\u00be\u00d1\u0081\u00d1\u0081\u00d0\u00b8\u00d0\u00b8 (Banking Trojan Lurk: specially for Russia)" ,
"published" : "2016-06-01T19:42:23Z" ,
"object_refs" : [
"observed-data--574efbd4-f9b8-4aa2-b31f-48f1950d210f" ,
"url--574efbd4-f9b8-4aa2-b31f-48f1950d210f" ,
"indicator--574efbff-2ef4-45f6-b455-4990950d210f" ,
"indicator--574efbff-994c-473b-b7a1-4ae0950d210f" ,
"indicator--574efc00-c2e8-4190-9e4c-40e8950d210f" ,
"indicator--574efc00-a578-4a72-bb53-482f950d210f" ,
"indicator--574efc00-57fc-4cf3-9f44-4f4e950d210f" ,
"indicator--574efc01-303c-4f04-89f6-4426950d210f" ,
"indicator--574efc01-d3a0-4ffe-9c5c-4bb1950d210f" ,
"indicator--574efc02-d4e4-4068-92b2-4b78950d210f" ,
"indicator--574efc02-3138-4e80-8bb2-49c4950d210f" ,
"indicator--574efc02-63e0-467c-a215-4407950d210f" ,
"indicator--574efc03-3734-473e-9db2-4f11950d210f" ,
"indicator--574efc03-3560-4486-941b-4b93950d210f" ,
"indicator--574efc03-3864-4d45-814f-4ec1950d210f" ,
"indicator--574efc04-10f4-4f06-9a2c-43f1950d210f" ,
"indicator--574efc04-21b0-4079-bb67-45a8950d210f" ,
"indicator--574efc05-bf10-44c2-aa32-4efc950d210f" ,
"indicator--574efc05-45e8-4d65-ba1c-480d950d210f" ,
"indicator--574efc05-882c-4ce1-89fb-45ec950d210f" ,
"indicator--574efc06-4430-411c-996e-4641950d210f" ,
"indicator--574efc06-47c8-49b5-ab5b-43a3950d210f" ,
"indicator--574efc07-9e1c-42db-a479-4634950d210f" ,
"indicator--574efc07-b754-4de4-97b9-4c1d950d210f" ,
"indicator--574efc2b-1b88-40a7-a601-42a7950d210f" ,
"indicator--574f35bf-19ac-45a6-bc81-4958950d210f" ,
"indicator--574f35bf-5010-4a41-8d93-4b73950d210f" ,
"indicator--574f35c0-6688-4bea-885c-4958950d210f" ,
"indicator--574f35c0-0fb0-4ac7-84c0-4dcc950d210f" ,
"indicator--574f35c0-1cac-472f-8b82-4799950d210f" ,
"indicator--574f35c0-8b00-4f4e-aae7-483b950d210f" ,
"indicator--574f35c0-8268-4442-8d81-4bd5950d210f" ,
"indicator--574f35c0-28ac-4651-bb0d-4f24950d210f" ,
"indicator--574f35c1-b764-4f09-994c-4126950d210f" ,
"indicator--574f35c1-eb58-4dc5-b57d-48d3950d210f" ,
"indicator--574f35c1-7cf0-4c4b-a535-43c3950d210f" ,
"indicator--574f35c1-d868-49f8-bca7-4e28950d210f" ,
"indicator--574f35c1-7a28-4a02-8529-44c3950d210f" ,
"indicator--574f35c2-c4e8-42e2-a102-44cd950d210f" ,
"indicator--574f35c2-f084-4457-b58d-4f2a950d210f" ,
"indicator--574f35c2-3a8c-4fe0-968d-4ea5950d210f" ,
"indicator--574f35d1-128c-470f-a915-4039950d210f" ,
"indicator--574f35e0-d160-4649-ad3d-4911950d210f" ,
"indicator--574f35e1-8cbc-40c9-afa0-49eb950d210f" ,
"indicator--574f35f1-c740-420e-a270-4b22950d210f" ,
"indicator--574f35f1-4614-4a5f-8901-4b52950d210f" ,
"indicator--574f35f1-2ac4-4ba2-b223-487a950d210f" ,
"indicator--574f35f1-3200-4f87-b837-4923950d210f" ,
"indicator--574f360b-ac64-421d-853f-3834950d210f" ,
"indicator--574f360b-fc0c-4304-b0e4-3834950d210f" ,
"indicator--574f360b-985c-46fc-82e3-3834950d210f" ,
"indicator--574f361b-4e08-4b0d-970b-45c0950d210f" ,
"indicator--574f361b-f084-4bbc-b9d4-4f20950d210f" ,
"indicator--574f365c-3784-4835-81bf-9bee950d210f" ,
"indicator--574f365d-d9b8-4fd3-a62f-9bee950d210f" ,
"indicator--574f365d-dc1c-41b7-988c-9bee950d210f" ,
"indicator--574f365d-db00-4686-a808-9bee950d210f" ,
"indicator--574f365d-9db4-4f72-a516-9bee950d210f" ,
"indicator--574f365d-af2c-413c-9b91-9bee950d210f" ,
"indicator--574f365e-96a4-4dbd-854b-9bee950d210f" ,
"indicator--574f365e-9204-40a5-a8c7-9bee950d210f" ,
"indicator--574f365e-85b8-4139-879f-9bee950d210f" ,
"indicator--574f365e-e6e8-47cf-86e4-9bee950d210f" ,
"indicator--574f365e-83e8-468a-b709-9bee950d210f" ,
"indicator--574f365f-2f90-4390-b60f-9bee950d210f" ,
"indicator--574f365f-1c60-45e9-abfb-9bee950d210f" ,
"indicator--574f365f-2a9c-450d-a3ff-9bee950d210f" ,
"indicator--574f365f-f604-40f2-9ff6-9bee950d210f" ,
"indicator--574f36a8-4628-4ceb-8f71-483c950d210f" ,
"indicator--574f36a9-c108-484f-b638-450b950d210f" ,
"indicator--574f36a9-e55c-4242-9415-485d950d210f" ,
"indicator--574f36a9-5270-41fb-ba5d-474b950d210f" ,
"indicator--574f36a9-b548-49fa-b8fe-4022950d210f" ,
"indicator--574f36a9-a0ac-41ee-a1f3-4cf9950d210f" ,
"indicator--574f36a9-2f0c-42d3-8b04-4abb950d210f" ,
"indicator--574f36aa-b4d0-4940-93b3-45a5950d210f" ,
"indicator--574f36aa-f5c4-4955-9c09-41be950d210f" ,
"indicator--574f36aa-0570-45cc-8930-4bcb950d210f" ,
"indicator--574f36aa-ea00-4f8d-ba2d-4793950d210f" ,
"indicator--574f36aa-6668-4576-9fc9-481a950d210f" ,
"indicator--574f36aa-4ecc-4266-8d4f-49df950d210f" ,
"indicator--574f36ab-01a8-4cb5-91dc-4ee0950d210f" ,
"indicator--574f36ab-4d24-4350-bed4-4f72950d210f" ,
"indicator--574f36ab-55a0-489c-acf0-4be1950d210f" ,
"indicator--574f36ab-825c-455b-bd9b-4fb0950d210f" ,
"indicator--574f36ab-2204-459c-a10e-40fb950d210f" ,
"indicator--574f36ab-b518-415f-8162-4015950d210f" ,
"indicator--574f36ac-f478-4c48-960f-48ca950d210f" ,
"observed-data--574f36c5-6f2c-4b7d-ace5-4be6950d210f" ,
"windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f" ,
"observed-data--574f36c6-39c8-4b44-b2ed-463d950d210f" ,
"windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f" ,
"observed-data--574f36c6-c4d8-4d45-9bb1-4717950d210f" ,
"windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f" ,
"observed-data--574f36c6-f690-4b74-a78a-40d8950d210f" ,
"windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f" ,
"indicator--574f3711-4f90-44e0-ba54-9bee02de0b81" ,
"indicator--574f3711-1b5c-4f61-8e1f-9bee02de0b81" ,
"observed-data--574f3711-dfb0-4a01-840a-9bee02de0b81" ,
"url--574f3711-dfb0-4a01-840a-9bee02de0b81" ,
"indicator--574f3711-1ab8-4aae-8df6-9bee02de0b81" ,
"indicator--574f3711-7518-456d-847e-9bee02de0b81" ,
"observed-data--574f3711-6b50-4350-9da8-9bee02de0b81" ,
"url--574f3711-6b50-4350-9da8-9bee02de0b81" ,
"indicator--574f3712-96a0-4400-b793-9bee02de0b81" ,
"indicator--574f3712-59dc-4956-80f7-9bee02de0b81" ,
"observed-data--574f3712-bc1c-42c3-a004-9bee02de0b81" ,
"url--574f3712-bc1c-42c3-a004-9bee02de0b81" ,
"indicator--574f3712-d2d8-43fe-9f3b-9bee02de0b81" ,
"indicator--574f3712-7054-487d-a64a-9bee02de0b81" ,
"observed-data--574f3712-230c-4b42-b048-9bee02de0b81" ,
"url--574f3712-230c-4b42-b048-9bee02de0b81" ,
"indicator--574f3713-154c-4a09-83a3-9bee02de0b81" ,
"indicator--574f3713-9f40-42d8-a3c9-9bee02de0b81" ,
"observed-data--574f3713-d628-4a92-bf99-9bee02de0b81" ,
"url--574f3713-d628-4a92-bf99-9bee02de0b81" ,
"indicator--574f3713-9590-4e27-b1d5-9bee02de0b81" ,
"indicator--574f3713-504c-401f-ae58-9bee02de0b81" ,
"observed-data--574f3713-0444-48a0-a52b-9bee02de0b81" ,
"url--574f3713-0444-48a0-a52b-9bee02de0b81" ,
"indicator--574f3714-4be0-462b-8e7c-9bee02de0b81" ,
"indicator--574f3714-04cc-4a52-adc6-9bee02de0b81" ,
"observed-data--574f3714-8e68-4f32-a906-9bee02de0b81" ,
"url--574f3714-8e68-4f32-a906-9bee02de0b81" ,
