misp-circl-feed/feeds/circl/misp/5797537b-6d80-4d28-ab2a-4d8a950d210f.json

4710 lines
199 KiB
JSON
Raw Normal View History

2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5797537b-6d80-4d28-ab2a-4d8a950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:29:00.000Z",
"modified": "2016-07-26T12:29:00.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5797537b-6d80-4d28-ab2a-4d8a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:29:00.000Z",
"modified": "2016-07-26T12:29:00.000Z",
"name": "OSINT - Patchwork cyberespionage group expands targets from governments to wide range of industries",
"published": "2016-07-26T12:37:10Z",
"object_refs": [
"x-misp-attribute--5797545e-48c4-4130-963a-452b950d210f",
"observed-data--5797546b-bc80-4eb2-9610-4608950d210f",
"url--5797546b-bc80-4eb2-9610-4608950d210f",
"indicator--57975487-55f4-4f19-9708-4f0f950d210f",
"indicator--57975488-80cc-487c-8601-4039950d210f",
"indicator--57975488-1184-4a33-9efa-4217950d210f",
"indicator--57975488-13dc-4105-a595-4d90950d210f",
"indicator--57975488-79c8-4733-94f5-4dac950d210f",
"indicator--57975489-c954-4314-aaf3-4b0a950d210f",
"indicator--57975489-1298-4c90-8d6b-4d23950d210f",
"indicator--57975489-b4e4-4ccb-9df7-4678950d210f",
"indicator--57975489-d574-43d5-b0cc-45e0950d210f",
"indicator--57975489-1b10-498f-abde-4f4f950d210f",
"indicator--5797548a-e408-4c05-85cf-4ce9950d210f",
"indicator--5797548a-ec98-4902-b3a3-450f950d210f",
"indicator--5797548a-eb9c-47fc-9d02-4295950d210f",
"indicator--5797548a-f4e0-401e-8c1c-4d27950d210f",
"indicator--5797548b-90c0-4765-9180-43a4950d210f",
"indicator--5797548b-2114-426f-acc5-4a35950d210f",
"indicator--5797548b-49dc-4677-8f01-43d0950d210f",
"indicator--5797548b-d3a8-4737-8d88-4f2f950d210f",
"indicator--5797548b-5664-4229-8207-40f0950d210f",
"indicator--5797548c-b6b4-49d3-9578-4ce1950d210f",
"indicator--5797548c-97d8-41aa-a48d-4e3e950d210f",
"indicator--579754b0-2d60-4fe7-9b65-47b7950d210f",
"indicator--579754b0-bd24-485a-ac9a-4dcf950d210f",
"indicator--579754b1-1404-4402-929e-406f950d210f",
"indicator--579754b1-80f8-43c8-8a81-4823950d210f",
"indicator--579754b1-1320-4c86-a327-4dff950d210f",
"indicator--579754b1-1ad4-4ecd-b2b9-4aa0950d210f",
"indicator--579754b1-cc2c-453e-b03a-42e1950d210f",
"indicator--579754b2-f8ac-4e35-bfd9-44e9950d210f",
"indicator--579754b2-636c-4fcb-81bc-4100950d210f",
"indicator--579754b2-f9ac-4534-8463-4ce6950d210f",
"indicator--579754b2-f880-4580-831f-43cd950d210f",
"indicator--579754b3-9718-44dc-98c2-4abf950d210f",
"indicator--579754b3-fb10-47ef-ab33-47cb950d210f",
"indicator--579754b3-a724-41f5-9bf7-4503950d210f",
"indicator--579754b3-54ec-4599-a1b7-4ef8950d210f",
"indicator--579754b3-fd88-46cc-9d02-4d11950d210f",
"indicator--579754b3-b1cc-4d29-86ad-4a44950d210f",
"indicator--579754b4-5ea0-40b6-9cdc-411f950d210f",
"indicator--579754b4-0858-4899-8bbe-4f5f950d210f",
"indicator--579754b4-cfb8-4815-8b90-4016950d210f",
"indicator--579754b4-3b54-432e-b090-459f950d210f",
"indicator--579754b4-f750-4210-bc24-45c8950d210f",
"indicator--579754b5-6f04-4abf-9639-473e950d210f",
"indicator--579754b5-c370-47c2-b672-4d89950d210f",
"indicator--579754b5-e3c4-4a8f-a7b8-46df950d210f",
"indicator--579754b5-69fc-4154-897a-47a9950d210f",
"indicator--579754b5-ed8c-42bd-86e8-47c5950d210f",
"indicator--579754b6-5460-4ef7-a6f4-4dd5950d210f",
"indicator--579754b6-0118-4d82-ba1e-49db950d210f",
"indicator--579754b6-3ffc-45bd-8b8a-4344950d210f",
"indicator--579754b6-797c-4fbd-91b8-4057950d210f",
"indicator--579754b6-1e1c-43fa-8b42-4ca5950d210f",
"indicator--579754b7-50d0-4d62-ac9c-4f14950d210f",
"indicator--579754b7-c928-4998-a79e-4656950d210f",
"indicator--579754b7-2f7c-467f-981d-4a13950d210f",
"indicator--57975522-8fec-4fcf-b790-4706950d210f",
"indicator--57975522-78e4-4b54-bec3-4e31950d210f",
"indicator--57975522-7a64-4c5f-abd5-4f70950d210f",
"indicator--57975523-6350-4969-b6f0-4365950d210f",
"indicator--57975523-b260-4521-aacc-43cf950d210f",
"indicator--57975524-c948-489f-bb6b-45e7950d210f",
"indicator--5797553e-6cbc-4c5e-a603-4450950d210f",
"x-misp-attribute--5797553e-1cfc-4120-9569-42a3950d210f",
"indicator--5797553f-0dd4-43d4-915c-4b92950d210f",
"indicator--5797553f-9bc4-4955-8bd0-4741950d210f",
"indicator--5797553f-dbd4-4e64-b7d8-42b3950d210f",
"indicator--5797553f-9e30-42e2-9ab6-49d5950d210f",
"indicator--57975540-f9f0-4e3c-b3e5-49e5950d210f",
"indicator--57975540-936c-4984-aa17-4fe2950d210f",
"indicator--57975540-46b8-4c36-bd7b-44ee950d210f",
"indicator--57975540-92dc-4936-95fc-4c0b950d210f",
"indicator--57975540-284c-4836-9ae1-4477950d210f",
"indicator--57975541-f388-482a-8f7c-4a8b950d210f",
"indicator--57975541-0034-456e-a724-4682950d210f",
"indicator--579755bb-6b1c-452d-a99d-46d9950d210f",
"indicator--579755bb-d34c-4ea5-b16f-4054950d210f",
"indicator--579755bb-ebf0-4a6b-acd2-41c2950d210f",
"indicator--579755bb-b370-42d7-982c-462e950d210f",
"indicator--579755bc-f610-4f11-ac9f-446d950d210f",
"indicator--579755bc-19b8-46b0-acff-4853950d210f",
"indicator--579755bc-a5a4-4cca-a4bc-4bcd950d210f",
"indicator--579755bc-1070-44a2-a90e-4a1f950d210f",
"indicator--579755bc-51dc-4d84-b24e-4cc4950d210f",
"indicator--579755bd-5984-48c1-b927-4c8c950d210f",
"indicator--579755bd-69b8-489b-8feb-4b2a950d210f",
"indicator--579755bd-71dc-48e6-ba41-41f0950d210f",
"indicator--579755bd-fec0-4c03-bb7b-4f68950d210f",
"indicator--579755be-7e90-42e7-a6d5-4636950d210f",
"indicator--579755be-e658-4d2a-b859-4f19950d210f",
"indicator--579755be-8bd0-4350-ac3e-41d9950d210f",
"indicator--57975612-65b0-4380-b001-462902de0b81",
"indicator--57975612-425c-48cd-8b21-4efe02de0b81",
"observed-data--57975613-f958-4d4a-ab36-46ae02de0b81",
"url--57975613-f958-4d4a-ab36-46ae02de0b81",
"indicator--57975613-b504-4b7d-a762-4b6102de0b81",
"indicator--57975613-5a9c-42ee-9f80-4deb02de0b81",
"observed-data--57975613-c2e0-43fb-b3c3-4e8602de0b81",
"url--57975613-c2e0-43fb-b3c3-4e8602de0b81",
"indicator--57975613-95bc-4ccc-a774-4eaa02de0b81",
"indicator--57975614-81f4-4181-b51c-47fb02de0b81",
"observed-data--57975614-8080-45c1-b7fe-428b02de0b81",
"url--57975614-8080-45c1-b7fe-428b02de0b81",
"indicator--57975614-afe4-4a8a-86b1-4c3e02de0b81",
"indicator--57975614-bc0c-4000-90c0-4afa02de0b81",
"observed-data--57975615-1430-4a30-8e24-4e4702de0b81",
"url--57975615-1430-4a30-8e24-4e4702de0b81",
"indicator--57975615-0140-4dd2-8102-421402de0b81",
"indicator--57975615-d198-418b-b3bd-46ae02de0b81",
"observed-data--57975615-849c-411d-8a60-4e7f02de0b81",
"url--57975615-849c-411d-8a60-4e7f02de0b81",
"indicator--57975615-cb30-494b-9f14-499402de0b81",
"indicator--57975616-9c80-4a73-85e1-4aac02de0b81",
"observed-data--57975616-61bc-4a41-89b4-405402de0b81",
"url--57975616-61bc-4a41-89b4-405402de0b81",
"indicator--57975616-8828-497c-a363-4cf102de0b81",
"indicator--57975616-7c9c-438d-99ef-4bda02de0b81",
"observed-data--57975617-11d4-4822-952a-4c8b02de0b81",
"url--57975617-11d4-4822-952a-4c8b02de0b81",
"indicator--57975617-c5c0-4363-af59-439f02de0b81",
"indicator--57975617-4c60-4cfe-a93b-454902de0b81",
"observed-data--57975617-7150-4f06-88d6-4c8402de0b81",
"url--57975617-7150-4f06-88d6-4c8402de0b81",
"indicator--57975617-7704-4e28-a60f-4f5802de0b81",
"indicator--57975618-e68c-4d7f-9fb2-4c6e02de0b81",
"observed-data--57975618-9258-47a9-a454-48a602de0b81",
"url--57975618-9258-47a9-a454-48a602de0b81",
"indicator--57975618-36f4-4f47-8b24-403b02de0b81",
"indicator--57975618-cd48-4abe-a930-4fa702de0b81",
"observed-data--57975618-e028-4a85-b372-46ff02de0b81",
"url--57975618-e028-4a85-b372-46ff02de0b81",
"indicator--57975619-2f38-410e-9bc8-47b502de0b81",
"indicator--57975619-4d90-4f30-a0a5-41cd02de0b81",
"observed-data--57975619-b630-46a2-b7d5-4eeb02de0b81",
"url--57975619-b630-46a2-b7d5-4eeb02de0b81",
"indicator--57975619-9734-4819-92b7-40bb02de0b81",
"indicator--57975619-fee8-47c0-b4c7-444302de0b81",
"observed-data--57975619-cb00-47d2-a913-474902de0b81",
"url--57975619-cb00-47d2-a913-474902de0b81",
"indicator--5797561a-ecb4-4e39-b4b0-497502de0b81",
"indicator--5797561a-f660-4183-beaa-434a02de0b81",
"observed-data--5797561a-4384-4105-9709-41d202de0b81",
"url--5797561a-4384-4105-9709-41d202de0b81",
"indicator--5797561a-bcd4-4f5a-9a0f-4e2e02de0b81",
"indicator--5797561a-949c-47da-a5d4-45ef02de0b81",
"observed-data--5797561b-bf64-435a-aa1d-44fc02de0b81",
"url--5797561b-bf64-435a-aa1d-44fc02de0b81",
"indicator--5797561b-df04-4922-8bf7-47db02de0b81",
"indicator--5797561b-18e8-42ef-9990-4c6202de0b81",
"observed-data--5797561b-fd14-472d-b2e1-4a9c02de0b81",
"url--5797561b-fd14-472d-b2e1-4a9c02de0b81",
"indicator--5797561b-0854-458e-a43f-429202de0b81",
"indicator--5797561c-1de4-433b-b56c-4c3f02de0b81",
"observed-data--5797561c-4704-4043-80bd-47d602de0b81",
"url--5797561c-4704-4043-80bd-47d602de0b81",
"indicator--5797561c-e7c4-4aa8-8a6c-45dd02de0b81",
"indicator--5797561c-34c0-462c-9791-430f02de0b81",
