misp-circl-feed/feeds/circl/misp/574efbb3-e924-4d54-a701-43a1950d210f.json

3542 lines
161 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--574efbb3-e924-4d54-a701-43a1950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:12.000Z",
"modified": "2016-06-01T19:27:12.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--574efbb3-e924-4d54-a701-43a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:12.000Z",
"modified": "2016-06-01T19:27:12.000Z",
"name": "OSINT - \u00d0\u2018\u00d0\u00b0\u00d0\u00bd\u00d0\u00ba\u00d0\u00be\u00d0\u00b2\u00d1\u0081\u00d0\u00ba\u00d0\u00b8\u00d0\u00b9 \u00d1\u201a\u00d1\u20ac\u00d0\u00be\u00d1\u008f\u00d0\u00bd\u00d0\u00b5\u00d1\u2020 Lurk: \u00d1\u0081\u00d0\u00bf\u00d0\u00b5\u00d1\u2020\u00d0\u00b8\u00d0\u00b0\u00d0\u00bb\u00d1\u0152\u00d0\u00bd\u00d0\u00be \u00d0\u00b4\u00d0\u00bb\u00d1\u008f \u00d0\u00a0\u00d0\u00be\u00d1\u0081\u00d1\u0081\u00d0\u00b8\u00d0\u00b8 (Banking Trojan Lurk: specially for Russia)",
"published": "2016-06-01T19:42:23Z",
"object_refs": [
"observed-data--574efbd4-f9b8-4aa2-b31f-48f1950d210f",
"url--574efbd4-f9b8-4aa2-b31f-48f1950d210f",
"indicator--574efbff-2ef4-45f6-b455-4990950d210f",
"indicator--574efbff-994c-473b-b7a1-4ae0950d210f",
"indicator--574efc00-c2e8-4190-9e4c-40e8950d210f",
"indicator--574efc00-a578-4a72-bb53-482f950d210f",
"indicator--574efc00-57fc-4cf3-9f44-4f4e950d210f",
"indicator--574efc01-303c-4f04-89f6-4426950d210f",
"indicator--574efc01-d3a0-4ffe-9c5c-4bb1950d210f",
"indicator--574efc02-d4e4-4068-92b2-4b78950d210f",
"indicator--574efc02-3138-4e80-8bb2-49c4950d210f",
"indicator--574efc02-63e0-467c-a215-4407950d210f",
"indicator--574efc03-3734-473e-9db2-4f11950d210f",
"indicator--574efc03-3560-4486-941b-4b93950d210f",
"indicator--574efc03-3864-4d45-814f-4ec1950d210f",
"indicator--574efc04-10f4-4f06-9a2c-43f1950d210f",
"indicator--574efc04-21b0-4079-bb67-45a8950d210f",
"indicator--574efc05-bf10-44c2-aa32-4efc950d210f",
"indicator--574efc05-45e8-4d65-ba1c-480d950d210f",
"indicator--574efc05-882c-4ce1-89fb-45ec950d210f",
"indicator--574efc06-4430-411c-996e-4641950d210f",
"indicator--574efc06-47c8-49b5-ab5b-43a3950d210f",
"indicator--574efc07-9e1c-42db-a479-4634950d210f",
"indicator--574efc07-b754-4de4-97b9-4c1d950d210f",
"indicator--574efc2b-1b88-40a7-a601-42a7950d210f",
"indicator--574f35bf-19ac-45a6-bc81-4958950d210f",
"indicator--574f35bf-5010-4a41-8d93-4b73950d210f",
"indicator--574f35c0-6688-4bea-885c-4958950d210f",
"indicator--574f35c0-0fb0-4ac7-84c0-4dcc950d210f",
"indicator--574f35c0-1cac-472f-8b82-4799950d210f",
"indicator--574f35c0-8b00-4f4e-aae7-483b950d210f",
"indicator--574f35c0-8268-4442-8d81-4bd5950d210f",
"indicator--574f35c0-28ac-4651-bb0d-4f24950d210f",
"indicator--574f35c1-b764-4f09-994c-4126950d210f",
"indicator--574f35c1-eb58-4dc5-b57d-48d3950d210f",
"indicator--574f35c1-7cf0-4c4b-a535-43c3950d210f",
"indicator--574f35c1-d868-49f8-bca7-4e28950d210f",
"indicator--574f35c1-7a28-4a02-8529-44c3950d210f",
"indicator--574f35c2-c4e8-42e2-a102-44cd950d210f",
"indicator--574f35c2-f084-4457-b58d-4f2a950d210f",
"indicator--574f35c2-3a8c-4fe0-968d-4ea5950d210f",
"indicator--574f35d1-128c-470f-a915-4039950d210f",
"indicator--574f35e0-d160-4649-ad3d-4911950d210f",
"indicator--574f35e1-8cbc-40c9-afa0-49eb950d210f",
"indicator--574f35f1-c740-420e-a270-4b22950d210f",
"indicator--574f35f1-4614-4a5f-8901-4b52950d210f",
"indicator--574f35f1-2ac4-4ba2-b223-487a950d210f",
"indicator--574f35f1-3200-4f87-b837-4923950d210f",
"indicator--574f360b-ac64-421d-853f-3834950d210f",
"indicator--574f360b-fc0c-4304-b0e4-3834950d210f",
"indicator--574f360b-985c-46fc-82e3-3834950d210f",
"indicator--574f361b-4e08-4b0d-970b-45c0950d210f",
"indicator--574f361b-f084-4bbc-b9d4-4f20950d210f",
"indicator--574f365c-3784-4835-81bf-9bee950d210f",
"indicator--574f365d-d9b8-4fd3-a62f-9bee950d210f",
"indicator--574f365d-dc1c-41b7-988c-9bee950d210f",
"indicator--574f365d-db00-4686-a808-9bee950d210f",
"indicator--574f365d-9db4-4f72-a516-9bee950d210f",
"indicator--574f365d-af2c-413c-9b91-9bee950d210f",
"indicator--574f365e-96a4-4dbd-854b-9bee950d210f",
"indicator--574f365e-9204-40a5-a8c7-9bee950d210f",
"indicator--574f365e-85b8-4139-879f-9bee950d210f",
"indicator--574f365e-e6e8-47cf-86e4-9bee950d210f",
"indicator--574f365e-83e8-468a-b709-9bee950d210f",
"indicator--574f365f-2f90-4390-b60f-9bee950d210f",
"indicator--574f365f-1c60-45e9-abfb-9bee950d210f",
"indicator--574f365f-2a9c-450d-a3ff-9bee950d210f",
"indicator--574f365f-f604-40f2-9ff6-9bee950d210f",
"indicator--574f36a8-4628-4ceb-8f71-483c950d210f",
"indicator--574f36a9-c108-484f-b638-450b950d210f",
"indicator--574f36a9-e55c-4242-9415-485d950d210f",
"indicator--574f36a9-5270-41fb-ba5d-474b950d210f",
"indicator--574f36a9-b548-49fa-b8fe-4022950d210f",
"indicator--574f36a9-a0ac-41ee-a1f3-4cf9950d210f",
"indicator--574f36a9-2f0c-42d3-8b04-4abb950d210f",
"indicator--574f36aa-b4d0-4940-93b3-45a5950d210f",
"indicator--574f36aa-f5c4-4955-9c09-41be950d210f",
"indicator--574f36aa-0570-45cc-8930-4bcb950d210f",
"indicator--574f36aa-ea00-4f8d-ba2d-4793950d210f",
"indicator--574f36aa-6668-4576-9fc9-481a950d210f",
"indicator--574f36aa-4ecc-4266-8d4f-49df950d210f",
"indicator--574f36ab-01a8-4cb5-91dc-4ee0950d210f",
"indicator--574f36ab-4d24-4350-bed4-4f72950d210f",
"indicator--574f36ab-55a0-489c-acf0-4be1950d210f",
"indicator--574f36ab-825c-455b-bd9b-4fb0950d210f",
"indicator--574f36ab-2204-459c-a10e-40fb950d210f",
"indicator--574f36ab-b518-415f-8162-4015950d210f",
"indicator--574f36ac-f478-4c48-960f-48ca950d210f",
"observed-data--574f36c5-6f2c-4b7d-ace5-4be6950d210f",
"windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f",
"observed-data--574f36c6-39c8-4b44-b2ed-463d950d210f",
"windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f",
"observed-data--574f36c6-c4d8-4d45-9bb1-4717950d210f",
"windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f",
"observed-data--574f36c6-f690-4b74-a78a-40d8950d210f",
"windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f",
"indicator--574f3711-4f90-44e0-ba54-9bee02de0b81",
"indicator--574f3711-1b5c-4f61-8e1f-9bee02de0b81",
"observed-data--574f3711-dfb0-4a01-840a-9bee02de0b81",
"url--574f3711-dfb0-4a01-840a-9bee02de0b81",
"indicator--574f3711-1ab8-4aae-8df6-9bee02de0b81",
"indicator--574f3711-7518-456d-847e-9bee02de0b81",
"observed-data--574f3711-6b50-4350-9da8-9bee02de0b81",
"url--574f3711-6b50-4350-9da8-9bee02de0b81",
"indicator--574f3712-96a0-4400-b793-9bee02de0b81",
"indicator--574f3712-59dc-4956-80f7-9bee02de0b81",
"observed-data--574f3712-bc1c-42c3-a004-9bee02de0b81",
"url--574f3712-bc1c-42c3-a004-9bee02de0b81",
"indicator--574f3712-d2d8-43fe-9f3b-9bee02de0b81",
"indicator--574f3712-7054-487d-a64a-9bee02de0b81",
"observed-data--574f3712-230c-4b42-b048-9bee02de0b81",