"indicator--574f3714-7b44-46a4-aa25-9bee02de0b81" ,
"indicator--574f3714-dc44-40c7-b8e3-9bee02de0b81" ,
"observed-data--574f3714-5124-4259-bf2d-9bee02de0b81" ,
"url--574f3714-5124-4259-bf2d-9bee02de0b81" ,
"indicator--574f3715-0344-4573-8920-9bee02de0b81" ,
"indicator--574f3715-0fd4-4a9f-b632-9bee02de0b81" ,
"observed-data--574f3715-1220-4311-86c9-9bee02de0b81" ,
"url--574f3715-1220-4311-86c9-9bee02de0b81" ,
"indicator--574f3715-1694-4a51-b3e2-9bee02de0b81" ,
"indicator--574f3715-7654-46f1-acae-9bee02de0b81" ,
"observed-data--574f3715-a540-4403-8b03-9bee02de0b81" ,
"url--574f3715-a540-4403-8b03-9bee02de0b81" ,
"indicator--574f3716-b01c-42fa-9200-9bee02de0b81" ,
"indicator--574f3716-7bc8-4050-b2eb-9bee02de0b81" ,
"observed-data--574f3716-d86c-4cfb-8549-9bee02de0b81" ,
"url--574f3716-d86c-4cfb-8549-9bee02de0b81" ,
"indicator--574f3716-5db0-4532-97de-9bee02de0b81" ,
"indicator--574f3716-c6a4-4360-bd4d-9bee02de0b81" ,
"observed-data--574f3716-cba4-424c-b9d6-9bee02de0b81" ,
"url--574f3716-cba4-424c-b9d6-9bee02de0b81" ,
"indicator--574f3717-6058-46cb-b329-9bee02de0b81" ,
"indicator--574f3717-c13c-4d0f-96fd-9bee02de0b81" ,
"observed-data--574f3717-ca98-49a2-b654-9bee02de0b81" ,
"url--574f3717-ca98-49a2-b654-9bee02de0b81" ,
"indicator--574f3717-692c-4098-9822-9bee02de0b81" ,
"indicator--574f3717-c25c-40d9-bd0a-9bee02de0b81" ,
"observed-data--574f3717-8824-4571-a417-9bee02de0b81" ,
"url--574f3717-8824-4571-a417-9bee02de0b81" ,
"indicator--574f3718-2420-4139-a231-9bee02de0b81" ,
"indicator--574f3718-eefc-48c6-b20d-9bee02de0b81" ,
"observed-data--574f3718-faa8-4b8c-aa4d-9bee02de0b81" ,
"url--574f3718-faa8-4b8c-aa4d-9bee02de0b81" ,
"indicator--574f3718-1a68-436c-b666-9bee02de0b81" ,
"indicator--574f3718-d260-4817-8f62-9bee02de0b81" ,
"observed-data--574f3718-7bac-4d99-9325-9bee02de0b81" ,
"url--574f3718-7bac-4d99-9325-9bee02de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"circl:topic=\"finance\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574efbd4-f9b8-4aa2-b31f-48f1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:14:28.000Z" ,
"modified" : "2016-06-01T15:14:28.000Z" ,
"first_observed" : "2016-06-01T15:14:28Z" ,
"last_observed" : "2016-06-01T15:14:28Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574efbd4-f9b8-4aa2-b31f-48f1950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574efbd4-f9b8-4aa2-b31f-48f1950d210f" ,
"value" : "https://securelist.ru/featured/28708/bankovskij-troyanec-lurk-specialno-dlya-rossii/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efbff-2ef4-45f6-b455-4990950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:11.000Z" ,
"modified" : "2016-06-01T15:15:11.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = '3d4vzfh68.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efbff-994c-473b-b7a1-4ae0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:11.000Z" ,
"modified" : "2016-06-01T15:15:11.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = '43xkchcoljx.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc00-c2e8-4190-9e4c-40e8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:12.000Z" ,
"modified" : "2016-06-01T15:15:12.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'carlton69f.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc00-a578-4a72-bb53-482f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:12.000Z" ,
"modified" : "2016-06-01T15:15:12.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'diameter40i.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc00-57fc-4cf3-9f44-4f4e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:12.000Z" ,
"modified" : "2016-06-01T15:15:12.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'elijah69valery.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc01-303c-4f04-89f6-4426950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:13.000Z" ,
"modified" : "2016-06-01T15:15:13.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'embassy96k.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc01-d3a0-4ffe-9c5c-4bb1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:13.000Z" ,
"modified" : "2016-06-01T15:15:13.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'evince76lambert.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc02-d4e4-4068-92b2-4b78950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:14.000Z" ,
"modified" : "2016-06-01T15:15:14.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'globe79stanhope.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc02-3138-4e80-8bb2-49c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:14.000Z" ,
"modified" : "2016-06-01T15:15:14.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'groom58queasy.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc02-63e0-467c-a215-4407950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:14.000Z" ,
"modified" : "2016-06-01T15:15:14.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'hackle14strand.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc03-3734-473e-9db2-4f11950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:15.000Z" ,
"modified" : "2016-06-01T15:15:15.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'hotbed89internal.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc03-3560-4486-941b-4b93950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:15.000Z" ,
"modified" : "2016-06-01T15:15:15.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'mechanic17a.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc03-3864-4d45-814f-4ec1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:15.000Z" ,
"modified" : "2016-06-01T15:15:15.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'paper17cried.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc04-10f4-4f06-9a2c-43f1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:16.000Z" ,
"modified" : "2016-06-01T15:15:16.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'plaguey42u.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc04-21b0-4079-bb67-45a8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:16.000Z" ,
"modified" : "2016-06-01T15:15:16.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'possum89hilarity.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc05-bf10-44c2-aa32-4efc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:17.000Z" ,
"modified" : "2016-06-01T15:15:17.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'rhythmic81o.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc05-45e8-4d65-ba1c-480d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:17.000Z" ,
"modified" : "2016-06-01T15:15:17.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'ri493hfkzrb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc05-882c-4ce1-89fb-45ec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:17.000Z" ,