"observed-data--5797561d-e710-4d6d-9f37-44e102de0b81",
"url--5797561d-e710-4d6d-9f37-44e102de0b81",
"indicator--5797561d-7a90-4124-ac02-4e3702de0b81",
"indicator--5797561d-1ea8-4a01-ad56-4b8002de0b81",
"observed-data--5797561d-56f0-4f79-b213-402602de0b81",
"url--5797561d-56f0-4f79-b213-402602de0b81",
"indicator--5797561d-bb88-478f-88a7-464c02de0b81",
"indicator--5797561e-34ac-44d6-b0f6-4ca602de0b81",
"observed-data--5797561e-3688-4a88-af66-496a02de0b81",
"url--5797561e-3688-4a88-af66-496a02de0b81",
"indicator--5797561e-a138-4529-9288-473702de0b81",
"indicator--5797561e-a3a8-4bb9-a6fc-4e0402de0b81",
"observed-data--5797561e-9ad0-44b0-aa61-414402de0b81",
"url--5797561e-9ad0-44b0-aa61-414402de0b81",
"indicator--5797561f-00f4-42c4-8cf4-4aeb02de0b81",
"indicator--5797561f-8fb8-4712-b7e7-4bbb02de0b81",
"observed-data--5797561f-5084-4c7d-a0e4-458102de0b81",
"url--5797561f-5084-4c7d-a0e4-458102de0b81",
"indicator--5797561f-2d6c-40eb-84af-42b702de0b81",
"indicator--5797561f-0360-4cc5-9264-496e02de0b81",
"observed-data--5797561f-ee14-4d1e-b137-405e02de0b81",
"url--5797561f-ee14-4d1e-b137-405e02de0b81",
"indicator--57975620-fd00-49e6-be32-406502de0b81",
"indicator--57975620-15f4-4d07-acf4-4ecb02de0b81",
"observed-data--57975620-1794-4b83-9444-4f8002de0b81",
"url--57975620-1794-4b83-9444-4f8002de0b81",
"indicator--57975620-152c-4372-86de-495302de0b81",
"indicator--57975620-1088-4e9e-be82-4ef702de0b81",
"observed-data--57975621-2824-43fa-a90f-4b6f02de0b81",
"url--57975621-2824-43fa-a90f-4b6f02de0b81",
"indicator--57975621-5ef8-41ce-a4f6-4abb02de0b81",
"indicator--57975621-cbe0-43f2-b50c-414802de0b81",
"observed-data--57975621-3f9c-4cf2-b5cb-4dd502de0b81",
"url--57975621-3f9c-4cf2-b5cb-4dd502de0b81",
"indicator--57975621-64c0-4e87-b699-445502de0b81",
"indicator--57975622-7924-40d4-b886-48e402de0b81",
"observed-data--57975622-e57c-462c-af76-4be302de0b81",
"url--57975622-e57c-462c-af76-4be302de0b81",
"indicator--57975622-687c-4cf6-8637-435b02de0b81",
"indicator--57975622-9068-4870-ab8c-4d8a02de0b81",
"observed-data--57975622-3090-4fa5-a399-4ca602de0b81",
"url--57975622-3090-4fa5-a399-4ca602de0b81",
"indicator--57975623-9840-4ac9-a0d4-487702de0b81",
"indicator--57975623-b670-4b49-aaf2-483502de0b81",
"observed-data--57975623-4d64-41f7-a1db-48fe02de0b81",
"url--57975623-4d64-41f7-a1db-48fe02de0b81",
"indicator--57975623-24dc-467c-ba30-436702de0b81",
"indicator--57975623-c8c0-4beb-bde6-4f0d02de0b81",
"observed-data--57975624-d77c-4f01-8711-433302de0b81",
"url--57975624-d77c-4f01-8711-433302de0b81",
"indicator--57975624-dcc4-408e-b4e3-43b002de0b81",
"indicator--57975624-aa64-4ab1-ac4e-4b9e02de0b81",
"observed-data--57975624-16e4-49aa-9a7a-434702de0b81",
"url--57975624-16e4-49aa-9a7a-434702de0b81",
"indicator--57975624-ce20-42f4-8932-458102de0b81",
"indicator--57975625-937c-40da-bbf0-45ea02de0b81",
"observed-data--57975625-7024-4664-b88b-45a002de0b81",
"url--57975625-7024-4664-b88b-45a002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5797545e-48c4-4130-963a-452b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:15:26.000Z",
"modified": "2016-07-26T12:15:26.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "The Patchwork attack group has been targeting more than just government-associated organizations. Our research into the group found that it\u00e2\u20ac\u2122s been attacking a broad range of industries, including aviation, broadcasting, and finance, to drop back door Trojans.\r\n\r\nSymantec Security Response has been actively monitoring Patchwork, also known as Dropping Elephant, which uses Chinese-themed content as bait to compromise its targets\u00e2\u20ac\u2122 networks. Two security companies, Cymmetria and Kaspersky, each recently released reports on the campaign, most of which are in line with our observations."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797546b-bc80-4eb2-9610-4608950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:15:39.000Z",
"modified": "2016-07-26T12:15:39.000Z",
"first_observed": "2016-07-26T12:15:39Z",
"last_observed": "2016-07-26T12:15:39Z",
"number_observed": 1,
"object_refs": [
"url--5797546b-bc80-4eb2-9610-4608950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797546b-bc80-4eb2-9610-4608950d210f",
"value": "http://www.symantec.com/connect/blogs/patchwork-cyberespionage-group-expands-targets-governments-wide-range-industries"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975487-55f4-4f19-9708-4f0f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:07.000Z",
"modified": "2016-07-26T12:16:07.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'chinastrats.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975488-80cc-487c-8601-4039950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:08.000Z",
"modified": "2016-07-26T12:16:08.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'epg-cn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975488-1184-4a33-9efa-4217950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:08.000Z",
"modified": "2016-07-26T12:16:08.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'extremebolt.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975488-13dc-4105-a595-4d90950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:08.000Z",
"modified": "2016-07-26T12:16:08.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'info81.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975488-79c8-4733-94f5-4dac950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:08.000Z",
"modified": "2016-07-26T12:16:08.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'lujunxinxi.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975489-c954-4314-aaf3-4b0a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:09.000Z",
"modified": "2016-07-26T12:16:09.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'militaryworkerscn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975489-1298-4c90-8d6b-4d23950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:09.000Z",
"modified": "2016-07-26T12:16:09.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'milresearchcn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975489-b4e4-4ccb-9df7-4678950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:09.000Z",
"modified": "2016-07-26T12:16:09.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'modgovcn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975489-d574-43d5-b0cc-45e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:09.000Z",
"modified": "2016-07-26T12:16:09.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'newsnstat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975489-1b10-498f-abde-4f4f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:09.000Z",
"modified": "2016-07-26T12:16:09.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'nudtcn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548a-e408-4c05-85cf-4ce9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:10.000Z",
"modified": "2016-07-26T12:16:10.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'socialfreakzz.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548a-ec98-4902-b3a3-450f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:10.000Z",
"modified": "2016-07-26T12:16:10.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = '81-cn.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548a-eb9c-47fc-9d02-4295950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:10.000Z",
"modified": "2016-07-26T12:16:10.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'cnmilit.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548a-f4e0-401e-8c1c-4d27950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:10.000Z",
"modified": "2016-07-26T12:16:10.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'nduformation.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548b-90c0-4765-9180-43a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:11.000Z",
"modified": "2016-07-26T12:16:11.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'expatchina.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548b-2114-426f-acc5-4a35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:11.000Z",
"modified": "2016-07-26T12:16:11.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'climaxcn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548b-49dc-4677-8f01-43d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:11.000Z",
"modified": "2016-07-26T12:16:11.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'miltechcn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548b-d3a8-4737-8d88-4f2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:11.000Z",
"modified": "2016-07-26T12:16:11.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'miltechweb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548b-5664-4229-8207-40f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:11.000Z",
