2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--57504442-9454-4159-a7e9-4ad8950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:32.000Z" ,
"modified" : "2016-06-02T14:49:32.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--57504442-9454-4159-a7e9-4ad8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:32.000Z" ,
"modified" : "2016-06-02T14:49:32.000Z" ,
"name" : "OSINT - IRONGATE ICS Malware: Nothing to See Here...Masking Malicious Activity on SCADA Systems" ,
"published" : "2016-06-02T14:57:13Z" ,
"object_refs" : [
"observed-data--57504478-e3f8-49d3-a594-41f4950d210f" ,
"url--57504478-e3f8-49d3-a594-41f4950d210f" ,
"x-misp-attribute--57504487-2318-431d-a74a-44ca950d210f" ,
"x-misp-attribute--575044c0-ed64-4bdb-896e-48e8950d210f" ,
"x-misp-attribute--575044c0-00ec-4eeb-847a-4d29950d210f" ,
"x-misp-attribute--575044c0-0ab0-4bbc-9f4e-4c71950d210f" ,
"observed-data--575044c0-2cac-42b2-8b05-48e4950d210f" ,
"file--575044c0-2cac-42b2-8b05-48e4950d210f" ,
"artifact--575044c0-2cac-42b2-8b05-48e4950d210f" ,
"indicator--575046d2-9500-493e-b3e8-45e4950d210f" ,
"indicator--575046d2-e6a0-4bbe-b726-462f950d210f" ,
"indicator--575046d3-1964-41ad-a7c9-448d950d210f" ,
"indicator--575046d3-1a14-438d-8dae-491c950d210f" ,
"indicator--575046d3-3c0c-4082-952c-47c0950d210f" ,
"indicator--5750473b-ebbc-44cc-b36c-448b950d210f" ,
"indicator--5750473c-b534-4744-aeb2-4b9a950d210f" ,
"indicator--5750473c-2580-4edd-9754-4aa3950d210f" ,
"indicator--5750473c-4fe0-458b-ad9c-4609950d210f" ,
"indicator--5750473d-1820-407b-bf40-4bc1950d210f" ,
"indicator--5750473d-d9d4-4360-a946-432e950d210f" ,
"indicator--5750473d-9d4c-4a1e-a22f-400d950d210f" ,
"indicator--5750473e-7ad8-4668-a8bb-47ec950d210f" ,
"indicator--5750473e-84e8-4e45-bacc-47e3950d210f" ,
"indicator--5750473f-5370-4378-8c25-4aee950d210f" ,
"indicator--5750477c-f99c-4bec-b2db-4a4602de0b81" ,
"indicator--5750477c-d628-4005-98d4-44bd02de0b81" ,
"observed-data--5750477d-4560-4f9c-9ec9-4eb002de0b81" ,
"url--5750477d-4560-4f9c-9ec9-4eb002de0b81" ,
"indicator--5750477d-3a90-4eaa-8115-4aa302de0b81" ,
"indicator--5750477d-6c3c-4f7c-bb1e-404b02de0b81" ,
"observed-data--5750477e-9020-4f82-b088-416e02de0b81" ,
"url--5750477e-9020-4f82-b088-416e02de0b81" ,
"indicator--5750477e-57f8-49ad-9f54-4f0a02de0b81" ,
"indicator--5750477f-bde8-4e9d-8a6c-4c7f02de0b81" ,
"observed-data--5750477f-e40c-402c-acba-429102de0b81" ,
"url--5750477f-e40c-402c-acba-429102de0b81" ,
"indicator--57504780-bfac-40e7-965a-487702de0b81" ,
"indicator--57504780-80c8-4d82-9fcf-41cf02de0b81" ,
"observed-data--57504780-64a0-4a17-b875-4f2902de0b81" ,
"url--57504780-64a0-4a17-b875-4f2902de0b81" ,
"indicator--57504781-1110-4799-a73a-47e402de0b81" ,
"indicator--57504781-ea48-4f48-9ff7-46dc02de0b81" ,
"observed-data--57504781-b830-4094-81bd-48cb02de0b81" ,
"url--57504781-b830-4094-81bd-48cb02de0b81" ,
"indicator--57504782-6e6c-4ec3-a8f4-416f02de0b81" ,
"indicator--57504782-5010-457e-9198-46e202de0b81" ,
"observed-data--57504782-f5e0-4152-a3c7-4d0a02de0b81" ,
"url--57504782-f5e0-4152-a3c7-4d0a02de0b81" ,
"indicator--57504783-f900-4e95-bdce-41b902de0b81" ,
"indicator--57504783-dad0-4fb6-a60d-4aef02de0b81" ,
"observed-data--57504783-1260-4771-aec3-4b3402de0b81" ,
"url--57504783-1260-4771-aec3-4b3402de0b81" ,
"indicator--57504784-1cfc-48d5-8fe8-464a02de0b81" ,
"indicator--57504784-5e84-4419-9644-484002de0b81" ,
"observed-data--57504784-4cd4-4679-9f3c-4c8302de0b81" ,
"url--57504784-4cd4-4679-9f3c-4c8302de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT"
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57504478-e3f8-49d3-a594-41f4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:36:40.000Z" ,
"modified" : "2016-06-02T14:36:40.000Z" ,
"first_observed" : "2016-06-02T14:36:40Z" ,