"modified" : "2016-06-01T15:15:17.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'roomful44e.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc06-4430-411c-996e-4641950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:18.000Z" ,
"modified" : "2016-06-01T15:15:18.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 's8f40ocjv.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc06-47c8-49b5-ab5b-43a3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:18.000Z" ,
"modified" : "2016-06-01T15:15:18.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'scale57banana.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc07-9e1c-42db-a479-4634950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:19.000Z" ,
"modified" : "2016-06-01T15:15:19.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'wing97pyroxene.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc07-b754-4de4-97b9-4c1d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:19.000Z" ,
"modified" : "2016-06-01T15:15:19.000Z" ,
"description" : "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server" ,
"pattern" : "[domain-name:value = 'yf3zf90kz.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574efc2b-1b88-40a7-a601-42a7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T15:15:55.000Z" ,
"modified" : "2016-06-01T15:15:55.000Z" ,
"pattern" : "[alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\u00c2\u00bbBot.Lurk.HTTP.C&C\u00c2\u00bb; flow:established,to_server; content:\u00c2\u00bbPOST\u00c2\u00bb; pcre:\u00c2\u00bb/\\?hl=[a-z]+&source=[^\\r\\n&]+&q=[^\\r\\n&]+/msi\u00c2\u00bb;)]" ,
"pattern_type" : "snort" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T15:15:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"snort\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35bf-19ac-45a6-bc81-4958950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:35.000Z" ,
"modified" : "2016-06-01T19:21:35.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '185c8ffa99ba1e9b06d1a5effae7b842']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35bf-5010-4a41-8d93-4b73950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:35.000Z" ,
"modified" : "2016-06-01T19:21:35.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '2f3259f58a33176d938cbd9bc342fddd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c0-6688-4bea-885c-4958950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:36.000Z" ,
"modified" : "2016-06-01T19:21:36.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '217dab08b62b6f892a7d33e05e7f788c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c0-0fb0-4ac7-84c0-4dcc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:36.000Z" ,
"modified" : "2016-06-01T19:21:36.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '3387e820f0f67ff00cf0c6d0f5ea2b75']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c0-1cac-472f-8b82-4799950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:36.000Z" ,
"modified" : "2016-06-01T19:21:36.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '36db67ccadc59d27cd4adf5f0944330d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c0-8b00-4f4e-aae7-483b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:36.000Z" ,
"modified" : "2016-06-01T19:21:36.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '6548d3304e5da11ed2bed0551c3d6922']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c0-8268-4442-8d81-4bd5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:36.000Z" ,
"modified" : "2016-06-01T19:21:36.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '72d272a8198f1e5849207bc03024922d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c0-28ac-4651-bb0d-4f24950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:36.000Z" ,
"modified" : "2016-06-01T19:21:36.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = '85b66824a7f2787e87079903f0adebdf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c1-b764-4f09-994c-4126950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:37.000Z" ,
"modified" : "2016-06-01T19:21:37.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'b4ffad760a52760fbd4ce25d7422a07b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c1-eb58-4dc5-b57d-48d3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:37.000Z" ,
"modified" : "2016-06-01T19:21:37.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'c461706e084880a9f0409e3a6b1f1ecd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c1-7cf0-4c4b-a535-43c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:37.000Z" ,
"modified" : "2016-06-01T19:21:37.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'd0b4c0b43f539384bbdc103182e7ff42']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c1-d868-49f8-bca7-4e28950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:37.000Z" ,
"modified" : "2016-06-01T19:21:37.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'e006469ea4b34c757fd1aa38e6bdaa72']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c1-7a28-4a02-8529-44c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:37.000Z" ,
"modified" : "2016-06-01T19:21:37.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'e305b5d37b04a2d5d9aa8499bbf88940']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c2-c4e8-42e2-a102-44cd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:38.000Z" ,
"modified" : "2016-06-01T19:21:38.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'e9cab9097e7f847b388b1c27425d6e9a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c2-f084-4457-b58d-4f2a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:38.000Z" ,
"modified" : "2016-06-01T19:21:38.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'e9da19440fca6f0747bdee8c7985917f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35c2-3a8c-4fe0-968d-4ea5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:38.000Z" ,
"modified" : "2016-06-01T19:21:38.000Z" ,
"description" : "mini" ,
"pattern" : "[file:hashes.MD5 = 'f5022eae8004458174c10cb80cce5317']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35d1-128c-470f-a915-4039950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:21:53.000Z" ,
"modified" : "2016-06-01T19:21:53.000Z" ,
"description" : "prescanner" ,
"pattern" : "[file:hashes.MD5 = 'a802968403162f6979d72e04597b6d1f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:21:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35e0-d160-4649-ad3d-4911950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:08.000Z" ,
"modified" : "2016-06-01T19:22:08.000Z" ,
"description" : "core" ,