"modified": "2016-07-26T12:16:11.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[domain-name:value = 'securematrixx.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548c-b6b4-49d3-9578-4ce1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:12.000Z",
"modified": "2016-07-26T12:16:12.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.166.163.242']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797548c-97d8-41aa-a48d-4e3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:12.000Z",
"modified": "2016-07-26T12:16:12.000Z",
"description": "Suspected domains and IP addresses",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.129.13.110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b0-2d60-4fe7-9b65-47b7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:48.000Z",
"modified": "2016-07-26T12:16:48.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '0bbff4654d0c4551c58376e6a99dfda0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b0-bd24-485a-ac9a-4dcf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:48.000Z",
"modified": "2016-07-26T12:16:48.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '1de10c5bc704d3eaf4f0cfa5ddd63f2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b1-1404-4402-929e-406f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:49.000Z",
"modified": "2016-07-26T12:16:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'MilitaryReforms2.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b1-80f8-43c8-8a81-4823950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:49.000Z",
"modified": "2016-07-26T12:16:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '2ba26a9cc1af4479e99dcc6a0e7d5d67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b1-1320-4c86-a327-4dff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:49.000Z",
"modified": "2016-07-26T12:16:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = '2016_China_Military_PowerReport.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b1-1ad4-4ecd-b2b9-4aa0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:49.000Z",
"modified": "2016-07-26T12:16:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '375f240df2718fc3e0137e109eef57ee']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b1-cc2c-453e-b03a-42e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:49.000Z",
"modified": "2016-07-26T12:16:49.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'PLA_UAV_DEPLOYMENT.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b2-f8ac-4e35-bfd9-44e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:50.000Z",
"modified": "2016-07-26T12:16:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '38e71afcdd6236ac3ad24bda393a81c6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b2-636c-4fcb-81bc-4100950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:50.000Z",
"modified": "2016-07-26T12:16:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'militarizationofsouthchinasea_1.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b2-f9ac-4534-8463-4ce6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:50.000Z",
"modified": "2016-07-26T12:16:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '3e9d1526addf2ca6b09e2fdb5fd4978f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b2-f880-4580-831f-43cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:50.000Z",
"modified": "2016-07-26T12:16:50.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'How_to_easily_clean_an_infected_computer.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b3-9718-44dc-98c2-4abf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:51.000Z",
"modified": "2016-07-26T12:16:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '475c29ed9373e2c04b7c3df6766761eb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b3-fb10-47ef-ab33-47cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:51.000Z",
"modified": "2016-07-26T12:16:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'PLA_Forthcoming_Revolution_in_Doctrinal_Affairs.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b3-a724-41f5-9bf7-4503950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:51.000Z",
"modified": "2016-07-26T12:16:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '4dbb8ad1776af25a5832e92b12d4bfff']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b3-54ec-4599-a1b7-4ef8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:51.000Z",
"modified": "2016-07-26T12:16:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'maritime_dispute.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b3-fd88-46cc-9d02-4d11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:51.000Z",
"modified": "2016-07-26T12:16:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'Clingendael_Report_South_China_Sea.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b3-b1cc-4d29-86ad-4a44950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:51.000Z",
"modified": "2016-07-26T12:16:51.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '543d402a56406c93b68622a7e392728d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b4-5ea0-40b6-9cdc-411f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:52.000Z",
"modified": "2016-07-26T12:16:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '551e244aa85b92fe470ed2eac9d8808a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b4-0858-4899-8bbe-4f5f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:52.000Z",
"modified": "2016-07-26T12:16:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'Assessing_PLA_Organisational_Reforms.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b4-cfb8-4815-8b90-4016950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:52.000Z",
"modified": "2016-07-26T12:16:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '6877e60f141793287169125a08e36941']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b4-3b54-432e-b090-459f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:52.000Z",
"modified": "2016-07-26T12:16:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '6d8534597ae05d2151d848d2e6427f9e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b4-f750-4210-bc24-45c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:52.000Z",
"modified": "2016-07-26T12:16:52.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'cn-lshc-hospital-operations-excellence.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b5-6f04-4abf-9639-473e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:53.000Z",
"modified": "2016-07-26T12:16:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '74fea3e542add0f301756581d1f16126']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b5-c370-47c2-b672-4d89950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:53.000Z",
"modified": "2016-07-26T12:16:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'Clingendael_Report_South_China_Sea_20160517Downloaded.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b5-e3c4-4a8f-a7b8-46df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:53.000Z",
"modified": "2016-07-26T12:16:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '812a856288a03787d85d2cb9c1e1b3ba']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b5-69fc-4154-897a-47a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:53.000Z",
"modified": "2016-07-26T12:16:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = '8f7b1f320823893e159f6ebfb8ce3e78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b5-ed8c-42bd-86e8-47c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:53.000Z",
"modified": "2016-07-26T12:16:53.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = 'b163e3906b3521a407910aeefd055f03']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b6-5460-4ef7-a6f4-4dd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:54.000Z",
"modified": "2016-07-26T12:16:54.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'china_security_report_2016.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b6-0118-4d82-ba1e-49db950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:54.000Z",
"modified": "2016-07-26T12:16:54.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = 'd456bbf44d73b1f0f2d1119f16993e93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b6-3ffc-45bd-8b8a-4344950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:54.000Z",
"modified": "2016-07-26T12:16:54.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = 'e7b4511cba3bba6983c43c9f9014a49d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b6-797c-4fbd-91b8-4057950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:54.000Z",
"modified": "2016-07-26T12:16:54.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'netflix2.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b6-1e1c-43fa-8b42-4ca5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:54.000Z",