"last_observed" : "2016-06-02T14:36:40Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57504478-e3f8-49d3-a594-41f4950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57504478-e3f8-49d3-a594-41f4950d210f" ,
"value" : "https://www.fireeye.com/blog/threat-research/2016/06/irongate_ics_malware.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--57504487-2318-431d-a74a-44ca950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:36:55.000Z" ,
"modified" : "2016-06-02T14:36:55.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE.\r\n\r\nFLARE found the samples on VirusTotal while researching droppers compiled with PyInstaller \u00e2\u20ac\u201d an approach used by numerous malicious actors. The IRONGATE samples stood out based on their references to SCADA and associated functionality. Two samples of the malware payload were uploaded by different sources in 2014, but none of the antivirus vendors featured on VirusTotal flagged them as malicious.\r\n\r\nSiemens Product Computer Emergency Readiness Team (ProductCERT) confirmed that IRONGATE is not viable against operational Siemens control systems and determined that IRONGATE does not exploit any vulnerabilities in Siemens products. We are unable to associate IRONGATE with any campaigns or threat actors. We acknowledge that IRONGATE could be a test case, proof of concept, or research activity for ICS attack techniques.\r\n\r\nOur analysis finds that IRONGATE invokes ICS attack concepts first seen in Stuxnet, but in a simulation environment. Because the body of industrial control systems (ICS) and supervisory control and data acquisition (SCADA) malware is limited, we are sharing details with the broader community."
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--575044c0-ed64-4bdb-896e-48e8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:37:52.000Z" ,
"modified" : "2016-06-02T14:37:52.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "info: IRONGATE (FAMILY)\nby FireEye"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--575044c0-00ec-4eeb-847a-4d29950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:37:52.000Z" ,
"modified" : "2016-06-02T14:37:52.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "uuid: 9cee306d-5441-4cd3-932d-f3119752634c"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--575044c0-0ab0-4bbc-9f4e-4c71950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:37:52.000Z" ,
"modified" : "2016-06-02T14:37:52.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"Other\""
] ,
"x_misp_category" : "Other" ,
"x_misp_comment" : "OpenIOC import from file 9cee306d-5441-4cd3-932d-f3119752634c.ioc" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "date: 2015-08-21T16:39:02Z"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--575044c0-2cac-42b2-8b05-48e4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:37:52.000Z" ,
"modified" : "2016-06-02T14:37:52.000Z" ,
"first_observed" : "2016-06-02T14:37:52Z" ,
"last_observed" : "2016-06-02T14:37:52Z" ,
"number_observed" : 1 ,
"object_refs" : [
"file--575044c0-2cac-42b2-8b05-48e4950d210f" ,
"artifact--575044c0-2cac-42b2-8b05-48e4950d210f"
] ,
"labels" : [
"misp:type=\"attachment\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "file" ,
"spec_version" : "2.1" ,
"id" : "file--575044c0-2cac-42b2-8b05-48e4950d210f" ,
"name" : "9cee306d-5441-4cd3-932d-f3119752634c.ioc" ,
"content_ref" : "artifact--575044c0-2cac-42b2-8b05-48e4950d210f"
} ,
{
"type" : "artifact" ,
"spec_version" : "2.1" ,
"id" : "artifact--575044c0-2cac-42b2-8b05-48e4950d210f" ,