"pattern" : "[file:hashes.MD5 = 'c15e18aff4cdc76e99c7cb34d4782dda']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35e1-8cbc-40c9-afa0-49eb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:09.000Z" ,
"modified" : "2016-06-01T19:22:09.000Z" ,
"description" : "core" ,
"pattern" : "[file:hashes.MD5 = '8643e70f8c639c6a9db527285aa3bdf7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35f1-c740-420e-a270-4b22950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:25.000Z" ,
"modified" : "2016-06-01T19:22:25.000Z" ,
"description" : "ibank.dll" ,
"pattern" : "[file:hashes.MD5 = 'a6c032b192a8edef236b30f13bbff204']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35f1-4614-4a5f-8901-4b52950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:25.000Z" ,
"modified" : "2016-06-01T19:22:25.000Z" ,
"description" : "ibank.dll" ,
"pattern" : "[file:hashes.MD5 = '4cb6ca447c130554ff16787a56a1e278']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35f1-2ac4-4ba2-b223-487a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:25.000Z" ,
"modified" : "2016-06-01T19:22:25.000Z" ,
"description" : "ibank.dll" ,
"pattern" : "[file:hashes.MD5 = 'bfe73de645c4d65d15228bd9a3eba1b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f35f1-3200-4f87-b837-4923950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:25.000Z" ,
"modified" : "2016-06-01T19:22:25.000Z" ,
"description" : "ibank.dll" ,
"pattern" : "[file:hashes.MD5 = 'cc891b715c4d81143491164bff23bf27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f360b-ac64-421d-853f-3834950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:51.000Z" ,
"modified" : "2016-06-01T19:22:51.000Z" ,
"description" : "module_vnc" ,
"pattern" : "[file:hashes.MD5 = '601f0691d03cd81d94ad7be13a10a4db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f360b-fc0c-4304-b0e4-3834950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:51.000Z" ,
"modified" : "2016-06-01T19:22:51.000Z" ,
"description" : "module_vnc" ,
"pattern" : "[file:hashes.MD5 = '6e5adf6246c5f8a4d5f4f6bbfc5033b9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f360b-985c-46fc-82e3-3834950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:22:51.000Z" ,
"modified" : "2016-06-01T19:22:51.000Z" ,
"description" : "module_vnc" ,
"pattern" : "[file:hashes.MD5 = '78edd93cea9bedb90e55de6d71cea9c4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:22:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f361b-4e08-4b0d-970b-45c0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:23:07.000Z" ,
"modified" : "2016-06-01T19:23:07.000Z" ,
"description" : "w3bank.dll" ,
"pattern" : "[file:hashes.MD5 = '1b84e30d4df8675dc971ccb9bee7fdf5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:23:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f361b-f084-4bbc-b9d4-4f20950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:23:07.000Z" ,
"modified" : "2016-06-01T19:23:07.000Z" ,
"description" : "w3bank.dll" ,
"pattern" : "[file:hashes.MD5 = '3a078d5d595b0f41ad74e1d5a05f7896']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:23:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365c-3784-4835-81bf-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:12.000Z" ,
"modified" : "2016-06-01T19:24:12.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\ddd2.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365d-d9b8-4fd3-a62f-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:13.000Z" ,
"modified" : "2016-06-01T19:24:13.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\pdk2.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365d-dc1c-41b7-988c-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:13.000Z" ,
"modified" : "2016-06-01T19:24:13.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\km48.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365d-db00-4686-a808-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:13.000Z" ,
"modified" : "2016-06-01T19:24:13.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\9llq.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365d-9db4-4f72-a516-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:13.000Z" ,
"modified" : "2016-06-01T19:24:13.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\ddqq.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365d-af2c-413c-9b91-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:13.000Z" ,
"modified" : "2016-06-01T19:24:13.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\834r.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365e-96a4-4dbd-854b-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:14.000Z" ,
"modified" : "2016-06-01T19:24:14.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\gi4q.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365e-9204-40a5-a8c7-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:14.000Z" ,
"modified" : "2016-06-01T19:24:14.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\wu3w.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365e-85b8-4139-879f-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:14.000Z" ,
"modified" : "2016-06-01T19:24:14.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\qq34.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365e-e6e8-47cf-86e4-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:14.000Z" ,
"modified" : "2016-06-01T19:24:14.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\dqd6.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365e-83e8-468a-b709-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:14.000Z" ,
"modified" : "2016-06-01T19:24:14.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\w4ff.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365f-2f90-4390-b60f-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:15.000Z" ,
"modified" : "2016-06-01T19:24:15.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\ok4l.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365f-1c60-45e9-abfb-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:15.000Z" ,
"modified" : "2016-06-01T19:24:15.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\kfii.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365f-2a9c-450d-a3ff-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:15.000Z" ,
"modified" : "2016-06-01T19:24:15.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\ie31.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f365f-f604-40f2-9ff6-9bee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:24:15.000Z" ,
"modified" : "2016-06-01T19:24:15.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\4433.dat']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:24:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36a8-4628-4ceb-8f71-483c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:28.000Z" ,