"modified": "2016-07-26T12:16:54.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = 'ebfa776a91de20674a4ae55294d85087']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b7-50d0-4d62-ac9c-4f14950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:55.000Z",
"modified": "2016-07-26T12:16:55.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'Chinese_Influence_Faces_2.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b7-c928-4998-a79e-4656950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:55.000Z",
"modified": "2016-07-26T12:16:55.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:hashes.MD5 = 'eefcef704b1a7bea6e92dc8711cfd35e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579754b7-2f7c-467f-981d-4a13950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:16:55.000Z",
"modified": "2016-07-26T12:16:55.000Z",
"description": "Imported via the Freetext Import Tool",
"pattern": "[file:name = 'Top_Five_AF.pps']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:16:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975522-8fec-4fcf-b790-4706950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:26:52.000Z",
"modified": "2016-07-26T12:26:52.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'China_Vietnam_Military_Clash.doc' AND file:hashes.MD5 = '3d852dea971ced1481169d8f66542dc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:26:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975522-78e4-4b54-bec3-4e31950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:27:23.000Z",
"modified": "2016-07-26T12:27:23.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'Cyber_Crime_bill.doc' AND file:hashes.MD5 = '4ff89d5341ac36eb9bed79e7afe04cb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:27:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975522-7a64-4c5f-abd5-4f70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:27:38.000Z",
"modified": "2016-07-26T12:27:38.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'china_report_EN_web_2016_A01.doc' AND file:hashes.MD5 = '7012f07e82092ab2daede774b9000d64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:27:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975523-6350-4969-b6f0-4365950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:28:44.000Z",
"modified": "2016-07-26T12:28:44.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'Cyber_Crime_bill.doc' AND file:hashes.MD5 = '735f0fbe44b70e184665aed8d1b2c117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:28:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975523-b260-4521-aacc-43cf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:29:00.000Z",
"modified": "2016-07-26T12:29:00.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'PLA_Forthcoming_Revolution_in_Doctrinal_Affairs2.doc' AND file:hashes.MD5 = 'e5685462d8a2825e124193de9fa269d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:29:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975524-c948-489f-bb6b-45e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:27:10.000Z",
"modified": "2016-07-26T12:27:10.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'Job_offers.doc' AND file:hashes.MD5 = 'f5c81526acbd830da2f533ae93deb1e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:27:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797553e-6cbc-4c5e-a603-4450950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:10.000Z",
"modified": "2016-07-26T12:19:10.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = '2099fcd4a81817171649cb38dac0fb2a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5797553e-1cfc-4120-9569-42a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:46.000Z",
"modified": "2016-07-26T12:19:46.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Trojan.Mdropper"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797553f-0dd4-43d4-915c-4b92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:11.000Z",
"modified": "2016-07-26T12:19:11.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = '3d852dea971ced1481169d8f66542dc5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797553f-9bc4-4955-8bd0-4741950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:25:28.000Z",
"modified": "2016-07-26T12:25:28.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'China_Vietnam_Military_Clash.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:25:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797553f-dbd4-4e64-b7d8-42b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:11.000Z",
"modified": "2016-07-26T12:19:11.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = '4ff89d5341ac36eb9bed79e7afe04cb3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797553f-9e30-42e2-9ab6-49d5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:25:58.000Z",
"modified": "2016-07-26T12:25:58.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'Cyber_Crime_bill.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:25:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975540-f9f0-4e3c-b3e5-49e5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:12.000Z",
"modified": "2016-07-26T12:19:12.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = '7012f07e82092ab2daede774b9000d64']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975540-936c-4984-aa17-4fe2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:26:15.000Z",
"modified": "2016-07-26T12:26:15.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'china_report_EN_web_2016_A01.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:26:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975540-46b8-4c36-bd7b-44ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:12.000Z",
"modified": "2016-07-26T12:19:12.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = '735f0fbe44b70e184665aed8d1b2c117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975540-92dc-4936-95fc-4c0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:12.000Z",
"modified": "2016-07-26T12:19:12.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = '7796ae46da0049057abd5cfb9798e494']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975540-284c-4836-9ae1-4477950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:12.000Z",
"modified": "2016-07-26T12:19:12.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = 'e5685462d8a2825e124193de9fa269d9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975541-f388-482a-8f7c-4a8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:26:36.000Z",
"modified": "2016-07-26T12:26:36.000Z",
"description": "Malicious rich text files associated with this campaign",
"pattern": "[file:name = 'PLA_Forthcoming_Revolution_in_Doctrinal_Affairs2.doc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:26:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975541-0034-456e-a724-4682950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:19:13.000Z",
"modified": "2016-07-26T12:19:13.000Z",
"description": "Malicious PowerPoint slides associated with this campaign",
"pattern": "[file:hashes.MD5 = 'f5c81526acbd830da2f533ae93deb1e1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:19:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bb-6b1c-452d-a99d-46d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:15.000Z",
"modified": "2016-07-26T12:21:15.000Z",
"description": "Backdoor.Steladok",
"pattern": "[file:hashes.MD5 = '0f09e24a8d57fb8b1a8cc51c07ebbe3f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bb-d34c-4ea5-b16f-4054950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:15.000Z",
"modified": "2016-07-26T12:21:15.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = '233a71ea802af564dd1ab38e62236633']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bb-ebf0-4a6b-acd2-41c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:15.000Z",
"modified": "2016-07-26T12:21:15.000Z",
"description": "Backdoor.Steladok",
"pattern": "[file:hashes.MD5 = '2c0efa57eeffed228eb09ee97df1445a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bb-b370-42d7-982c-462e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:15.000Z",
"modified": "2016-07-26T12:21:15.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = '3ac28869c83d20f9b18ebbd9ea3a9155']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bc-f610-4f11-ac9f-446d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:16.000Z",
"modified": "2016-07-26T12:21:16.000Z",
"description": "Trojan.Gen.2",
"pattern": "[file:hashes.MD5 = '465de3db14158005ede000f7c0f16efe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bc-19b8-46b0-acff-4853950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:16.000Z",
"modified": "2016-07-26T12:21:16.000Z",
"description": "Trojan.Gen.2",