"payload_bin" : " P D 94 b W w g d m V y c 2 l v b j 0 n M S 4 w J y B l b m N v Z G l u Z z 0 n V V R G L T g n P z 4 K P C E t L Q o g I C A g V E l U T E U 6 I C A g I C A g I C A g I D l j Z W U z M D Z k L T U 0 N D E t N G N k M y 0 5 M z J k L W Y z M T E 5 N z U y N j M 0 Y y 5 p b 2 M K I C A g I F Z F U l N J T 0 46 I C A g I C A g I C A x L j A K I C A g I E R F U 0 N S S V B U S U 9 O O i A g I C B P c G V u S U 9 D I G Z p b G U K I C A g I E x J Q 0 V O U 0 U 6 I C A g I C A g I C B D b 3 B 5 c m l n a H Q g M j A x N i B G a X J l R X l l I E N v c n B v c m F 0 a W 9 u L i A g T G l j Z W 5 z Z W Q g d W 5 k Z X I g d G h l I E F w Y W N o Z S A y L j A g b G l j Z W 5 z Z S 4 K C i A g I C B G a X J l R X l l I G x p Y 2 V u c 2 V z I H R o a X M g Z m l s Z S B 0 b y B 5 b 3 U g d W 5 k Z X I g d G h l I E F w Y W N o Z S B M a W N l b n N l L C B W Z X J z a W 9 u C i A g I C A y L j A g K H R o Z S A i T G l j Z W 5 z Z S I p O y B 5 b 3 U g b W F 5 I G 5 v d C B 1 c 2 U g d G h p c y B m a W x l I G V 4 Y 2 V w d C B p b i B j b 21 w b G l h b m N l I H d p d G g g d G h l C i A g I C B M a W N l b n N l L i A g W W 91 I G 1 h e S B v Y n R h a W 4 g Y S B j b 3 B 5 I G 9 m I H R o Z S B M a W N l b n N l I G F 0 O g o K I C A g I C A g I C A g I C A g a H R 0 c D o v L 3 d 3 d y 5 h c G F j a G U u b 3 J n L 2 x p Y 2 V u c 2 V z L 0 x J Q 0 V O U 0 U t M i 4 w C g o g I C A g V W 5 s Z X N z I H J l c X V p c m V k I G J 5 I G F w c G x p Y 2 F i b G U g b G F 3 I G 9 y I G F n c m V l Z C B 0 b y B p b i B 3 c m l 0 a W 5 n L C B z b 2 Z 0 d 2 F y Z Q o g I C A g Z G l z d H J p Y n V 0 Z W Q g d W 5 k Z X I g d G h l I E x p Y 2 V u c 2 U g a X M g Z G l z d H J p Y n V 0 Z W Q g b 24 g Y W 4 g I k F T I E l T I i B C Q V N J U y w K I C A g I F d J V E h P V V Q g V 0 F S U k F O V E l F U y B P U i B D T 0 5 E S V R J T 0 5 T I E 9 G I E F O W S B L S U 5 E L C B l a X R o Z X I g Z X h w c m V z c y B v c g o g I C A g a W 1 w b G l l Z C 4 g I F N l Z S B 0 a G U g T G l j Z W 5 z Z S B m b 3 I g d G h l I H N w Z W N p Z m l j I G x h b m d 1 Y W d l I G d v d m V y b m l u Z w o g I C A g c G V y b W l z c 2 l v b n M g Y W 5 k I G x p b W l 0 Y X R p b 25 z I H V u Z G V y I H R o Z S B M a W N l b n N l L g o t L T 4 K P G l v Y y B 4 b W x u c z p 4 c 2 Q 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h I i B 4 b W x u c z p 4 c 2 k 9 I m h 0 d H A 6 L y 93 d 3 c u d z M u b 3 J n L z I w M D E v W E 1 M U 2 N o Z W 1 h L W l u c 3 R h b m N l I i B 4 b W x u c z 0 i a H R 0 c D o v L 3 N j a G V t Y X M u b W F u Z G l h b n Q u Y 29 t L z I w M T A v a W 9 j I i B p Z D 0 i O W N l Z T M w N m Q t N T Q 0 M S 0 0 Y 2 Q z L T k z M m Q t Z j M x M T k 3 N T I 2 M z R j I i B s Y X N 0 L W 1 v Z G l m a W V k P S I y M D E 2 L T A 1 L T E 4 V D E 0 O j E x O j A 1 W i I + C i A g P H N o b 3 J 0 X 2 R l c 2 N y a X B 0 a W 9 u P k l S T 0 5 H Q V R F I C h G Q U 1 J T F k p P C 9 z a G 9 y d F 9 k Z X N j c m l w d G l v b j 4 K I C A 8 Z G V z Y 3 J p c H R p b 24 + S V J P T k d B V E U g a X M g Y S B 0 b 29 s I H R o Y X Q g d G F y Z 2 V 0 c y B i a W 9 n Y X M u Z X h l I H B y b 2 d y Y W 1 z I G J 5 I H J l c G x h Y 2 l u Z y B 0 a G U g U 3 R l c D d D b 25 N Z 3 I u Z G x s I G x p Y n J h c n k g d 2 l 0 a C B h I G 1 h b G l j a W 91 c y B v b m U u I F R o Z S B t Y W x p Y 2 l v d X M g U 3 R l c D d D b 25 N Z 3 I u Z G x s I G x p Y n J h c n k g c G V y Z m 9 y b X M g R E x M I G h p a m F j a 2 l u Z y B 3 a G V y Z S B p d C B y Z W N v c m R z I G R h d G E g Y W 5 k I H J l c G x h e X M g a X Q g Y m F j a y B 0 b y B 0 a G U g c G F y Z W 50 I H B y b 2 d y Y W 0 u I F R o Z S B t Y W x p Y 2 l v d X M g U 3 R l c D d D b 25 N Z 3 I u Z G x s I G x p Y n J h c n k g Y W x z b y B z Z W 5 k c y B k Y X R h I H R v I H d o Y X Q g a X M g c 3 V z c G V j d G V k I H R v I G J l I H R o Z S B z a W 11 b G F 0 Z W Q g b 3 I g Y 29 u d H J v b G x l Z C B k Z X Z p Y 2 U u I F R o a X M