"modified" : "2016-06-01T19:25:28.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\API32.DLL']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36a9-c108-484f-b638-450b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:29.000Z" ,
"modified" : "2016-06-01T19:25:29.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\dlg.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36a9-e55c-4242-9415-485d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:29.000Z" ,
"modified" : "2016-06-01T19:25:29.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\mm.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36a9-5270-41fb-ba5d-474b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:29.000Z" ,
"modified" : "2016-06-01T19:25:29.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\setup.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36a9-b548-49fa-b8fe-4022950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:29.000Z" ,
"modified" : "2016-06-01T19:25:29.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\help.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36a9-a0ac-41ee-a1f3-4cf9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:29.000Z" ,
"modified" : "2016-06-01T19:25:29.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\mi.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36a9-2f0c-42d3-8b04-4abb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:29.000Z" ,
"modified" : "2016-06-01T19:25:29.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\http.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36aa-b4d0-4940-93b3-45a5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:30.000Z" ,
"modified" : "2016-06-01T19:25:30.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\wapi.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36aa-f5c4-4955-9c09-41be950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:30.000Z" ,
"modified" : "2016-06-01T19:25:30.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\ER32.DLL']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36aa-0570-45cc-8930-4bcb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:30.000Z" ,
"modified" : "2016-06-01T19:25:30.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\core.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36aa-ea00-4f8d-ba2d-4793950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:30.000Z" ,
"modified" : "2016-06-01T19:25:30.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\theme.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36aa-6668-4576-9fc9-481a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:30.000Z" ,
"modified" : "2016-06-01T19:25:30.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\vw.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36aa-4ecc-4266-8d4f-49df950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:30.000Z" ,
"modified" : "2016-06-01T19:25:30.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\el32.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36ab-01a8-4cb5-91dc-4ee0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:31.000Z" ,
"modified" : "2016-06-01T19:25:31.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\sta.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36ab-4d24-4350-bed4-4f72950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:31.000Z" ,
"modified" : "2016-06-01T19:25:31.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\p10.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36ab-55a0-489c-acf0-4be1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:31.000Z" ,
"modified" : "2016-06-01T19:25:31.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\fc.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36ab-825c-455b-bd9b-4fb0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:31.000Z" ,
"modified" : "2016-06-01T19:25:31.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\in_32.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36ab-2204-459c-a10e-40fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:31.000Z" ,
"modified" : "2016-06-01T19:25:31.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\pool.drv']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36ab-b518-415f-8162-4015950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:31.000Z" ,
"modified" : "2016-06-01T19:25:31.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\env.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f36ac-f478-4c48-960f-48ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:32.000Z" ,
"modified" : "2016-06-01T19:25:32.000Z" ,
"description" : "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module" ,
"pattern" : "[file:name = '\\\\%APPDATA\\\\%\\\\man.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:25:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f36c5-6f2c-4b7d-ace5-4be6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:57.000Z" ,
"modified" : "2016-06-01T19:25:57.000Z" ,
"first_observed" : "2016-06-01T19:25:57Z" ,
"last_observed" : "2016-06-01T19:25:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f"
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Persistence mechanism\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f" ,
"key" : "HKCU\\Software\\Classes\\CLSID\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f36c6-39c8-4b44-b2ed-463d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:58.000Z" ,
"modified" : "2016-06-01T19:25:58.000Z" ,
"first_observed" : "2016-06-01T19:25:58Z" ,
"last_observed" : "2016-06-01T19:25:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f"
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Persistence mechanism\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f" ,
"key" : "HKLM\\Software\\Classes\\CLSID\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f36c6-c4d8-4d45-9bb1-4717950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:58.000Z" ,
"modified" : "2016-06-01T19:25:58.000Z" ,
"first_observed" : "2016-06-01T19:25:58Z" ,
"last_observed" : "2016-06-01T19:25:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f"
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Persistence mechanism\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f" ,
"key" : "HKCU\\Software\\Classes\\Drive\\ShellEx\\FolderExtensions\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f36c6-f690-4b74-a78a-40d8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:25:58.000Z" ,
"modified" : "2016-06-01T19:25:58.000Z" ,
"first_observed" : "2016-06-01T19:25:58Z" ,
"last_observed" : "2016-06-01T19:25:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f"
] ,
"labels" : [
"misp:type=\"regkey\"" ,
"misp:category=\"Persistence mechanism\""
]
} ,
{
"type" : "windows-registry-key" ,