"url--574f3712-230c-4b42-b048-9bee02de0b81",
"indicator--574f3713-154c-4a09-83a3-9bee02de0b81",
"indicator--574f3713-9f40-42d8-a3c9-9bee02de0b81",
"observed-data--574f3713-d628-4a92-bf99-9bee02de0b81",
"url--574f3713-d628-4a92-bf99-9bee02de0b81",
"indicator--574f3713-9590-4e27-b1d5-9bee02de0b81",
"indicator--574f3713-504c-401f-ae58-9bee02de0b81",
"observed-data--574f3713-0444-48a0-a52b-9bee02de0b81",
"url--574f3713-0444-48a0-a52b-9bee02de0b81",
"indicator--574f3714-4be0-462b-8e7c-9bee02de0b81",
"indicator--574f3714-04cc-4a52-adc6-9bee02de0b81",
"observed-data--574f3714-8e68-4f32-a906-9bee02de0b81",
"url--574f3714-8e68-4f32-a906-9bee02de0b81",
"indicator--574f3714-7b44-46a4-aa25-9bee02de0b81",
"indicator--574f3714-dc44-40c7-b8e3-9bee02de0b81",
"observed-data--574f3714-5124-4259-bf2d-9bee02de0b81",
"url--574f3714-5124-4259-bf2d-9bee02de0b81",
"indicator--574f3715-0344-4573-8920-9bee02de0b81",
"indicator--574f3715-0fd4-4a9f-b632-9bee02de0b81",
"observed-data--574f3715-1220-4311-86c9-9bee02de0b81",
"url--574f3715-1220-4311-86c9-9bee02de0b81",
"indicator--574f3715-1694-4a51-b3e2-9bee02de0b81",
"indicator--574f3715-7654-46f1-acae-9bee02de0b81",
"observed-data--574f3715-a540-4403-8b03-9bee02de0b81",
"url--574f3715-a540-4403-8b03-9bee02de0b81",
"indicator--574f3716-b01c-42fa-9200-9bee02de0b81",
"indicator--574f3716-7bc8-4050-b2eb-9bee02de0b81",
"observed-data--574f3716-d86c-4cfb-8549-9bee02de0b81",
"url--574f3716-d86c-4cfb-8549-9bee02de0b81",
"indicator--574f3716-5db0-4532-97de-9bee02de0b81",
"indicator--574f3716-c6a4-4360-bd4d-9bee02de0b81",
"observed-data--574f3716-cba4-424c-b9d6-9bee02de0b81",
"url--574f3716-cba4-424c-b9d6-9bee02de0b81",
"indicator--574f3717-6058-46cb-b329-9bee02de0b81",
"indicator--574f3717-c13c-4d0f-96fd-9bee02de0b81",
"observed-data--574f3717-ca98-49a2-b654-9bee02de0b81",
"url--574f3717-ca98-49a2-b654-9bee02de0b81",
"indicator--574f3717-692c-4098-9822-9bee02de0b81",
"indicator--574f3717-c25c-40d9-bd0a-9bee02de0b81",
"observed-data--574f3717-8824-4571-a417-9bee02de0b81",
"url--574f3717-8824-4571-a417-9bee02de0b81",
"indicator--574f3718-2420-4139-a231-9bee02de0b81",
"indicator--574f3718-eefc-48c6-b20d-9bee02de0b81",
"observed-data--574f3718-faa8-4b8c-aa4d-9bee02de0b81",
"url--574f3718-faa8-4b8c-aa4d-9bee02de0b81",
"indicator--574f3718-1a68-436c-b666-9bee02de0b81",
"indicator--574f3718-d260-4817-8f62-9bee02de0b81",
"observed-data--574f3718-7bac-4d99-9325-9bee02de0b81",
"url--574f3718-7bac-4d99-9325-9bee02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:topic=\"finance\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574efbd4-f9b8-4aa2-b31f-48f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:14:28.000Z",
"modified": "2016-06-01T15:14:28.000Z",
"first_observed": "2016-06-01T15:14:28Z",
"last_observed": "2016-06-01T15:14:28Z",
"number_observed": 1,
"object_refs": [
"url--574efbd4-f9b8-4aa2-b31f-48f1950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574efbd4-f9b8-4aa2-b31f-48f1950d210f",
"value": "https://securelist.ru/featured/28708/bankovskij-troyanec-lurk-specialno-dlya-rossii/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efbff-2ef4-45f6-b455-4990950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:11.000Z",
"modified": "2016-06-01T15:15:11.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = '3d4vzfh68.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efbff-994c-473b-b7a1-4ae0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:11.000Z",
"modified": "2016-06-01T15:15:11.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = '43xkchcoljx.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc00-c2e8-4190-9e4c-40e8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:12.000Z",
"modified": "2016-06-01T15:15:12.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'carlton69f.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc00-a578-4a72-bb53-482f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:12.000Z",
"modified": "2016-06-01T15:15:12.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'diameter40i.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc00-57fc-4cf3-9f44-4f4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:12.000Z",
"modified": "2016-06-01T15:15:12.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'elijah69valery.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc01-303c-4f04-89f6-4426950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:13.000Z",
"modified": "2016-06-01T15:15:13.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'embassy96k.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc01-d3a0-4ffe-9c5c-4bb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:13.000Z",
"modified": "2016-06-01T15:15:13.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'evince76lambert.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc02-d4e4-4068-92b2-4b78950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:14.000Z",
"modified": "2016-06-01T15:15:14.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'globe79stanhope.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc02-3138-4e80-8bb2-49c4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:14.000Z",
"modified": "2016-06-01T15:15:14.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'groom58queasy.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc02-63e0-467c-a215-4407950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:14.000Z",
"modified": "2016-06-01T15:15:14.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'hackle14strand.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc03-3734-473e-9db2-4f11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:15.000Z",
"modified": "2016-06-01T15:15:15.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'hotbed89internal.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc03-3560-4486-941b-4b93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:15.000Z",
"modified": "2016-06-01T15:15:15.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'mechanic17a.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc03-3864-4d45-814f-4ec1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:15.000Z",
"modified": "2016-06-01T15:15:15.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'paper17cried.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc04-10f4-4f06-9a2c-43f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:16.000Z",
"modified": "2016-06-01T15:15:16.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'plaguey42u.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc04-21b0-4079-bb67-45a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:16.000Z",
"modified": "2016-06-01T15:15:16.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'possum89hilarity.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc05-bf10-44c2-aa32-4efc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:17.000Z",