g S U 9 D I G N v b n R h a W 5 z I G l u Z G l j Y X R v c n M g Z G V 0 Y W l s Z W Q g a W 4 g d G h l I G J s b 2 c g c G 9 z d C A i S V J P T k d B V E U g S U N T I E 1 h b H d h c m U 6 I E 5 v d G h p b m c g d G 8 g U 2 V l I E h l c m U s I E 1 h c 2 t p b m c g T W F s a W N p b 3 V z I E F j d G l 2 a X R 5 I G 9 u I F N D Q U R B I F N 5 c 3 R l b X M i I H R o Y X Q g Y 2 F u I G J l I H J l Y W Q g a G V y Z T o g a H R 0 c H M 6 L y 93 d 3 c u Z m l y Z W V 5 Z S 5 j b 20 v Y m x v Z y 90 a H J l Y X Q t c m V z Z W F y Y 2 g v M j A x N i 8 w N i 9 p c m 9 u Z 2 F 0 Z V 9 p Y 3 N f b W F s d 2 F y Z S 5 o d G 1 s P C 9 k Z X N j c m l w d G l v b j 4 K I C A 8 a 2 V 5 d 29 y Z H M v P g o g I D x h d X R o b 3 J l Z F 9 i e T 5 G a X J l R X l l P C 9 h d X R o b 3 J l Z F 9 i e T 4 K I C A 8 Y X V 0 a G 9 y Z W R f Z G F 0 Z T 4 y M D E 1 L T A 4 L T I x V D E 2 O j M 5 O j A y W j w v Y X V 0 a G 9 y Z W R f Z G F 0 Z T 4 K I C A 8 b G l u a 3 M + C i A g I C A 8 b G l u a y B y Z W w 9 I m Z h b W l s e S I + S V J P T k d B V E U 8 L 2 x p b m s + C i A g I C A 8 b G l u a y B y Z W w 9 I m x p Y 2 V u c 2 U i P k F w Y W N o Z S A y L j A 8 L 2 x p b m s + C i A g P C 9 s a W 5 r c z 4 K I C A 8 Z G V m a W 5 p d G l v b j 4 K I C A g I D x J b m R p Y 2 F 0 b 3 I g a W Q 9 I j d k O D F k Z W U 5 L T c 3 Z m I t N D E w Z S 1 h O D I x L T V l O W Q z O W J m Y W J l N i I g b 3 B l c m F 0 b 3 I 9 I k 9 S I j 4 K I C A g I C A g P E l u Z G l j Y X R v c k l 0 Z W 0 g a W Q 9 I m I z N m Y 1 M W Q z L T J j M m E t N G Z m M C 0 5 Z j c w L W N l Y j I 0 Z D F j M T I w Y y I g Y 29 u Z G l 0 a W 9 u P S J p c y I + C i A g I C A g I C A g P E N v b n R l e H Q g Z G 9 j d W 1 l b n Q 9 I k Z p b G V J d G V t I i B z Z W F y Y 2 g 9 I k Z p b G V J d G V t L 0 1 k N X N 1 b S I g d H l w Z T 0 i b W l y I i 8 + C i A g I C A g I C A g P E N v b n R l b n Q g d H l w Z T 0 i b W Q 1 I j 5 F R E E w M j F B Q 0 F D Q T g x Q U U 5 O U U z O U V D Q 0 R B M D E 2 M z I 5 N T w v Q 29 u d G V u d D 4 K I C A g I C A g P C 9 J b m R p Y 2 F 0 b 3 J J d G V t P g o g I C A g I C A 8 S W 5 k a W N h d G 9 y S X R l b S B p Z D 0 i N z Y x N T M 3 M j c t N m N i M i 0 0 M T l h L W I y O W Y t M T I 4 M G Y w O D h h Z W Z k I i B j b 25 k a X R p b 249 I m l z I j 4 K I C A g I C A g I C A 8 Q 29 u d G V 4 d C B k b 2 N 1 b W V u d D 0 i R m l s Z U l 0 Z W 0 i I H N l Y X J j a D 0 i R m l s Z U l 0 Z W 0 v T W Q 1 c 3 V t I i B 0 e X B l P S J t a X I i L z 4 K I C A g I C A g I C A 8 Q 29 u d G V u d C B 0 e X B l P S J t Z D U i P j l C N T g 4 Q U R C M U Q w Q U U 3 M k N F Q j Q w N T E w M z F G R D F G M U Y z P C 9 D b 250 Z W 50 P g o g I C A g I C A 8 L 0 l u Z G l j Y X R v c k l 0 Z W 0 + C i A g I C A g I D x J b m R p Y 2 F 0 b 3 J J d G V t I G l k P S J i N G U 2 N D c 3 N C 0 3 Y T B m L T R l Y m I t O G Y 5 M i 0 0 M D I 2 N G J i N D g 2 N D U i I G N v b m R p d G l v b j 0 i a X M i P g o g I C A g I C A g I D x D b 250 Z X h 0 I G R v Y 3 V t Z W 50 P S J G a W x l S X R l b S I g c 2 V h c m N o P S J G a W x l S X R l b S 9 N Z D V z d W 0 i I H R 5 c G U 9 I m 1 p c i I v P g o g I C A g I C A g I D x D b 250 Z W 50 I H R 5 c G U 9 I m 1 k N S I + R U M w N 0E1 R U N C M T g y O T Y w N z c 3 M D A 3 Q U Z F M k M w N z d B M U Q 8 L 0 N v b n R l b n Q + C i A g I C A g I D w v S W 5 k a W N h d G 9 y S X R l b T 4 K I C A g I C A g P E l u Z G l j Y X R v c k l 0 Z W 0 g a W Q 9 I j h k O D A 4 Z D g w L T l h O D Y t N D k 5 Z i 1 h Y W U 3 L T A w N 2 J l M m R m N z U 5 Z S I g Y 29 u Z G l 0 a W 9 u P S J p c y I + C i A g I C A g I C A g P E N v b n R l e H Q g Z G 9 j d W 1 l b n Q 9 I k Z p b G V J d G V t I i B z Z W F y Y 2 g 9 I k Z p b G V J d G V t L 0 1 k N X N 1 b S I g d H l w Z T 0 i b W l y I i 8 + C i A g I C A g I C A g P E N v b n R l b n Q g d H l w Z T 0 i b W Q 1 I j 4 w M j Z C Q z U 4 M z A w R E U w M j Q 1 N T k z N 0 N F R j Q 2 N D A 1 R j A 2 N T w v Q 29 u d G V u d D 4 K I C A g I C A g P C 9 J b m R