"spec_version" : "2.1" ,
"id" : "windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f" ,
"key" : "HKLM\\Software\\Classes\\Drive\\ShellEx\\FolderExtensions\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3711-4f90-44e0-ba54-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:13.000Z" ,
"modified" : "2016-06-01T19:27:13.000Z" ,
"description" : "ibank.dll - Xchecked via VT: bfe73de645c4d65d15228bd9a3eba1b6" ,
"pattern" : "[file:hashes.SHA256 = '28ea842ac685057d44aebf577f11cc4435d354c2df9a1d13a06da7bcd3a6ad4b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3711-1b5c-4f61-8e1f-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:13.000Z" ,
"modified" : "2016-06-01T19:27:13.000Z" ,
"description" : "ibank.dll - Xchecked via VT: bfe73de645c4d65d15228bd9a3eba1b6" ,
"pattern" : "[file:hashes.SHA1 = '0aafd9da1f28bcd5111cb1cbff1ea2f1f2f9b1c0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3711-dfb0-4a01-840a-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:13.000Z" ,
"modified" : "2016-06-01T19:27:13.000Z" ,
"first_observed" : "2016-06-01T19:27:13Z" ,
"last_observed" : "2016-06-01T19:27:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3711-dfb0-4a01-840a-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3711-dfb0-4a01-840a-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/28ea842ac685057d44aebf577f11cc4435d354c2df9a1d13a06da7bcd3a6ad4b/analysis/1427919750/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3711-1ab8-4aae-8df6-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:13.000Z" ,
"modified" : "2016-06-01T19:27:13.000Z" ,
"description" : "ibank.dll - Xchecked via VT: 4cb6ca447c130554ff16787a56a1e278" ,
"pattern" : "[file:hashes.SHA256 = '557f4c79bb48103a6b7863e33691c32701cbb6d62ece8e2ad099328d371c4216']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3711-7518-456d-847e-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:13.000Z" ,
"modified" : "2016-06-01T19:27:13.000Z" ,
"description" : "ibank.dll - Xchecked via VT: 4cb6ca447c130554ff16787a56a1e278" ,
"pattern" : "[file:hashes.SHA1 = '213c19798e5573e40e8e1d0c9330ca37b52eb70d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3711-6b50-4350-9da8-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:13.000Z" ,
"modified" : "2016-06-01T19:27:13.000Z" ,
"first_observed" : "2016-06-01T19:27:13Z" ,
"last_observed" : "2016-06-01T19:27:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3711-6b50-4350-9da8-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3711-6b50-4350-9da8-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/557f4c79bb48103a6b7863e33691c32701cbb6d62ece8e2ad099328d371c4216/analysis/1438407850/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3712-96a0-4400-b793-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:14.000Z" ,
"modified" : "2016-06-01T19:27:14.000Z" ,
"description" : "ibank.dll - Xchecked via VT: a6c032b192a8edef236b30f13bbff204" ,
"pattern" : "[file:hashes.SHA256 = 'fdb92cf1c168cabd8d25299e7a7fac2a1af80da51d5977433f5b1e00d84a12ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3712-59dc-4956-80f7-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:14.000Z" ,
"modified" : "2016-06-01T19:27:14.000Z" ,
"description" : "ibank.dll - Xchecked via VT: a6c032b192a8edef236b30f13bbff204" ,
"pattern" : "[file:hashes.SHA1 = '550c531ce140e374f2b9d0dd34385fa387dcecaa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3712-bc1c-42c3-a004-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:14.000Z" ,
"modified" : "2016-06-01T19:27:14.000Z" ,
"first_observed" : "2016-06-01T19:27:14Z" ,
"last_observed" : "2016-06-01T19:27:14Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3712-bc1c-42c3-a004-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3712-bc1c-42c3-a004-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/fdb92cf1c168cabd8d25299e7a7fac2a1af80da51d5977433f5b1e00d84a12ec/analysis/1448994203/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3712-d2d8-43fe-9f3b-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:14.000Z" ,
"modified" : "2016-06-01T19:27:14.000Z" ,
"description" : "mini - Xchecked via VT: f5022eae8004458174c10cb80cce5317" ,
"pattern" : "[file:hashes.SHA256 = 'ce1c1976ba1e91eeb9d73f04b33b8032ef8572598063eb57da4d81517fc9389f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3712-7054-487d-a64a-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:14.000Z" ,
"modified" : "2016-06-01T19:27:14.000Z" ,
"description" : "mini - Xchecked via VT: f5022eae8004458174c10cb80cce5317" ,
"pattern" : "[file:hashes.SHA1 = 'd6faa77e9021b9429d04c0582010fc7146bd63b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3712-230c-4b42-b048-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:14.000Z" ,
"modified" : "2016-06-01T19:27:14.000Z" ,
"first_observed" : "2016-06-01T19:27:14Z" ,
"last_observed" : "2016-06-01T19:27:14Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3712-230c-4b42-b048-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3712-230c-4b42-b048-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/ce1c1976ba1e91eeb9d73f04b33b8032ef8572598063eb57da4d81517fc9389f/analysis/1425258524/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3713-154c-4a09-83a3-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:15.000Z" ,
"modified" : "2016-06-01T19:27:15.000Z" ,
"description" : "mini - Xchecked via VT: e9da19440fca6f0747bdee8c7985917f" ,
"pattern" : "[file:hashes.SHA256 = '607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3713-9f40-42d8-a3c9-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:15.000Z" ,
"modified" : "2016-06-01T19:27:15.000Z" ,
"description" : "mini - Xchecked via VT: e9da19440fca6f0747bdee8c7985917f" ,
"pattern" : "[file:hashes.SHA1 = '05446c67ff8c0baffa969fc5cc4dd62edcad46f5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3713-d628-4a92-bf99-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:15.000Z" ,
"modified" : "2016-06-01T19:27:15.000Z" ,
"first_observed" : "2016-06-01T19:27:15Z" ,
"last_observed" : "2016-06-01T19:27:15Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3713-d628-4a92-bf99-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3713-d628-4a92-bf99-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b/analysis/1464792130/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3713-9590-4e27-b1d5-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:15.000Z" ,
"modified" : "2016-06-01T19:27:15.000Z" ,
"description" : "mini - Xchecked via VT: e9cab9097e7f847b388b1c27425d6e9a" ,
"pattern" : "[file:hashes.SHA256 = '79c6599e73a1b2016081c216674fefb204df315a123776bc8ab3d7274c10f790']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3713-504c-401f-ae58-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:15.000Z" ,