"modified": "2016-06-01T15:15:17.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'rhythmic81o.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc05-45e8-4d65-ba1c-480d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:17.000Z",
"modified": "2016-06-01T15:15:17.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'ri493hfkzrb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc05-882c-4ce1-89fb-45ec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:17.000Z",
"modified": "2016-06-01T15:15:17.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'roomful44e.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc06-4430-411c-996e-4641950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:18.000Z",
"modified": "2016-06-01T15:15:18.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 's8f40ocjv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc06-47c8-49b5-ab5b-43a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:18.000Z",
"modified": "2016-06-01T15:15:18.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'scale57banana.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc07-9e1c-42db-a479-4634950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:19.000Z",
"modified": "2016-06-01T15:15:19.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'wing97pyroxene.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc07-b754-4de4-97b9-4c1d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:19.000Z",
"modified": "2016-06-01T15:15:19.000Z",
"description": "\u00d0\u00a1\u00d0\u00b5\u00d1\u20ac\u00d0\u00b2\u00d0\u00b5\u00d1\u20ac\u00d0\u00b0 \u00d1\u0192\u00d0\u00bf\u00d1\u20ac\u00d0\u00b0\u00d0\u00b2\u00d0\u00bb\u00d0\u00b5\u00d0\u00bd\u00d0\u00b8\u00d1\u008f - C2 server",
"pattern": "[domain-name:value = 'yf3zf90kz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574efc2b-1b88-40a7-a601-42a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T15:15:55.000Z",
"modified": "2016-06-01T15:15:55.000Z",
"pattern": "[alert tcp $HOME_NET any -> $EXTERNAL_NET $HTTP_PORTS (msg:\u00c2\u00bbBot.Lurk.HTTP.C&C\u00c2\u00bb; flow:established,to_server; content:\u00c2\u00bbPOST\u00c2\u00bb; pcre:\u00c2\u00bb/\\?hl=[a-z]+&source=[^\\r\\n&]+&q=[^\\r\\n&]+/msi\u00c2\u00bb;)]",
"pattern_type": "snort",
"pattern_version": "2.1",
"valid_from": "2016-06-01T15:15:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"snort\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35bf-19ac-45a6-bc81-4958950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:35.000Z",
"modified": "2016-06-01T19:21:35.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '185c8ffa99ba1e9b06d1a5effae7b842']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35bf-5010-4a41-8d93-4b73950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:35.000Z",
"modified": "2016-06-01T19:21:35.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '2f3259f58a33176d938cbd9bc342fddd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c0-6688-4bea-885c-4958950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:36.000Z",
"modified": "2016-06-01T19:21:36.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '217dab08b62b6f892a7d33e05e7f788c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c0-0fb0-4ac7-84c0-4dcc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:36.000Z",
"modified": "2016-06-01T19:21:36.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '3387e820f0f67ff00cf0c6d0f5ea2b75']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c0-1cac-472f-8b82-4799950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:36.000Z",
"modified": "2016-06-01T19:21:36.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '36db67ccadc59d27cd4adf5f0944330d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c0-8b00-4f4e-aae7-483b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:36.000Z",
"modified": "2016-06-01T19:21:36.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '6548d3304e5da11ed2bed0551c3d6922']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c0-8268-4442-8d81-4bd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:36.000Z",
"modified": "2016-06-01T19:21:36.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '72d272a8198f1e5849207bc03024922d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c0-28ac-4651-bb0d-4f24950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:36.000Z",
"modified": "2016-06-01T19:21:36.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = '85b66824a7f2787e87079903f0adebdf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c1-b764-4f09-994c-4126950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:37.000Z",
"modified": "2016-06-01T19:21:37.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'b4ffad760a52760fbd4ce25d7422a07b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c1-eb58-4dc5-b57d-48d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:37.000Z",
"modified": "2016-06-01T19:21:37.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'c461706e084880a9f0409e3a6b1f1ecd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c1-7cf0-4c4b-a535-43c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:37.000Z",
"modified": "2016-06-01T19:21:37.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'd0b4c0b43f539384bbdc103182e7ff42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c1-d868-49f8-bca7-4e28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:37.000Z",
"modified": "2016-06-01T19:21:37.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'e006469ea4b34c757fd1aa38e6bdaa72']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c1-7a28-4a02-8529-44c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:37.000Z",
"modified": "2016-06-01T19:21:37.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'e305b5d37b04a2d5d9aa8499bbf88940']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c2-c4e8-42e2-a102-44cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:38.000Z",
"modified": "2016-06-01T19:21:38.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'e9cab9097e7f847b388b1c27425d6e9a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c2-f084-4457-b58d-4f2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:38.000Z",
"modified": "2016-06-01T19:21:38.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'e9da19440fca6f0747bdee8c7985917f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35c2-3a8c-4fe0-968d-4ea5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:38.000Z",
"modified": "2016-06-01T19:21:38.000Z",
"description": "mini",
"pattern": "[file:hashes.MD5 = 'f5022eae8004458174c10cb80cce5317']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35d1-128c-470f-a915-4039950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:21:53.000Z",