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--575046d2-9500-493e-b3e8-45e4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:46:42.000Z" ,
"modified" : "2016-06-02T14:46:42.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = 'eda021acaca81ae99e39eccda0163295']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:46:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--575046d2-e6a0-4bbe-b726-462f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:46:42.000Z" ,
"modified" : "2016-06-02T14:46:42.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '9b588adb1d0ae72ceb4051031fd1f1f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:46:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--575046d3-1964-41ad-a7c9-448d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:46:43.000Z" ,
"modified" : "2016-06-02T14:46:43.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = 'ec07a5ecb182960777007afe2c077a1d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:46:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--575046d3-1a14-438d-8dae-491c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:46:43.000Z" ,
"modified" : "2016-06-02T14:46:43.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '026bc58300de02455937cef46405f065']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:46:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--575046d3-3c0c-4082-952c-47c0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:46:43.000Z" ,
"modified" : "2016-06-02T14:46:43.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = 'a79596bcca537fa3fa45037f4855fd00']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:46:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473b-ebbc-44cc-b36c-448b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:27.000Z" ,
"modified" : "2016-06-02T14:48:27.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '957581fb38a4e76e84f60e2bb19b9499']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473c-b534-4744-aeb2-4b9a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:28.000Z" ,
"modified" : "2016-06-02T14:48:28.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '75d118996f5190edafca1b1904a7eea8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473c-2580-4edd-9754-4aa3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:28.000Z" ,
"modified" : "2016-06-02T14:48:28.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '9f37e1ea08e6a4ae03e9feba6d1f6259']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473c-4fe0-458b-ad9c-4609950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:28.000Z" ,
"modified" : "2016-06-02T14:48:28.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '3152f21d701a2397e7b22711b8019b82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473d-1820-407b-bf40-4bc1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:29.000Z" ,
"modified" : "2016-06-02T14:48:29.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = 'ef2a97512fdb45cd26089ad2ff61f1cc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473d-d9d4-4360-a946-432e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:29.000Z" ,
"modified" : "2016-06-02T14:48:29.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '41906403206ea5c7dcdbfae230add9fa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473d-9d4c-4a1e-a22f-400d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:29.000Z" ,