"modified" : "2016-06-01T19:27:15.000Z" ,
"description" : "mini - Xchecked via VT: e9cab9097e7f847b388b1c27425d6e9a" ,
"pattern" : "[file:hashes.SHA1 = '0cc0b7aa2e39d4575a18a3b02966f1f6ca32722d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3713-0444-48a0-a52b-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:15.000Z" ,
"modified" : "2016-06-01T19:27:15.000Z" ,
"first_observed" : "2016-06-01T19:27:15Z" ,
"last_observed" : "2016-06-01T19:27:15Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3713-0444-48a0-a52b-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3713-0444-48a0-a52b-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/79c6599e73a1b2016081c216674fefb204df315a123776bc8ab3d7274c10f790/analysis/1449068959/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3714-4be0-462b-8e7c-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:16.000Z" ,
"modified" : "2016-06-01T19:27:16.000Z" ,
"description" : "mini - Xchecked via VT: e305b5d37b04a2d5d9aa8499bbf88940" ,
"pattern" : "[file:hashes.SHA256 = '5a37aa0e6ff79c90837052ff429a0c6361b59f3ba0b30733212d720467a17e04']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3714-04cc-4a52-adc6-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:16.000Z" ,
"modified" : "2016-06-01T19:27:16.000Z" ,
"description" : "mini - Xchecked via VT: e305b5d37b04a2d5d9aa8499bbf88940" ,
"pattern" : "[file:hashes.SHA1 = '9df4c611a01ff352e6516bce78eedb33ddeaa782']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3714-8e68-4f32-a906-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:16.000Z" ,
"modified" : "2016-06-01T19:27:16.000Z" ,
"first_observed" : "2016-06-01T19:27:16Z" ,
"last_observed" : "2016-06-01T19:27:16Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3714-8e68-4f32-a906-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3714-8e68-4f32-a906-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/5a37aa0e6ff79c90837052ff429a0c6361b59f3ba0b30733212d720467a17e04/analysis/1447115062/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3714-7b44-46a4-aa25-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:16.000Z" ,
"modified" : "2016-06-01T19:27:16.000Z" ,
"description" : "mini - Xchecked via VT: e006469ea4b34c757fd1aa38e6bdaa72" ,
"pattern" : "[file:hashes.SHA256 = '7aa4371015d484e8d27aa32297184853acb7c7bea7711beac396a73c82cfaa64']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3714-dc44-40c7-b8e3-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:16.000Z" ,
"modified" : "2016-06-01T19:27:16.000Z" ,
"description" : "mini - Xchecked via VT: e006469ea4b34c757fd1aa38e6bdaa72" ,
"pattern" : "[file:hashes.SHA1 = '0fe481b4c8c12003b2af3c08d9e127044c6d8197']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3714-5124-4259-bf2d-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:16.000Z" ,
"modified" : "2016-06-01T19:27:16.000Z" ,
"first_observed" : "2016-06-01T19:27:16Z" ,
"last_observed" : "2016-06-01T19:27:16Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3714-5124-4259-bf2d-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3714-5124-4259-bf2d-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/7aa4371015d484e8d27aa32297184853acb7c7bea7711beac396a73c82cfaa64/analysis/1444892452/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3715-0344-4573-8920-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:17.000Z" ,
"modified" : "2016-06-01T19:27:17.000Z" ,
"description" : "mini - Xchecked via VT: d0b4c0b43f539384bbdc103182e7ff42" ,
"pattern" : "[file:hashes.SHA256 = '51cc680c8889a1210e829df23ce0cbae5c4c9d61fafa0c85adc35b262e509a52']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3715-0fd4-4a9f-b632-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:17.000Z" ,
"modified" : "2016-06-01T19:27:17.000Z" ,
"description" : "mini - Xchecked via VT: d0b4c0b43f539384bbdc103182e7ff42" ,
"pattern" : "[file:hashes.SHA1 = '1a5a66b606f4d34f9a612cdf2b23b39f1db2f13d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3715-1220-4311-86c9-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:17.000Z" ,
"modified" : "2016-06-01T19:27:17.000Z" ,
"first_observed" : "2016-06-01T19:27:17Z" ,
"last_observed" : "2016-06-01T19:27:17Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3715-1220-4311-86c9-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3715-1220-4311-86c9-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/51cc680c8889a1210e829df23ce0cbae5c4c9d61fafa0c85adc35b262e509a52/analysis/1440087528/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3715-1694-4a51-b3e2-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:17.000Z" ,
"modified" : "2016-06-01T19:27:17.000Z" ,
"description" : "mini - Xchecked via VT: c461706e084880a9f0409e3a6b1f1ecd" ,
"pattern" : "[file:hashes.SHA256 = 'f998e96c3d8241c7b44b39369f6b08962c33a2a8a3b92d005e42c22caf7a52d5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3715-7654-46f1-acae-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:17.000Z" ,
"modified" : "2016-06-01T19:27:17.000Z" ,
"description" : "mini - Xchecked via VT: c461706e084880a9f0409e3a6b1f1ecd" ,
"pattern" : "[file:hashes.SHA1 = '590dc34726b769ffec2fefcb6c7adfa12577d428']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3715-a540-4403-8b03-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:17.000Z" ,
"modified" : "2016-06-01T19:27:17.000Z" ,
"first_observed" : "2016-06-01T19:27:17Z" ,
"last_observed" : "2016-06-01T19:27:17Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3715-a540-4403-8b03-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3715-a540-4403-8b03-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/f998e96c3d8241c7b44b39369f6b08962c33a2a8a3b92d005e42c22caf7a52d5/analysis/1425102122/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3716-b01c-42fa-9200-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:18.000Z" ,
"modified" : "2016-06-01T19:27:18.000Z" ,
"description" : "mini - Xchecked via VT: 85b66824a7f2787e87079903f0adebdf" ,
"pattern" : "[file:hashes.SHA256 = '3a01a354b0e704a78ab22c2b45eb1feb2e06350fd057040937fc16c9640cb41b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3716-7bc8-4050-b2eb-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:18.000Z" ,
"modified" : "2016-06-01T19:27:18.000Z" ,
"description" : "mini - Xchecked via VT: 85b66824a7f2787e87079903f0adebdf" ,
"pattern" : "[file:hashes.SHA1 = 'bb41a1a2b92eec2ed448a598561351c1e38b17b8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3716-d86c-4cfb-8549-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:18.000Z" ,
"modified" : "2016-06-01T19:27:18.000Z" ,
"first_observed" : "2016-06-01T19:27:18Z" ,