"modified": "2016-06-01T19:21:53.000Z",
"description": "prescanner",
"pattern": "[file:hashes.MD5 = 'a802968403162f6979d72e04597b6d1f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:21:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35e0-d160-4649-ad3d-4911950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:08.000Z",
"modified": "2016-06-01T19:22:08.000Z",
"description": "core",
"pattern": "[file:hashes.MD5 = 'c15e18aff4cdc76e99c7cb34d4782dda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35e1-8cbc-40c9-afa0-49eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:09.000Z",
"modified": "2016-06-01T19:22:09.000Z",
"description": "core",
"pattern": "[file:hashes.MD5 = '8643e70f8c639c6a9db527285aa3bdf7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35f1-c740-420e-a270-4b22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:25.000Z",
"modified": "2016-06-01T19:22:25.000Z",
"description": "ibank.dll",
"pattern": "[file:hashes.MD5 = 'a6c032b192a8edef236b30f13bbff204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35f1-4614-4a5f-8901-4b52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:25.000Z",
"modified": "2016-06-01T19:22:25.000Z",
"description": "ibank.dll",
"pattern": "[file:hashes.MD5 = '4cb6ca447c130554ff16787a56a1e278']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35f1-2ac4-4ba2-b223-487a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:25.000Z",
"modified": "2016-06-01T19:22:25.000Z",
"description": "ibank.dll",
"pattern": "[file:hashes.MD5 = 'bfe73de645c4d65d15228bd9a3eba1b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f35f1-3200-4f87-b837-4923950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:25.000Z",
"modified": "2016-06-01T19:22:25.000Z",
"description": "ibank.dll",
"pattern": "[file:hashes.MD5 = 'cc891b715c4d81143491164bff23bf27']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f360b-ac64-421d-853f-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:51.000Z",
"modified": "2016-06-01T19:22:51.000Z",
"description": "module_vnc",
"pattern": "[file:hashes.MD5 = '601f0691d03cd81d94ad7be13a10a4db']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f360b-fc0c-4304-b0e4-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:51.000Z",
"modified": "2016-06-01T19:22:51.000Z",
"description": "module_vnc",
"pattern": "[file:hashes.MD5 = '6e5adf6246c5f8a4d5f4f6bbfc5033b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f360b-985c-46fc-82e3-3834950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:22:51.000Z",
"modified": "2016-06-01T19:22:51.000Z",
"description": "module_vnc",
"pattern": "[file:hashes.MD5 = '78edd93cea9bedb90e55de6d71cea9c4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f361b-4e08-4b0d-970b-45c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:23:07.000Z",
"modified": "2016-06-01T19:23:07.000Z",
"description": "w3bank.dll",
"pattern": "[file:hashes.MD5 = '1b84e30d4df8675dc971ccb9bee7fdf5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f361b-f084-4bbc-b9d4-4f20950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:23:07.000Z",
"modified": "2016-06-01T19:23:07.000Z",
"description": "w3bank.dll",
"pattern": "[file:hashes.MD5 = '3a078d5d595b0f41ad74e1d5a05f7896']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:23:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365c-3784-4835-81bf-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:12.000Z",
"modified": "2016-06-01T19:24:12.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ddd2.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365d-d9b8-4fd3-a62f-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:13.000Z",
"modified": "2016-06-01T19:24:13.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\pdk2.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365d-dc1c-41b7-988c-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:13.000Z",
"modified": "2016-06-01T19:24:13.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\km48.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365d-db00-4686-a808-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:13.000Z",
"modified": "2016-06-01T19:24:13.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\9llq.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365d-9db4-4f72-a516-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:13.000Z",
"modified": "2016-06-01T19:24:13.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ddqq.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365d-af2c-413c-9b91-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:13.000Z",
"modified": "2016-06-01T19:24:13.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\834r.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365e-96a4-4dbd-854b-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:14.000Z",
"modified": "2016-06-01T19:24:14.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\gi4q.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365e-9204-40a5-a8c7-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:14.000Z",
"modified": "2016-06-01T19:24:14.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\wu3w.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365e-85b8-4139-879f-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:14.000Z",
"modified": "2016-06-01T19:24:14.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\qq34.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365e-e6e8-47cf-86e4-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:14.000Z",
"modified": "2016-06-01T19:24:14.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\dqd6.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365e-83e8-468a-b709-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:14.000Z",
"modified": "2016-06-01T19:24:14.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\w4ff.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365f-2f90-4390-b60f-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:15.000Z",
"modified": "2016-06-01T19:24:15.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ok4l.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365f-1c60-45e9-abfb-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:15.000Z",
"modified": "2016-06-01T19:24:15.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\kfii.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365f-2a9c-450d-a3ff-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:15.000Z",
"modified": "2016-06-01T19:24:15.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ie31.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f365f-f604-40f2-9ff6-9bee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:24:15.000Z",