"modified" : "2016-06-02T14:48:29.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '874f7bcab71f4745ea6cda2e2fb5a78c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473e-7ad8-4668-a8bb-47ec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:30.000Z" ,
"modified" : "2016-06-02T14:48:30.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '7c51474e6560c51dfc815d4a227ba1aa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473e-84e8-4e45-bacc-47e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:30.000Z" ,
"modified" : "2016-06-02T14:48:30.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '1f338bdd92f08803a2ac7022a34d98fd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750473f-5370-4378-8c25-4aee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:48:31.000Z" ,
"modified" : "2016-06-02T14:48:31.000Z" ,
"description" : "Imported via the Freetext Import Tool" ,
"pattern" : "[file:hashes.MD5 = '7a0c1017e6b5bb5dc776b3b883a1d0e0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:48:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750477c-f99c-4bec-b2db-4a4602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:32.000Z" ,
"modified" : "2016-06-02T14:49:32.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 7a0c1017e6b5bb5dc776b3b883a1d0e0" ,
"pattern" : "[file:hashes.SHA256 = '83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750477c-d628-4005-98d4-44bd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:32.000Z" ,
"modified" : "2016-06-02T14:49:32.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 7a0c1017e6b5bb5dc776b3b883a1d0e0" ,
"pattern" : "[file:hashes.SHA1 = '9efe39c0a6bff5dc18d3adf3b9522b5346cdbb9b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5750477d-4560-4f9c-9ec9-4eb002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:33.000Z" ,
"modified" : "2016-06-02T14:49:33.000Z" ,
"first_observed" : "2016-06-02T14:49:33Z" ,
"last_observed" : "2016-06-02T14:49:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5750477d-4560-4f9c-9ec9-4eb002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5750477d-4560-4f9c-9ec9-4eb002de0b81" ,
"value" : "https://www.virustotal.com/file/83f0352c14fa62ae159ab532d85a2b481900fed50d32cc757aa3f4ccf6a13bee/analysis/1463302803/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750477d-3a90-4eaa-8115-4aa302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:33.000Z" ,
"modified" : "2016-06-02T14:49:33.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 1f338bdd92f08803a2ac7022a34d98fd" ,
"pattern" : "[file:hashes.SHA256 = '750aa0302e59da6c3e853c89c76c5f44125394c34cb0a8c70d756b3064f7cdff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750477d-6c3c-4f7c-bb1e-404b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:33.000Z" ,
"modified" : "2016-06-02T14:49:33.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 1f338bdd92f08803a2ac7022a34d98fd" ,
"pattern" : "[file:hashes.SHA1 = '38ec222e82b538c8607485d4dd191b5b4eed4fdd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5750477e-9020-4f82-b088-416e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:34.000Z" ,
"modified" : "2016-06-02T14:49:34.000Z" ,
"first_observed" : "2016-06-02T14:49:34Z" ,
"last_observed" : "2016-06-02T14:49:34Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5750477e-9020-4f82-b088-416e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5750477e-9020-4f82-b088-416e02de0b81" ,
"value" : "https://www.virustotal.com/file/750aa0302e59da6c3e853c89c76c5f44125394c34cb0a8c70d756b3064f7cdff/analysis/1464877732/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750477e-57f8-49ad-9f54-4f0a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:34.000Z" ,
"modified" : "2016-06-02T14:49:34.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 874f7bcab71f4745ea6cda2e2fb5a78c" ,