"last_observed" : "2016-06-01T19:27:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3716-d86c-4cfb-8549-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3716-d86c-4cfb-8549-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/3a01a354b0e704a78ab22c2b45eb1feb2e06350fd057040937fc16c9640cb41b/analysis/1445871158/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3716-5db0-4532-97de-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:18.000Z" ,
"modified" : "2016-06-01T19:27:18.000Z" ,
"description" : "mini - Xchecked via VT: 6548d3304e5da11ed2bed0551c3d6922" ,
"pattern" : "[file:hashes.SHA256 = 'b895aa0c449901481ea50171e6a8d5bef5b9531252611a4433dba00cf4487c54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3716-c6a4-4360-bd4d-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:18.000Z" ,
"modified" : "2016-06-01T19:27:18.000Z" ,
"description" : "mini - Xchecked via VT: 6548d3304e5da11ed2bed0551c3d6922" ,
"pattern" : "[file:hashes.SHA1 = '5e30bba7651ce919d6fd93cef365bcd492090f14']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3716-cba4-424c-b9d6-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:18.000Z" ,
"modified" : "2016-06-01T19:27:18.000Z" ,
"first_observed" : "2016-06-01T19:27:18Z" ,
"last_observed" : "2016-06-01T19:27:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3716-cba4-424c-b9d6-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3716-cba4-424c-b9d6-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/b895aa0c449901481ea50171e6a8d5bef5b9531252611a4433dba00cf4487c54/analysis/1464735155/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3717-6058-46cb-b329-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:19.000Z" ,
"modified" : "2016-06-01T19:27:19.000Z" ,
"description" : "mini - Xchecked via VT: 36db67ccadc59d27cd4adf5f0944330d" ,
"pattern" : "[file:hashes.SHA256 = 'e5e815354870289991aed1523bbb48d23d5c0a9491cf781914ae27cc67cc9c12']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3717-c13c-4d0f-96fd-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:19.000Z" ,
"modified" : "2016-06-01T19:27:19.000Z" ,
"description" : "mini - Xchecked via VT: 36db67ccadc59d27cd4adf5f0944330d" ,
"pattern" : "[file:hashes.SHA1 = '51e0da300047d9925710806163ed5e318a84e3b9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3717-ca98-49a2-b654-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:19.000Z" ,
"modified" : "2016-06-01T19:27:19.000Z" ,
"first_observed" : "2016-06-01T19:27:19Z" ,
"last_observed" : "2016-06-01T19:27:19Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3717-ca98-49a2-b654-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3717-ca98-49a2-b654-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/e5e815354870289991aed1523bbb48d23d5c0a9491cf781914ae27cc67cc9c12/analysis/1458048090/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3717-692c-4098-9822-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:19.000Z" ,
"modified" : "2016-06-01T19:27:19.000Z" ,
"description" : "mini - Xchecked via VT: 3387e820f0f67ff00cf0c6d0f5ea2b75" ,
"pattern" : "[file:hashes.SHA256 = '7d214f5f0065f0c0c0a6c22e9f4b9c5211e86e15ca3fe6eeb9e53d521b9118d8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3717-c25c-40d9-bd0a-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:19.000Z" ,
"modified" : "2016-06-01T19:27:19.000Z" ,
"description" : "mini - Xchecked via VT: 3387e820f0f67ff00cf0c6d0f5ea2b75" ,
"pattern" : "[file:hashes.SHA1 = '4ddb5a210d80635f9aa543337af662c01e2a8275']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3717-8824-4571-a417-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:19.000Z" ,
"modified" : "2016-06-01T19:27:19.000Z" ,
"first_observed" : "2016-06-01T19:27:19Z" ,
"last_observed" : "2016-06-01T19:27:19Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3717-8824-4571-a417-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3717-8824-4571-a417-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/7d214f5f0065f0c0c0a6c22e9f4b9c5211e86e15ca3fe6eeb9e53d521b9118d8/analysis/1442001535/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3718-2420-4139-a231-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:20.000Z" ,
"modified" : "2016-06-01T19:27:20.000Z" ,
"description" : "mini - Xchecked via VT: 2f3259f58a33176d938cbd9bc342fddd" ,
"pattern" : "[file:hashes.SHA256 = '56b931219a9705de9b7f6075a6437f906d6c6c71be37f57259d7040eeb02b75d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3718-eefc-48c6-b20d-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:20.000Z" ,
"modified" : "2016-06-01T19:27:20.000Z" ,
"description" : "mini - Xchecked via VT: 2f3259f58a33176d938cbd9bc342fddd" ,
"pattern" : "[file:hashes.SHA1 = '79403e2f7c808a977dd087ce8bf63f95ff7fd182']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3718-faa8-4b8c-aa4d-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:20.000Z" ,
"modified" : "2016-06-01T19:27:20.000Z" ,
"first_observed" : "2016-06-01T19:27:20Z" ,
"last_observed" : "2016-06-01T19:27:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3718-faa8-4b8c-aa4d-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3718-faa8-4b8c-aa4d-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/56b931219a9705de9b7f6075a6437f906d6c6c71be37f57259d7040eeb02b75d/analysis/1459933447/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3718-1a68-436c-b666-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:20.000Z" ,
"modified" : "2016-06-01T19:27:20.000Z" ,
"description" : "mini - Xchecked via VT: 185c8ffa99ba1e9b06d1a5effae7b842" ,
"pattern" : "[file:hashes.SHA256 = 'eb4d6a9e52c8a278c14c2cb51f7928d1df9dd93763e046159d34b4bf593e7415']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--574f3718-d260-4817-8f62-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:20.000Z" ,
"modified" : "2016-06-01T19:27:20.000Z" ,
"description" : "mini - Xchecked via VT: 185c8ffa99ba1e9b06d1a5effae7b842" ,
"pattern" : "[file:hashes.SHA1 = '185d9a2978cf70fb94f6c33064fefacb2ecabceb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-01T19:27:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--574f3718-7bac-4d99-9325-9bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-01T19:27:20.000Z" ,
"modified" : "2016-06-01T19:27:20.000Z" ,
"first_observed" : "2016-06-01T19:27:20Z" ,
"last_observed" : "2016-06-01T19:27:20Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--574f3718-7bac-4d99-9325-9bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--574f3718-7bac-4d99-9325-9bee02de0b81" ,
"value" : "https://www.virustotal.com/file/eb4d6a9e52c8a278c14c2cb51f7928d1df9dd93763e046159d34b4bf593e7415/analysis/1440398179/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}