"modified": "2016-06-01T19:24:15.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d1\u2026\u00d1\u20ac\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d0\u00bb\u00d0\u00b8\u00d1\u2030\u00d0\u00b0 \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d0\u00b5\u00d0\u00b9 - Possible names of the storage modules",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\4433.dat']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:24:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36a8-4628-4ceb-8f71-483c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:28.000Z",
"modified": "2016-06-01T19:25:28.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\API32.DLL']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36a9-c108-484f-b638-450b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:29.000Z",
"modified": "2016-06-01T19:25:29.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\dlg.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36a9-e55c-4242-9415-485d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:29.000Z",
"modified": "2016-06-01T19:25:29.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\mm.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36a9-5270-41fb-ba5d-474b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:29.000Z",
"modified": "2016-06-01T19:25:29.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\setup.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36a9-b548-49fa-b8fe-4022950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:29.000Z",
"modified": "2016-06-01T19:25:29.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\help.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36a9-a0ac-41ee-a1f3-4cf9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:29.000Z",
"modified": "2016-06-01T19:25:29.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\mi.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36a9-2f0c-42d3-8b04-4abb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:29.000Z",
"modified": "2016-06-01T19:25:29.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\http.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36aa-b4d0-4940-93b3-45a5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:30.000Z",
"modified": "2016-06-01T19:25:30.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\wapi.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36aa-f5c4-4955-9c09-41be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:30.000Z",
"modified": "2016-06-01T19:25:30.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\ER32.DLL']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36aa-0570-45cc-8930-4bcb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:30.000Z",
"modified": "2016-06-01T19:25:30.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\core.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36aa-ea00-4f8d-ba2d-4793950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:30.000Z",
"modified": "2016-06-01T19:25:30.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\theme.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36aa-6668-4576-9fc9-481a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:30.000Z",
"modified": "2016-06-01T19:25:30.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\vw.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36aa-4ecc-4266-8d4f-49df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:30.000Z",
"modified": "2016-06-01T19:25:30.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\el32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36ab-01a8-4cb5-91dc-4ee0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:31.000Z",
"modified": "2016-06-01T19:25:31.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\sta.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36ab-4d24-4350-bed4-4f72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:31.000Z",
"modified": "2016-06-01T19:25:31.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\p10.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36ab-55a0-489c-acf0-4be1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:31.000Z",
"modified": "2016-06-01T19:25:31.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\fc.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36ab-825c-455b-bd9b-4fb0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:31.000Z",
"modified": "2016-06-01T19:25:31.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\in_32.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36ab-2204-459c-a10e-40fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:31.000Z",
"modified": "2016-06-01T19:25:31.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\pool.drv']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36ab-b518-415f-8162-4015950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:31.000Z",
"modified": "2016-06-01T19:25:31.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\env.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f36ac-f478-4c48-960f-48ca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:32.000Z",
"modified": "2016-06-01T19:25:32.000Z",
"description": "\u00d0\u2019\u00d0\u00be\u00d0\u00b7\u00d0\u00bc\u00d0\u00be\u00d0\u00b6\u00d0\u00bd\u00d1\u2039\u00d0\u00b5 \u00d0\u00bd\u00d0\u00b0\u00d0\u00b7\u00d0\u00b2\u00d0\u00b0\u00d0\u00bd\u00d0\u00b8\u00d1\u008f \u00d0\u00bc\u00d0\u00be\u00d0\u00b4\u00d1\u0192\u00d0\u00bb\u00d1\u008f mini - Possible titles mini module",
"pattern": "[file:name = '\\\\%APPDATA\\\\%\\\\man.dll']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:25:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f36c5-6f2c-4b7d-ace5-4be6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:57.000Z",
"modified": "2016-06-01T19:25:57.000Z",
"first_observed": "2016-06-01T19:25:57Z",
"last_observed": "2016-06-01T19:25:57Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--574f36c5-6f2c-4b7d-ace5-4be6950d210f",
"key": "HKCU\\Software\\Classes\\CLSID\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f36c6-39c8-4b44-b2ed-463d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:58.000Z",
"modified": "2016-06-01T19:25:58.000Z",
"first_observed": "2016-06-01T19:25:58Z",
"last_observed": "2016-06-01T19:25:58Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--574f36c6-39c8-4b44-b2ed-463d950d210f",
"key": "HKLM\\Software\\Classes\\CLSID\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f36c6-c4d8-4d45-9bb1-4717950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:58.000Z",
"modified": "2016-06-01T19:25:58.000Z",
"first_observed": "2016-06-01T19:25:58Z",
"last_observed": "2016-06-01T19:25:58Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--574f36c6-c4d8-4d45-9bb1-4717950d210f",
"key": "HKCU\\Software\\Classes\\Drive\\ShellEx\\FolderExtensions\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f36c6-f690-4b74-a78a-40d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:25:58.000Z",