"pattern": "[file:hashes.MD5 = '4fca01f852410ea1413a876df339a36d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bc-a5a4-4cca-a4bc-4bcd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:16.000Z",
"modified": "2016-07-26T12:21:16.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = '61e0f4ecb3d7c56ea06b8f609fd2bf13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bc-1070-44a2-a90e-4a1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:16.000Z",
"modified": "2016-07-26T12:21:16.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = '6b335a77203b566d92c726b939b8d8c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bc-51dc-4d84-b24e-4cc4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:16.000Z",
"modified": "2016-07-26T12:21:16.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = 'a4fb5a6765cb8a30a8393d608c39d9f7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bd-5984-48c1-b927-4c8c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:17.000Z",
"modified": "2016-07-26T12:21:17.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = 'b594a4d3f7183c3af155375f81ad6c3d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bd-69b8-489b-8feb-4b2a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:17.000Z",
"modified": "2016-07-26T12:21:17.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = 'b7433c57a7111457506f85bdf6592d18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bd-71dc-48e6-ba41-41f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:17.000Z",
"modified": "2016-07-26T12:21:17.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = 'c575f9b40cf6e6141f0ee40c8a544fb8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755bd-fec0-4c03-bb7b-4f68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:17.000Z",
"modified": "2016-07-26T12:21:17.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = 'd8102a24ca00ef3db7d942912765441e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755be-7e90-42e7-a6d5-4636950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:18.000Z",
"modified": "2016-07-26T12:21:18.000Z",
"description": "Backdoor.Steladok",
"pattern": "[file:hashes.MD5 = 'f47484e6705e52a115a3684832296b39']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755be-e658-4d2a-b859-4f19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:18.000Z",
"modified": "2016-07-26T12:21:18.000Z",
"description": "Backodor.Enfourks",
"pattern": "[file:hashes.MD5 = 'f7ce9894c1c99ce64455155377446d9c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--579755be-8bd0-4350-ac3e-41d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:21:18.000Z",
"modified": "2016-07-26T12:21:18.000Z",
"description": "infostealer",
"pattern": "[file:hashes.MD5 = 'ffab6174860af9a7c3b37a7f1fb8f381']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:21:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975612-65b0-4380-b001-462902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:42.000Z",
"modified": "2016-07-26T12:22:42.000Z",
"description": "Backdoor.Steladok - Xchecked via VT: f47484e6705e52a115a3684832296b39",
"pattern": "[file:hashes.SHA256 = 'e0d32df8cc527f8a183550456e3ec5bac6d4aa86576605bb1b770648b1c101b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975612-425c-48cd-8b21-4efe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:42.000Z",
"modified": "2016-07-26T12:22:42.000Z",
"description": "Backdoor.Steladok - Xchecked via VT: f47484e6705e52a115a3684832296b39",
"pattern": "[file:hashes.SHA1 = 'b362d1d91ed93eebb03d240553153f2148209d3a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975613-f958-4d4a-ab36-46ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:43.000Z",
"modified": "2016-07-26T12:22:43.000Z",
"first_observed": "2016-07-26T12:22:43Z",
"last_observed": "2016-07-26T12:22:43Z",
"number_observed": 1,
"object_refs": [
"url--57975613-f958-4d4a-ab36-46ae02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975613-f958-4d4a-ab36-46ae02de0b81",
"value": "https://www.virustotal.com/file/e0d32df8cc527f8a183550456e3ec5bac6d4aa86576605bb1b770648b1c101b5/analysis/1469513487/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975613-b504-4b7d-a762-4b6102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:43.000Z",
"modified": "2016-07-26T12:22:43.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: d8102a24ca00ef3db7d942912765441e",
"pattern": "[file:hashes.SHA256 = '56bad93d98a01a820555357beb03a691f523ebb289b9c821ad85ee65137d29f9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975613-5a9c-42ee-9f80-4deb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:43.000Z",
"modified": "2016-07-26T12:22:43.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: d8102a24ca00ef3db7d942912765441e",
"pattern": "[file:hashes.SHA1 = '83a5074c677a96f1c9f67b758e5e399e401dde41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975613-c2e0-43fb-b3c3-4e8602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:43.000Z",
"modified": "2016-07-26T12:22:43.000Z",
"first_observed": "2016-07-26T12:22:43Z",
"last_observed": "2016-07-26T12:22:43Z",
"number_observed": 1,
"object_refs": [
"url--57975613-c2e0-43fb-b3c3-4e8602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975613-c2e0-43fb-b3c3-4e8602de0b81",
"value": "https://www.virustotal.com/file/56bad93d98a01a820555357beb03a691f523ebb289b9c821ad85ee65137d29f9/analysis/1469513480/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975613-95bc-4ccc-a774-4eaa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:43.000Z",
"modified": "2016-07-26T12:22:43.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: c575f9b40cf6e6141f0ee40c8a544fb8",
"pattern": "[file:hashes.SHA256 = 'f65eeb136e23d06b54b15834ad15d4bcd2cd51af9e8c134da32da02bdcb68996']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975614-81f4-4181-b51c-47fb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:44.000Z",
"modified": "2016-07-26T12:22:44.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: c575f9b40cf6e6141f0ee40c8a544fb8",
"pattern": "[file:hashes.SHA1 = 'd09ed8c4b5ad43fb4a6d13a96c2cd083b8795692']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975614-8080-45c1-b7fe-428b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:44.000Z",
"modified": "2016-07-26T12:22:44.000Z",
"first_observed": "2016-07-26T12:22:44Z",
"last_observed": "2016-07-26T12:22:44Z",
"number_observed": 1,
"object_refs": [
"url--57975614-8080-45c1-b7fe-428b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975614-8080-45c1-b7fe-428b02de0b81",
"value": "https://www.virustotal.com/file/f65eeb136e23d06b54b15834ad15d4bcd2cd51af9e8c134da32da02bdcb68996/analysis/1469513481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975614-afe4-4a8a-86b1-4c3e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:44.000Z",
"modified": "2016-07-26T12:22:44.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: b7433c57a7111457506f85bdf6592d18",
"pattern": "[file:hashes.SHA256 = '1da99f69735d203a3d52ff1bb2ede75fe69601259efa6c5a080024ddf9276297']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975614-bc0c-4000-90c0-4afa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:44.000Z",
"modified": "2016-07-26T12:22:44.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: b7433c57a7111457506f85bdf6592d18",
"pattern": "[file:hashes.SHA1 = 'e0970cd442808dd54cfe3427acee4e1bee0aea17']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975615-1430-4a30-8e24-4e4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:45.000Z",
"modified": "2016-07-26T12:22:45.000Z",
"first_observed": "2016-07-26T12:22:45Z",
"last_observed": "2016-07-26T12:22:45Z",
"number_observed": 1,
"object_refs": [
"url--57975615-1430-4a30-8e24-4e4702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975615-1430-4a30-8e24-4e4702de0b81",
"value": "https://www.virustotal.com/file/1da99f69735d203a3d52ff1bb2ede75fe69601259efa6c5a080024ddf9276297/analysis/1468241922/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975615-0140-4dd2-8102-421402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:45.000Z",
"modified": "2016-07-26T12:22:45.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: b594a4d3f7183c3af155375f81ad6c3d",
"pattern": "[file:hashes.SHA256 = '49d08ff05bbe4a77e748dc8903b9d976a9b2176054ddfaf684c5699e84204f30']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975615-d198-418b-b3bd-46ae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:45.000Z",
"modified": "2016-07-26T12:22:45.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: b594a4d3f7183c3af155375f81ad6c3d",
"pattern": "[file:hashes.SHA1 = '67d9965c91e96f516de76591e6be651b344095a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975615-849c-411d-8a60-4e7f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:45.000Z",
"modified": "2016-07-26T12:22:45.000Z",
"first_observed": "2016-07-26T12:22:45Z",
"last_observed": "2016-07-26T12:22:45Z",
"number_observed": 1,
"object_refs": [