"pattern" : "[file:hashes.SHA256 = '0539af1a0cc7f231af8f135920a990321529479f6534c3b64e571d490e1514c3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5750477f-bde8-4e9d-8a6c-4c7f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:35.000Z" ,
"modified" : "2016-06-02T14:49:35.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 874f7bcab71f4745ea6cda2e2fb5a78c" ,
"pattern" : "[file:hashes.SHA1 = '7e6cce889cda22b18defc6319d02b3b93e9e2474']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5750477f-e40c-402c-acba-429102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:35.000Z" ,
"modified" : "2016-06-02T14:49:35.000Z" ,
"first_observed" : "2016-06-02T14:49:35Z" ,
"last_observed" : "2016-06-02T14:49:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5750477f-e40c-402c-acba-429102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5750477f-e40c-402c-acba-429102de0b81" ,
"value" : "https://www.virustotal.com/file/0539af1a0cc7f231af8f135920a990321529479f6534c3b64e571d490e1514c3/analysis/1464877708/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504780-bfac-40e7-965a-487702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:36.000Z" ,
"modified" : "2016-06-02T14:49:36.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: ef2a97512fdb45cd26089ad2ff61f1cc" ,
"pattern" : "[file:hashes.SHA256 = '386ed16fece9cc24c4d123cdf91a371829098ba7abd4c8fefb40b4e376e7ac6a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504780-80c8-4d82-9fcf-41cf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:36.000Z" ,
"modified" : "2016-06-02T14:49:36.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: ef2a97512fdb45cd26089ad2ff61f1cc" ,
"pattern" : "[file:hashes.SHA1 = 'bcdac11106908c8c37f200c0e028b11c4a89adc9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57504780-64a0-4a17-b875-4f2902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:36.000Z" ,
"modified" : "2016-06-02T14:49:36.000Z" ,
"first_observed" : "2016-06-02T14:49:36Z" ,
"last_observed" : "2016-06-02T14:49:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57504780-64a0-4a17-b875-4f2902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57504780-64a0-4a17-b875-4f2902de0b81" ,
"value" : "https://www.virustotal.com/file/386ed16fece9cc24c4d123cdf91a371829098ba7abd4c8fefb40b4e376e7ac6a/analysis/1464877705/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504781-1110-4799-a73a-47e402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:37.000Z" ,
"modified" : "2016-06-02T14:49:37.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 3152f21d701a2397e7b22711b8019b82" ,
"pattern" : "[file:hashes.SHA256 = '882878f2bf5a67de3fde30816fe304e42f6ce18d0160674f6d4ec3b061b2821a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504781-ea48-4f48-9ff7-46dc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:37.000Z" ,
"modified" : "2016-06-02T14:49:37.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 3152f21d701a2397e7b22711b8019b82" ,
"pattern" : "[file:hashes.SHA1 = '97594fe0ad83ae00f3888ff4722a3e00729a2e1b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57504781-b830-4094-81bd-48cb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:37.000Z" ,
"modified" : "2016-06-02T14:49:37.000Z" ,
"first_observed" : "2016-06-02T14:49:37Z" ,
"last_observed" : "2016-06-02T14:49:37Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57504781-b830-4094-81bd-48cb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57504781-b830-4094-81bd-48cb02de0b81" ,
"value" : "https://www.virustotal.com/file/882878f2bf5a67de3fde30816fe304e42f6ce18d0160674f6d4ec3b061b2821a/analysis/1464877712/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504782-6e6c-4ec3-a8f4-416f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:38.000Z" ,
"modified" : "2016-06-02T14:49:38.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 9f37e1ea08e6a4ae03e9feba6d1f6259" ,