"modified": "2016-06-01T19:25:58.000Z",
"first_observed": "2016-06-01T19:25:58Z",
"last_observed": "2016-06-01T19:25:58Z",
"number_observed": 1,
"object_refs": [
"windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f"
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Persistence mechanism\""
]
},
{
"type": "windows-registry-key",
"spec_version": "2.1",
"id": "windows-registry-key--574f36c6-f690-4b74-a78a-40d8950d210f",
"key": "HKLM\\Software\\Classes\\Drive\\ShellEx\\FolderExtensions\\{118BEDCC-A901-4203-B4F2-ADCB957D1887}"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3711-4f90-44e0-ba54-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:13.000Z",
"modified": "2016-06-01T19:27:13.000Z",
"description": "ibank.dll - Xchecked via VT: bfe73de645c4d65d15228bd9a3eba1b6",
"pattern": "[file:hashes.SHA256 = '28ea842ac685057d44aebf577f11cc4435d354c2df9a1d13a06da7bcd3a6ad4b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3711-1b5c-4f61-8e1f-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:13.000Z",
"modified": "2016-06-01T19:27:13.000Z",
"description": "ibank.dll - Xchecked via VT: bfe73de645c4d65d15228bd9a3eba1b6",
"pattern": "[file:hashes.SHA1 = '0aafd9da1f28bcd5111cb1cbff1ea2f1f2f9b1c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3711-dfb0-4a01-840a-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:13.000Z",
"modified": "2016-06-01T19:27:13.000Z",
"first_observed": "2016-06-01T19:27:13Z",
"last_observed": "2016-06-01T19:27:13Z",
"number_observed": 1,
"object_refs": [
"url--574f3711-dfb0-4a01-840a-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3711-dfb0-4a01-840a-9bee02de0b81",
"value": "https://www.virustotal.com/file/28ea842ac685057d44aebf577f11cc4435d354c2df9a1d13a06da7bcd3a6ad4b/analysis/1427919750/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3711-1ab8-4aae-8df6-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:13.000Z",
"modified": "2016-06-01T19:27:13.000Z",
"description": "ibank.dll - Xchecked via VT: 4cb6ca447c130554ff16787a56a1e278",
"pattern": "[file:hashes.SHA256 = '557f4c79bb48103a6b7863e33691c32701cbb6d62ece8e2ad099328d371c4216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3711-7518-456d-847e-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:13.000Z",
"modified": "2016-06-01T19:27:13.000Z",
"description": "ibank.dll - Xchecked via VT: 4cb6ca447c130554ff16787a56a1e278",
"pattern": "[file:hashes.SHA1 = '213c19798e5573e40e8e1d0c9330ca37b52eb70d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3711-6b50-4350-9da8-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:13.000Z",
"modified": "2016-06-01T19:27:13.000Z",
"first_observed": "2016-06-01T19:27:13Z",
"last_observed": "2016-06-01T19:27:13Z",
"number_observed": 1,
"object_refs": [
"url--574f3711-6b50-4350-9da8-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3711-6b50-4350-9da8-9bee02de0b81",
"value": "https://www.virustotal.com/file/557f4c79bb48103a6b7863e33691c32701cbb6d62ece8e2ad099328d371c4216/analysis/1438407850/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3712-96a0-4400-b793-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:14.000Z",
"modified": "2016-06-01T19:27:14.000Z",
"description": "ibank.dll - Xchecked via VT: a6c032b192a8edef236b30f13bbff204",
"pattern": "[file:hashes.SHA256 = 'fdb92cf1c168cabd8d25299e7a7fac2a1af80da51d5977433f5b1e00d84a12ec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3712-59dc-4956-80f7-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:14.000Z",
"modified": "2016-06-01T19:27:14.000Z",
"description": "ibank.dll - Xchecked via VT: a6c032b192a8edef236b30f13bbff204",
"pattern": "[file:hashes.SHA1 = '550c531ce140e374f2b9d0dd34385fa387dcecaa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3712-bc1c-42c3-a004-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:14.000Z",
"modified": "2016-06-01T19:27:14.000Z",
"first_observed": "2016-06-01T19:27:14Z",
"last_observed": "2016-06-01T19:27:14Z",
"number_observed": 1,
"object_refs": [
"url--574f3712-bc1c-42c3-a004-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3712-bc1c-42c3-a004-9bee02de0b81",
"value": "https://www.virustotal.com/file/fdb92cf1c168cabd8d25299e7a7fac2a1af80da51d5977433f5b1e00d84a12ec/analysis/1448994203/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3712-d2d8-43fe-9f3b-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:14.000Z",
"modified": "2016-06-01T19:27:14.000Z",
"description": "mini - Xchecked via VT: f5022eae8004458174c10cb80cce5317",
"pattern": "[file:hashes.SHA256 = 'ce1c1976ba1e91eeb9d73f04b33b8032ef8572598063eb57da4d81517fc9389f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3712-7054-487d-a64a-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:14.000Z",
"modified": "2016-06-01T19:27:14.000Z",
"description": "mini - Xchecked via VT: f5022eae8004458174c10cb80cce5317",
"pattern": "[file:hashes.SHA1 = 'd6faa77e9021b9429d04c0582010fc7146bd63b6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3712-230c-4b42-b048-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:14.000Z",
"modified": "2016-06-01T19:27:14.000Z",
"first_observed": "2016-06-01T19:27:14Z",
"last_observed": "2016-06-01T19:27:14Z",
"number_observed": 1,
"object_refs": [
"url--574f3712-230c-4b42-b048-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3712-230c-4b42-b048-9bee02de0b81",
"value": "https://www.virustotal.com/file/ce1c1976ba1e91eeb9d73f04b33b8032ef8572598063eb57da4d81517fc9389f/analysis/1425258524/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3713-154c-4a09-83a3-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:15.000Z",
"modified": "2016-06-01T19:27:15.000Z",
"description": "mini - Xchecked via VT: e9da19440fca6f0747bdee8c7985917f",
"pattern": "[file:hashes.SHA256 = '607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3713-9f40-42d8-a3c9-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:15.000Z",
"modified": "2016-06-01T19:27:15.000Z",
"description": "mini - Xchecked via VT: e9da19440fca6f0747bdee8c7985917f",
"pattern": "[file:hashes.SHA1 = '05446c67ff8c0baffa969fc5cc4dd62edcad46f5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3713-d628-4a92-bf99-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:15.000Z",
"modified": "2016-06-01T19:27:15.000Z",
"first_observed": "2016-06-01T19:27:15Z",
"last_observed": "2016-06-01T19:27:15Z",
"number_observed": 1,
"object_refs": [
"url--574f3713-d628-4a92-bf99-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3713-d628-4a92-bf99-9bee02de0b81",
"value": "https://www.virustotal.com/file/607f90b36f9a50d01ca31a9c1e5f08063bb9e8d3cf04a92220972c389024f50b/analysis/1464792130/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3713-9590-4e27-b1d5-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:15.000Z",