"url--57975615-849c-411d-8a60-4e7f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975615-849c-411d-8a60-4e7f02de0b81",
"value": "https://www.virustotal.com/file/49d08ff05bbe4a77e748dc8903b9d976a9b2176054ddfaf684c5699e84204f30/analysis/1469513481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975615-cb30-494b-9f14-499402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:45.000Z",
"modified": "2016-07-26T12:22:45.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: a4fb5a6765cb8a30a8393d608c39d9f7",
"pattern": "[file:hashes.SHA256 = 'f5e4d5d5fde978968dce4db4120ecbb68898d5fdf55860e61058d91db29b7d91']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975616-9c80-4a73-85e1-4aac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:46.000Z",
"modified": "2016-07-26T12:22:46.000Z",
"description": "Backodor.Enfourks - Xchecked via VT: a4fb5a6765cb8a30a8393d608c39d9f7",
"pattern": "[file:hashes.SHA1 = '8daa2f782e8af92747cfce5d9323653050dbd498']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975616-61bc-4a41-89b4-405402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:46.000Z",
"modified": "2016-07-26T12:22:46.000Z",
"first_observed": "2016-07-26T12:22:46Z",
"last_observed": "2016-07-26T12:22:46Z",
"number_observed": 1,
"object_refs": [
"url--57975616-61bc-4a41-89b4-405402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975616-61bc-4a41-89b4-405402de0b81",
"value": "https://www.virustotal.com/file/f5e4d5d5fde978968dce4db4120ecbb68898d5fdf55860e61058d91db29b7d91/analysis/1469513481/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975616-8828-497c-a363-4cf102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:46.000Z",
"modified": "2016-07-26T12:22:46.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: f5c81526acbd830da2f533ae93deb1e1",
"pattern": "[file:hashes.SHA256 = '79293f3cfa2af27b9d5d2d7afa1d3febb8a02f7480491b0a8afb6eea0d10faab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975616-7c9c-438d-99ef-4bda02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:46.000Z",
"modified": "2016-07-26T12:22:46.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: f5c81526acbd830da2f533ae93deb1e1",
"pattern": "[file:hashes.SHA1 = 'f7d9e0c7714578eb29716c1d2f49ef0defbf112a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975617-11d4-4822-952a-4c8b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:46.000Z",
"modified": "2016-07-26T12:22:46.000Z",
"first_observed": "2016-07-26T12:22:46Z",
"last_observed": "2016-07-26T12:22:46Z",
"number_observed": 1,
"object_refs": [
"url--57975617-11d4-4822-952a-4c8b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975617-11d4-4822-952a-4c8b02de0b81",
"value": "https://www.virustotal.com/file/79293f3cfa2af27b9d5d2d7afa1d3febb8a02f7480491b0a8afb6eea0d10faab/analysis/1464792591/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975617-c5c0-4363-af59-439f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:47.000Z",
"modified": "2016-07-26T12:22:47.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7796ae46da0049057abd5cfb9798e494",
"pattern": "[file:hashes.SHA256 = '53429895e699445a717e75ce3539c5b0b3be42b375f518d5c7759bd1c8b48291']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975617-4c60-4cfe-a93b-454902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:47.000Z",
"modified": "2016-07-26T12:22:47.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7796ae46da0049057abd5cfb9798e494",
"pattern": "[file:hashes.SHA1 = '478a41f254bb7b85e8ae5ac53757fc220e3ab91c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975617-7150-4f06-88d6-4c8402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:47.000Z",
"modified": "2016-07-26T12:22:47.000Z",
"first_observed": "2016-07-26T12:22:47Z",
"last_observed": "2016-07-26T12:22:47Z",
"number_observed": 1,
"object_refs": [
"url--57975617-7150-4f06-88d6-4c8402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975617-7150-4f06-88d6-4c8402de0b81",
"value": "https://www.virustotal.com/file/53429895e699445a717e75ce3539c5b0b3be42b375f518d5c7759bd1c8b48291/analysis/1469513478/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975617-7704-4e28-a60f-4f5802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:47.000Z",
"modified": "2016-07-26T12:22:47.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 735f0fbe44b70e184665aed8d1b2c117",
"pattern": "[file:hashes.SHA256 = '34cdfc67942060ba30c1b9ac1db9bd042f0f8e487b805b8a3e1935b4d2508db6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975618-e68c-4d7f-9fb2-4c6e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:48.000Z",
"modified": "2016-07-26T12:22:48.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 735f0fbe44b70e184665aed8d1b2c117",
"pattern": "[file:hashes.SHA1 = '11064dcef86ac1d94c170b24215854efb8aad542']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975618-9258-47a9-a454-48a602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:48.000Z",
"modified": "2016-07-26T12:22:48.000Z",
"first_observed": "2016-07-26T12:22:48Z",
"last_observed": "2016-07-26T12:22:48Z",
"number_observed": 1,
"object_refs": [
"url--57975618-9258-47a9-a454-48a602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975618-9258-47a9-a454-48a602de0b81",
"value": "https://www.virustotal.com/file/34cdfc67942060ba30c1b9ac1db9bd042f0f8e487b805b8a3e1935b4d2508db6/analysis/1469513478/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975618-36f4-4f47-8b24-403b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:48.000Z",
"modified": "2016-07-26T12:22:48.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7012f07e82092ab2daede774b9000d64",
"pattern": "[file:hashes.SHA256 = 'ebd4f62bb85f6de1111cbd613d2d4288728732edda9eb427fe9f51bd1f2d6db2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975618-cd48-4abe-a930-4fa702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:48.000Z",
"modified": "2016-07-26T12:22:48.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 7012f07e82092ab2daede774b9000d64",
"pattern": "[file:hashes.SHA1 = '1e39ff194c72c74c893b7fd9f9d0e7205c5da115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975618-e028-4a85-b372-46ff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:48.000Z",
"modified": "2016-07-26T12:22:48.000Z",
"first_observed": "2016-07-26T12:22:48Z",
"last_observed": "2016-07-26T12:22:48Z",
"number_observed": 1,
"object_refs": [
"url--57975618-e028-4a85-b372-46ff02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975618-e028-4a85-b372-46ff02de0b81",
"value": "https://www.virustotal.com/file/ebd4f62bb85f6de1111cbd613d2d4288728732edda9eb427fe9f51bd1f2d6db2/analysis/1469513485/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975619-2f38-410e-9bc8-47b502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:49.000Z",
"modified": "2016-07-26T12:22:49.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 4ff89d5341ac36eb9bed79e7afe04cb3",
"pattern": "[file:hashes.SHA256 = '20785552d82d461f5b4e480dcf51180e3f7b5d3e7286720f861e7ccfe8a2b067']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975619-4d90-4f30-a0a5-41cd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:49.000Z",
"modified": "2016-07-26T12:22:49.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 4ff89d5341ac36eb9bed79e7afe04cb3",
"pattern": "[file:hashes.SHA1 = '9034c8bfac8385a29f979b1601896c6edb0113b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975619-b630-46a2-b7d5-4eeb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:49.000Z",
"modified": "2016-07-26T12:22:49.000Z",
"first_observed": "2016-07-26T12:22:49Z",
"last_observed": "2016-07-26T12:22:49Z",
"number_observed": 1,
"object_refs": [
"url--57975619-b630-46a2-b7d5-4eeb02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975619-b630-46a2-b7d5-4eeb02de0b81",
"value": "https://www.virustotal.com/file/20785552d82d461f5b4e480dcf51180e3f7b5d3e7286720f861e7ccfe8a2b067/analysis/1469513477/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975619-9734-4819-92b7-40bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:49.000Z",
"modified": "2016-07-26T12:22:49.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 3d852dea971ced1481169d8f66542dc5",
"pattern": "[file:hashes.SHA256 = '0f245244a86a8b36292bc8b0a12b982e2ea366f36256223f8f9bcba37f335fc9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975619-fee8-47c0-b4c7-444302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:49.000Z",
"modified": "2016-07-26T12:22:49.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 3d852dea971ced1481169d8f66542dc5",
"pattern": "[file:hashes.SHA1 = '5de78801847fe63ce66cf23f3ff3d25a28e2c6fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975619-cb00-47d2-a913-474902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:49.000Z",
"modified": "2016-07-26T12:22:49.000Z",
"first_observed": "2016-07-26T12:22:49Z",