"pattern" : "[file:hashes.SHA256 = 'a7937011e9da51475e91ab1f007d09bd97dfb94d23683a0f73b7bb85de8f9b27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504782-5010-457e-9198-46e202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:38.000Z" ,
"modified" : "2016-06-02T14:49:38.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 9f37e1ea08e6a4ae03e9feba6d1f6259" ,
"pattern" : "[file:hashes.SHA1 = '8f28e619ae3301869089f4cd45558f2b13444714']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57504782-f5e0-4152-a3c7-4d0a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:38.000Z" ,
"modified" : "2016-06-02T14:49:38.000Z" ,
"first_observed" : "2016-06-02T14:49:38Z" ,
"last_observed" : "2016-06-02T14:49:38Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57504782-f5e0-4152-a3c7-4d0a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57504782-f5e0-4152-a3c7-4d0a02de0b81" ,
"value" : "https://www.virustotal.com/file/a7937011e9da51475e91ab1f007d09bd97dfb94d23683a0f73b7bb85de8f9b27/analysis/1464871938/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504783-f900-4e95-bdce-41b902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:39.000Z" ,
"modified" : "2016-06-02T14:49:39.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 75d118996f5190edafca1b1904a7eea8" ,
"pattern" : "[file:hashes.SHA256 = '2044712ceb99972d025716f0f16aa039550e22a63000d2885f7b7cd50f6834e0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504783-dad0-4fb6-a60d-4aef02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:39.000Z" ,
"modified" : "2016-06-02T14:49:39.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 75d118996f5190edafca1b1904a7eea8" ,
"pattern" : "[file:hashes.SHA1 = 'b99970e86ae3f412bda5f20a8318e70559c617f6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:39Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57504783-1260-4771-aec3-4b3402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:39.000Z" ,
"modified" : "2016-06-02T14:49:39.000Z" ,
"first_observed" : "2016-06-02T14:49:39Z" ,
"last_observed" : "2016-06-02T14:49:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57504783-1260-4771-aec3-4b3402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57504783-1260-4771-aec3-4b3402de0b81" ,
"value" : "https://www.virustotal.com/file/2044712ceb99972d025716f0f16aa039550e22a63000d2885f7b7cd50f6834e0/analysis/1464877725/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504784-1cfc-48d5-8fe8-464a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:40.000Z" ,
"modified" : "2016-06-02T14:49:40.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 957581fb38a4e76e84f60e2bb19b9499" ,
"pattern" : "[file:hashes.SHA256 = 'ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--57504784-5e84-4419-9644-484002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:40.000Z" ,
"modified" : "2016-06-02T14:49:40.000Z" ,
"description" : "Imported via the Freetext Import Tool - Xchecked via VT: 957581fb38a4e76e84f60e2bb19b9499" ,
"pattern" : "[file:hashes.SHA1 = '8fb1cafbb8ca65c1b8236a20079c40fb4ffbaa68']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-06-02T14:49:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--57504784-4cd4-4679-9f3c-4c8302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-06-02T14:49:40.000Z" ,
"modified" : "2016-06-02T14:49:40.000Z" ,
"first_observed" : "2016-06-02T14:49:40Z" ,
"last_observed" : "2016-06-02T14:49:40Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--57504784-4cd4-4679-9f3c-4c8302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--57504784-4cd4-4679-9f3c-4c8302de0b81" ,
"value" : "https://www.virustotal.com/file/ed7a5e48113b1fd206e6a8c46671eb37dab864d1bd6fe44714a0ae377cf1248a/analysis/1464877728/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