"modified": "2016-06-01T19:27:15.000Z",
"description": "mini - Xchecked via VT: e9cab9097e7f847b388b1c27425d6e9a",
"pattern": "[file:hashes.SHA256 = '79c6599e73a1b2016081c216674fefb204df315a123776bc8ab3d7274c10f790']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3713-504c-401f-ae58-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:15.000Z",
"modified": "2016-06-01T19:27:15.000Z",
"description": "mini - Xchecked via VT: e9cab9097e7f847b388b1c27425d6e9a",
"pattern": "[file:hashes.SHA1 = '0cc0b7aa2e39d4575a18a3b02966f1f6ca32722d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3713-0444-48a0-a52b-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:15.000Z",
"modified": "2016-06-01T19:27:15.000Z",
"first_observed": "2016-06-01T19:27:15Z",
"last_observed": "2016-06-01T19:27:15Z",
"number_observed": 1,
"object_refs": [
"url--574f3713-0444-48a0-a52b-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3713-0444-48a0-a52b-9bee02de0b81",
"value": "https://www.virustotal.com/file/79c6599e73a1b2016081c216674fefb204df315a123776bc8ab3d7274c10f790/analysis/1449068959/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3714-4be0-462b-8e7c-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:16.000Z",
"modified": "2016-06-01T19:27:16.000Z",
"description": "mini - Xchecked via VT: e305b5d37b04a2d5d9aa8499bbf88940",
"pattern": "[file:hashes.SHA256 = '5a37aa0e6ff79c90837052ff429a0c6361b59f3ba0b30733212d720467a17e04']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3714-04cc-4a52-adc6-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:16.000Z",
"modified": "2016-06-01T19:27:16.000Z",
"description": "mini - Xchecked via VT: e305b5d37b04a2d5d9aa8499bbf88940",
"pattern": "[file:hashes.SHA1 = '9df4c611a01ff352e6516bce78eedb33ddeaa782']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3714-8e68-4f32-a906-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:16.000Z",
"modified": "2016-06-01T19:27:16.000Z",
"first_observed": "2016-06-01T19:27:16Z",
"last_observed": "2016-06-01T19:27:16Z",
"number_observed": 1,
"object_refs": [
"url--574f3714-8e68-4f32-a906-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3714-8e68-4f32-a906-9bee02de0b81",
"value": "https://www.virustotal.com/file/5a37aa0e6ff79c90837052ff429a0c6361b59f3ba0b30733212d720467a17e04/analysis/1447115062/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3714-7b44-46a4-aa25-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:16.000Z",
"modified": "2016-06-01T19:27:16.000Z",
"description": "mini - Xchecked via VT: e006469ea4b34c757fd1aa38e6bdaa72",
"pattern": "[file:hashes.SHA256 = '7aa4371015d484e8d27aa32297184853acb7c7bea7711beac396a73c82cfaa64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3714-dc44-40c7-b8e3-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:16.000Z",
"modified": "2016-06-01T19:27:16.000Z",
"description": "mini - Xchecked via VT: e006469ea4b34c757fd1aa38e6bdaa72",
"pattern": "[file:hashes.SHA1 = '0fe481b4c8c12003b2af3c08d9e127044c6d8197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3714-5124-4259-bf2d-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:16.000Z",
"modified": "2016-06-01T19:27:16.000Z",
"first_observed": "2016-06-01T19:27:16Z",
"last_observed": "2016-06-01T19:27:16Z",
"number_observed": 1,
"object_refs": [
"url--574f3714-5124-4259-bf2d-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3714-5124-4259-bf2d-9bee02de0b81",
"value": "https://www.virustotal.com/file/7aa4371015d484e8d27aa32297184853acb7c7bea7711beac396a73c82cfaa64/analysis/1444892452/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3715-0344-4573-8920-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:17.000Z",
"modified": "2016-06-01T19:27:17.000Z",
"description": "mini - Xchecked via VT: d0b4c0b43f539384bbdc103182e7ff42",
"pattern": "[file:hashes.SHA256 = '51cc680c8889a1210e829df23ce0cbae5c4c9d61fafa0c85adc35b262e509a52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3715-0fd4-4a9f-b632-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:17.000Z",
"modified": "2016-06-01T19:27:17.000Z",
"description": "mini - Xchecked via VT: d0b4c0b43f539384bbdc103182e7ff42",
"pattern": "[file:hashes.SHA1 = '1a5a66b606f4d34f9a612cdf2b23b39f1db2f13d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3715-1220-4311-86c9-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:17.000Z",
"modified": "2016-06-01T19:27:17.000Z",
"first_observed": "2016-06-01T19:27:17Z",
"last_observed": "2016-06-01T19:27:17Z",
"number_observed": 1,
"object_refs": [
"url--574f3715-1220-4311-86c9-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3715-1220-4311-86c9-9bee02de0b81",
"value": "https://www.virustotal.com/file/51cc680c8889a1210e829df23ce0cbae5c4c9d61fafa0c85adc35b262e509a52/analysis/1440087528/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3715-1694-4a51-b3e2-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:17.000Z",
"modified": "2016-06-01T19:27:17.000Z",
"description": "mini - Xchecked via VT: c461706e084880a9f0409e3a6b1f1ecd",
"pattern": "[file:hashes.SHA256 = 'f998e96c3d8241c7b44b39369f6b08962c33a2a8a3b92d005e42c22caf7a52d5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3715-7654-46f1-acae-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:17.000Z",
"modified": "2016-06-01T19:27:17.000Z",
"description": "mini - Xchecked via VT: c461706e084880a9f0409e3a6b1f1ecd",
"pattern": "[file:hashes.SHA1 = '590dc34726b769ffec2fefcb6c7adfa12577d428']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3715-a540-4403-8b03-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:17.000Z",
"modified": "2016-06-01T19:27:17.000Z",
"first_observed": "2016-06-01T19:27:17Z",
"last_observed": "2016-06-01T19:27:17Z",
"number_observed": 1,
"object_refs": [
"url--574f3715-a540-4403-8b03-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3715-a540-4403-8b03-9bee02de0b81",
"value": "https://www.virustotal.com/file/f998e96c3d8241c7b44b39369f6b08962c33a2a8a3b92d005e42c22caf7a52d5/analysis/1425102122/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3716-b01c-42fa-9200-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:18.000Z",
"modified": "2016-06-01T19:27:18.000Z",
"description": "mini - Xchecked via VT: 85b66824a7f2787e87079903f0adebdf",
"pattern": "[file:hashes.SHA256 = '3a01a354b0e704a78ab22c2b45eb1feb2e06350fd057040937fc16c9640cb41b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3716-7bc8-4050-b2eb-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:18.000Z",
"modified": "2016-06-01T19:27:18.000Z",
"description": "mini - Xchecked via VT: 85b66824a7f2787e87079903f0adebdf",
"pattern": "[file:hashes.SHA1 = 'bb41a1a2b92eec2ed448a598561351c1e38b17b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3716-d86c-4cfb-8549-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:18.000Z",