"last_observed": "2016-07-26T12:22:49Z",
"number_observed": 1,
"object_refs": [
"url--57975619-cb00-47d2-a913-474902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975619-cb00-47d2-a913-474902de0b81",
"value": "https://www.virustotal.com/file/0f245244a86a8b36292bc8b0a12b982e2ea366f36256223f8f9bcba37f335fc9/analysis/1469513489/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561a-ecb4-4e39-b4b0-497502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:50.000Z",
"modified": "2016-07-26T12:22:50.000Z",
"description": "Backdoor.Steladok - Xchecked via VT: 0f09e24a8d57fb8b1a8cc51c07ebbe3f",
"pattern": "[file:hashes.SHA256 = '5b7fdc320e108e58045f210360c0f9486beab37860df605da01deddca9950f1d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561a-f660-4183-beaa-434a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:50.000Z",
"modified": "2016-07-26T12:22:50.000Z",
"description": "Backdoor.Steladok - Xchecked via VT: 0f09e24a8d57fb8b1a8cc51c07ebbe3f",
"pattern": "[file:hashes.SHA1 = '3b2af1a6dbec193a647d97c4bfaf21f562c27258']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561a-4384-4105-9709-41d202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:50.000Z",
"modified": "2016-07-26T12:22:50.000Z",
"first_observed": "2016-07-26T12:22:50Z",
"last_observed": "2016-07-26T12:22:50Z",
"number_observed": 1,
"object_refs": [
"url--5797561a-4384-4105-9709-41d202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561a-4384-4105-9709-41d202de0b81",
"value": "https://www.virustotal.com/file/5b7fdc320e108e58045f210360c0f9486beab37860df605da01deddca9950f1d/analysis/1469513486/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561a-bcd4-4f5a-9a0f-4e2e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:50.000Z",
"modified": "2016-07-26T12:22:50.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 2099fcd4a81817171649cb38dac0fb2a",
"pattern": "[file:hashes.SHA256 = 'e9a930f839dbf4a7bdb72278d14fb8d18f5d56a492e4f9aa60b7b79777d3b2b7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561a-949c-47da-a5d4-45ef02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:50.000Z",
"modified": "2016-07-26T12:22:50.000Z",
"description": "Malicious PowerPoint slides associated with this campaign - Xchecked via VT: 2099fcd4a81817171649cb38dac0fb2a",
"pattern": "[file:hashes.SHA1 = '9cdbb41f83854ea4827c83ad9809ed0210566fbc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561b-bf64-435a-aa1d-44fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:51.000Z",
"modified": "2016-07-26T12:22:51.000Z",
"first_observed": "2016-07-26T12:22:51Z",
"last_observed": "2016-07-26T12:22:51Z",
"number_observed": 1,
"object_refs": [
"url--5797561b-bf64-435a-aa1d-44fc02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561b-bf64-435a-aa1d-44fc02de0b81",
"value": "https://www.virustotal.com/file/e9a930f839dbf4a7bdb72278d14fb8d18f5d56a492e4f9aa60b7b79777d3b2b7/analysis/1462697573/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561b-df04-4922-8bf7-47db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:51.000Z",
"modified": "2016-07-26T12:22:51.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ebfa776a91de20674a4ae55294d85087",
"pattern": "[file:hashes.SHA256 = 'db9ecff4368cf87406a0d64ccffd0df72ab875526acf1d1fe0957c9bacacbdeb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561b-18e8-42ef-9990-4c6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:51.000Z",
"modified": "2016-07-26T12:22:51.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: ebfa776a91de20674a4ae55294d85087",
"pattern": "[file:hashes.SHA1 = 'f3c9c62869c87fe177a69271b9e7f2b5aabcd66c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561b-fd14-472d-b2e1-4a9c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:51.000Z",
"modified": "2016-07-26T12:22:51.000Z",
"first_observed": "2016-07-26T12:22:51Z",
"last_observed": "2016-07-26T12:22:51Z",
"number_observed": 1,
"object_refs": [
"url--5797561b-fd14-472d-b2e1-4a9c02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561b-fd14-472d-b2e1-4a9c02de0b81",
"value": "https://www.virustotal.com/file/db9ecff4368cf87406a0d64ccffd0df72ab875526acf1d1fe0957c9bacacbdeb/analysis/1469513478/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561b-0854-458e-a43f-429202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:51.000Z",
"modified": "2016-07-26T12:22:51.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e7b4511cba3bba6983c43c9f9014a49d",
"pattern": "[file:hashes.SHA256 = '2f6ed134adf8d29dd9e25b8f8f863389742dd5ff6d9104329c2fecb66b9e1604']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561c-1de4-433b-b56c-4c3f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:52.000Z",
"modified": "2016-07-26T12:22:52.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: e7b4511cba3bba6983c43c9f9014a49d",
"pattern": "[file:hashes.SHA1 = '3081aa58cc3d14e557f49f7b3ce4247b0935c6b5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561c-4704-4043-80bd-47d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:52.000Z",
"modified": "2016-07-26T12:22:52.000Z",
"first_observed": "2016-07-26T12:22:52Z",
"last_observed": "2016-07-26T12:22:52Z",
"number_observed": 1,
"object_refs": [
"url--5797561c-4704-4043-80bd-47d602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561c-4704-4043-80bd-47d602de0b81",
"value": "https://www.virustotal.com/file/2f6ed134adf8d29dd9e25b8f8f863389742dd5ff6d9104329c2fecb66b9e1604/analysis/1469513485/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561c-e7c4-4aa8-8a6c-45dd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:52.000Z",
"modified": "2016-07-26T12:22:52.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: d456bbf44d73b1f0f2d1119f16993e93",
"pattern": "[file:hashes.SHA256 = '77c234943878d1e16d508f439b3e4bc2eab17eb68df9a297940dfd58ae0c7300']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561c-34c0-462c-9791-430f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:52.000Z",
"modified": "2016-07-26T12:22:52.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: d456bbf44d73b1f0f2d1119f16993e93",
"pattern": "[file:hashes.SHA1 = 'c1c723b0d162569224327d888dd9c8096918e49a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561d-e710-4d6d-9f37-44e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:53.000Z",
"modified": "2016-07-26T12:22:53.000Z",
"first_observed": "2016-07-26T12:22:53Z",
"last_observed": "2016-07-26T12:22:53Z",
"number_observed": 1,
"object_refs": [
"url--5797561d-e710-4d6d-9f37-44e102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561d-e710-4d6d-9f37-44e102de0b81",
"value": "https://www.virustotal.com/file/77c234943878d1e16d508f439b3e4bc2eab17eb68df9a297940dfd58ae0c7300/analysis/1469513484/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561d-7a90-4124-ac02-4e3702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:53.000Z",
"modified": "2016-07-26T12:22:53.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b163e3906b3521a407910aeefd055f03",
"pattern": "[file:hashes.SHA256 = '8b486336c770a5fd006b4d56c11d58a3a878ff8978c8c97470eec9819f975a60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561d-1ea8-4a01-ad56-4b8002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:53.000Z",
"modified": "2016-07-26T12:22:53.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: b163e3906b3521a407910aeefd055f03",
"pattern": "[file:hashes.SHA1 = 'cfb33642b702bb4da43aa6842aa657f1ec89b1f6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561d-56f0-4f79-b213-402602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:53.000Z",
"modified": "2016-07-26T12:22:53.000Z",
"first_observed": "2016-07-26T12:22:53Z",
"last_observed": "2016-07-26T12:22:53Z",
"number_observed": 1,
"object_refs": [
"url--5797561d-56f0-4f79-b213-402602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561d-56f0-4f79-b213-402602de0b81",
"value": "https://www.virustotal.com/file/8b486336c770a5fd006b4d56c11d58a3a878ff8978c8c97470eec9819f975a60/analysis/1464771776/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561d-bb88-478f-88a7-464c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:53.000Z",
"modified": "2016-07-26T12:22:53.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 8f7b1f320823893e159f6ebfb8ce3e78",
"pattern": "[file:hashes.SHA256 = 'ea1f4678e075a3fa4a096dcdf06fa91f1758365525ce47bc5ec580c63f0b917b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561e-34ac-44d6-b0f6-4ca602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:54.000Z",
"modified": "2016-07-26T12:22:54.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 8f7b1f320823893e159f6ebfb8ce3e78",
"pattern": "[file:hashes.SHA1 = '6624b1735b83e5529bd4e25f156f14e352081db7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561e-3688-4a88-af66-496a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:54.000Z",
"modified": "2016-07-26T12:22:54.000Z",