"modified": "2016-06-01T19:27:18.000Z",
"first_observed": "2016-06-01T19:27:18Z",
"last_observed": "2016-06-01T19:27:18Z",
"number_observed": 1,
"object_refs": [
"url--574f3716-d86c-4cfb-8549-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3716-d86c-4cfb-8549-9bee02de0b81",
"value": "https://www.virustotal.com/file/3a01a354b0e704a78ab22c2b45eb1feb2e06350fd057040937fc16c9640cb41b/analysis/1445871158/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3716-5db0-4532-97de-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:18.000Z",
"modified": "2016-06-01T19:27:18.000Z",
"description": "mini - Xchecked via VT: 6548d3304e5da11ed2bed0551c3d6922",
"pattern": "[file:hashes.SHA256 = 'b895aa0c449901481ea50171e6a8d5bef5b9531252611a4433dba00cf4487c54']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3716-c6a4-4360-bd4d-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:18.000Z",
"modified": "2016-06-01T19:27:18.000Z",
"description": "mini - Xchecked via VT: 6548d3304e5da11ed2bed0551c3d6922",
"pattern": "[file:hashes.SHA1 = '5e30bba7651ce919d6fd93cef365bcd492090f14']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3716-cba4-424c-b9d6-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:18.000Z",
"modified": "2016-06-01T19:27:18.000Z",
"first_observed": "2016-06-01T19:27:18Z",
"last_observed": "2016-06-01T19:27:18Z",
"number_observed": 1,
"object_refs": [
"url--574f3716-cba4-424c-b9d6-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3716-cba4-424c-b9d6-9bee02de0b81",
"value": "https://www.virustotal.com/file/b895aa0c449901481ea50171e6a8d5bef5b9531252611a4433dba00cf4487c54/analysis/1464735155/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3717-6058-46cb-b329-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:19.000Z",
"modified": "2016-06-01T19:27:19.000Z",
"description": "mini - Xchecked via VT: 36db67ccadc59d27cd4adf5f0944330d",
"pattern": "[file:hashes.SHA256 = 'e5e815354870289991aed1523bbb48d23d5c0a9491cf781914ae27cc67cc9c12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3717-c13c-4d0f-96fd-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:19.000Z",
"modified": "2016-06-01T19:27:19.000Z",
"description": "mini - Xchecked via VT: 36db67ccadc59d27cd4adf5f0944330d",
"pattern": "[file:hashes.SHA1 = '51e0da300047d9925710806163ed5e318a84e3b9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3717-ca98-49a2-b654-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:19.000Z",
"modified": "2016-06-01T19:27:19.000Z",
"first_observed": "2016-06-01T19:27:19Z",
"last_observed": "2016-06-01T19:27:19Z",
"number_observed": 1,
"object_refs": [
"url--574f3717-ca98-49a2-b654-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3717-ca98-49a2-b654-9bee02de0b81",
"value": "https://www.virustotal.com/file/e5e815354870289991aed1523bbb48d23d5c0a9491cf781914ae27cc67cc9c12/analysis/1458048090/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3717-692c-4098-9822-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:19.000Z",
"modified": "2016-06-01T19:27:19.000Z",
"description": "mini - Xchecked via VT: 3387e820f0f67ff00cf0c6d0f5ea2b75",
"pattern": "[file:hashes.SHA256 = '7d214f5f0065f0c0c0a6c22e9f4b9c5211e86e15ca3fe6eeb9e53d521b9118d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3717-c25c-40d9-bd0a-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:19.000Z",
"modified": "2016-06-01T19:27:19.000Z",
"description": "mini - Xchecked via VT: 3387e820f0f67ff00cf0c6d0f5ea2b75",
"pattern": "[file:hashes.SHA1 = '4ddb5a210d80635f9aa543337af662c01e2a8275']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3717-8824-4571-a417-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:19.000Z",
"modified": "2016-06-01T19:27:19.000Z",
"first_observed": "2016-06-01T19:27:19Z",
"last_observed": "2016-06-01T19:27:19Z",
"number_observed": 1,
"object_refs": [
"url--574f3717-8824-4571-a417-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3717-8824-4571-a417-9bee02de0b81",
"value": "https://www.virustotal.com/file/7d214f5f0065f0c0c0a6c22e9f4b9c5211e86e15ca3fe6eeb9e53d521b9118d8/analysis/1442001535/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3718-2420-4139-a231-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:20.000Z",
"modified": "2016-06-01T19:27:20.000Z",
"description": "mini - Xchecked via VT: 2f3259f58a33176d938cbd9bc342fddd",
"pattern": "[file:hashes.SHA256 = '56b931219a9705de9b7f6075a6437f906d6c6c71be37f57259d7040eeb02b75d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3718-eefc-48c6-b20d-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:20.000Z",
"modified": "2016-06-01T19:27:20.000Z",
"description": "mini - Xchecked via VT: 2f3259f58a33176d938cbd9bc342fddd",
"pattern": "[file:hashes.SHA1 = '79403e2f7c808a977dd087ce8bf63f95ff7fd182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3718-faa8-4b8c-aa4d-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:20.000Z",
"modified": "2016-06-01T19:27:20.000Z",
"first_observed": "2016-06-01T19:27:20Z",
"last_observed": "2016-06-01T19:27:20Z",
"number_observed": 1,
"object_refs": [
"url--574f3718-faa8-4b8c-aa4d-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3718-faa8-4b8c-aa4d-9bee02de0b81",
"value": "https://www.virustotal.com/file/56b931219a9705de9b7f6075a6437f906d6c6c71be37f57259d7040eeb02b75d/analysis/1459933447/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3718-1a68-436c-b666-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:20.000Z",
"modified": "2016-06-01T19:27:20.000Z",
"description": "mini - Xchecked via VT: 185c8ffa99ba1e9b06d1a5effae7b842",
"pattern": "[file:hashes.SHA256 = 'eb4d6a9e52c8a278c14c2cb51f7928d1df9dd93763e046159d34b4bf593e7415']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--574f3718-d260-4817-8f62-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:20.000Z",
"modified": "2016-06-01T19:27:20.000Z",
"description": "mini - Xchecked via VT: 185c8ffa99ba1e9b06d1a5effae7b842",
"pattern": "[file:hashes.SHA1 = '185d9a2978cf70fb94f6c33064fefacb2ecabceb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-06-01T19:27:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--574f3718-7bac-4d99-9325-9bee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-06-01T19:27:20.000Z",
"modified": "2016-06-01T19:27:20.000Z",
"first_observed": "2016-06-01T19:27:20Z",
"last_observed": "2016-06-01T19:27:20Z",
"number_observed": 1,
"object_refs": [
"url--574f3718-7bac-4d99-9325-9bee02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--574f3718-7bac-4d99-9325-9bee02de0b81",
"value": "https://www.virustotal.com/file/eb4d6a9e52c8a278c14c2cb51f7928d1df9dd93763e046159d34b4bf593e7415/analysis/1440398179/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}