"first_observed": "2016-07-26T12:22:54Z",
"last_observed": "2016-07-26T12:22:54Z",
"number_observed": 1,
"object_refs": [
"url--5797561e-3688-4a88-af66-496a02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561e-3688-4a88-af66-496a02de0b81",
"value": "https://www.virustotal.com/file/ea1f4678e075a3fa4a096dcdf06fa91f1758365525ce47bc5ec580c63f0b917b/analysis/1469513476/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561e-a138-4529-9288-473702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:54.000Z",
"modified": "2016-07-26T12:22:54.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 812a856288a03787d85d2cb9c1e1b3ba",
"pattern": "[file:hashes.SHA256 = 'd20ac3fc362e022c7d09ff6808172fd0dce4e90aee4890455723f638ebff78bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561e-a3a8-4bb9-a6fc-4e0402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:54.000Z",
"modified": "2016-07-26T12:22:54.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 812a856288a03787d85d2cb9c1e1b3ba",
"pattern": "[file:hashes.SHA1 = '406c74e8eb89fa7b712a535dd38c79c1afd0c6fe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561e-9ad0-44b0-aa61-414402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:54.000Z",
"modified": "2016-07-26T12:22:54.000Z",
"first_observed": "2016-07-26T12:22:54Z",
"last_observed": "2016-07-26T12:22:54Z",
"number_observed": 1,
"object_refs": [
"url--5797561e-9ad0-44b0-aa61-414402de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561e-9ad0-44b0-aa61-414402de0b81",
"value": "https://www.virustotal.com/file/d20ac3fc362e022c7d09ff6808172fd0dce4e90aee4890455723f638ebff78bf/analysis/1469513484/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561f-00f4-42c4-8cf4-4aeb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:55.000Z",
"modified": "2016-07-26T12:22:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 74fea3e542add0f301756581d1f16126",
"pattern": "[file:hashes.SHA256 = '67d89c788f6c06ef6f8d8d40687b8a2cd611d3990443df58129428bd7b1c7ecf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561f-8fb8-4712-b7e7-4bbb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:55.000Z",
"modified": "2016-07-26T12:22:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 74fea3e542add0f301756581d1f16126",
"pattern": "[file:hashes.SHA1 = 'd42a7c41968d937b766d93992ae64d816a8a3f6c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561f-5084-4c7d-a0e4-458102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:55.000Z",
"modified": "2016-07-26T12:22:55.000Z",
"first_observed": "2016-07-26T12:22:55Z",
"last_observed": "2016-07-26T12:22:55Z",
"number_observed": 1,
"object_refs": [
"url--5797561f-5084-4c7d-a0e4-458102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561f-5084-4c7d-a0e4-458102de0b81",
"value": "https://www.virustotal.com/file/67d89c788f6c06ef6f8d8d40687b8a2cd611d3990443df58129428bd7b1c7ecf/analysis/1469513476/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561f-2d6c-40eb-84af-42b702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:55.000Z",
"modified": "2016-07-26T12:22:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 6877e60f141793287169125a08e36941",
"pattern": "[file:hashes.SHA256 = '6f46cdc5d3af821b84c31d2c221e79f2d75c1750d39227aacf0cc5fd059a687d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5797561f-0360-4cc5-9264-496e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:55.000Z",
"modified": "2016-07-26T12:22:55.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 6877e60f141793287169125a08e36941",
"pattern": "[file:hashes.SHA1 = '7ee94c8279ee4282041a242985922dedd9b184b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5797561f-ee14-4d1e-b137-405e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:55.000Z",
"modified": "2016-07-26T12:22:55.000Z",
"first_observed": "2016-07-26T12:22:55Z",
"last_observed": "2016-07-26T12:22:55Z",
"number_observed": 1,
"object_refs": [
"url--5797561f-ee14-4d1e-b137-405e02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5797561f-ee14-4d1e-b137-405e02de0b81",
"value": "https://www.virustotal.com/file/6f46cdc5d3af821b84c31d2c221e79f2d75c1750d39227aacf0cc5fd059a687d/analysis/1465118345/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975620-fd00-49e6-be32-406502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:56.000Z",
"modified": "2016-07-26T12:22:56.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 543d402a56406c93b68622a7e392728d",
"pattern": "[file:hashes.SHA256 = 'a042affc1c30c55b22245fd5e84ba9c78c55b1c1ae1d32d941b63d3f68173a8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975620-15f4-4d07-acf4-4ecb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:56.000Z",
"modified": "2016-07-26T12:22:56.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 543d402a56406c93b68622a7e392728d",
"pattern": "[file:hashes.SHA1 = 'e89483ada29bdb4128b5faeac1f3d632711d552d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975620-1794-4b83-9444-4f8002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:56.000Z",
"modified": "2016-07-26T12:22:56.000Z",
"first_observed": "2016-07-26T12:22:56Z",
"last_observed": "2016-07-26T12:22:56Z",
"number_observed": 1,
"object_refs": [
"url--57975620-1794-4b83-9444-4f8002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975620-1794-4b83-9444-4f8002de0b81",
"value": "https://www.virustotal.com/file/a042affc1c30c55b22245fd5e84ba9c78c55b1c1ae1d32d941b63d3f68173a8a/analysis/1469513482/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975620-152c-4372-86de-495302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:56.000Z",
"modified": "2016-07-26T12:22:56.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 4dbb8ad1776af25a5832e92b12d4bfff",
"pattern": "[file:hashes.SHA256 = '037e92c575949a3570ba5097ee058a96deb1be72d521bb18905c9c33d856a100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975620-1088-4e9e-be82-4ef702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:56.000Z",
"modified": "2016-07-26T12:22:56.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 4dbb8ad1776af25a5832e92b12d4bfff",
"pattern": "[file:hashes.SHA1 = '1ce0ad3556f5866f309e04084d9a230f9f2ce158']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975621-2824-43fa-a90f-4b6f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:57.000Z",
"modified": "2016-07-26T12:22:57.000Z",
"first_observed": "2016-07-26T12:22:57Z",
"last_observed": "2016-07-26T12:22:57Z",
"number_observed": 1,
"object_refs": [
"url--57975621-2824-43fa-a90f-4b6f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975621-2824-43fa-a90f-4b6f02de0b81",
"value": "https://www.virustotal.com/file/037e92c575949a3570ba5097ee058a96deb1be72d521bb18905c9c33d856a100/analysis/1469513482/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975621-5ef8-41ce-a4f6-4abb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:57.000Z",
"modified": "2016-07-26T12:22:57.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 475c29ed9373e2c04b7c3df6766761eb",
"pattern": "[file:hashes.SHA256 = 'e48c5d26028815956956144c9c7ff71676e4e77297e9e60666babd18925dcee3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975621-cbe0-43f2-b50c-414802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:57.000Z",
"modified": "2016-07-26T12:22:57.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 475c29ed9373e2c04b7c3df6766761eb",
"pattern": "[file:hashes.SHA1 = '1e226c4ca9cb3dd4ccebaa21c890ba5b83f4b8ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975621-3f9c-4cf2-b5cb-4dd502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:57.000Z",
"modified": "2016-07-26T12:22:57.000Z",
"first_observed": "2016-07-26T12:22:57Z",
"last_observed": "2016-07-26T12:22:57Z",
"number_observed": 1,
"object_refs": [
"url--57975621-3f9c-4cf2-b5cb-4dd502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975621-3f9c-4cf2-b5cb-4dd502de0b81",
"value": "https://www.virustotal.com/file/e48c5d26028815956956144c9c7ff71676e4e77297e9e60666babd18925dcee3/analysis/1469513482/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975621-64c0-4e87-b699-445502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:57.000Z",
"modified": "2016-07-26T12:22:57.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3e9d1526addf2ca6b09e2fdb5fd4978f",
"pattern": "[file:hashes.SHA256 = '6fa84f3aaba12557129a59501d71f3a9a690e099ae8e3a4a9ec3c4a25c37a493']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975622-7924-40d4-b886-48e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:58.000Z",
"modified": "2016-07-26T12:22:58.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 3e9d1526addf2ca6b09e2fdb5fd4978f",
"pattern": "[file:hashes.SHA1 = '7d957898fc4323d83ce6b325d403ad62f85463f2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975622-e57c-462c-af76-4be302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:58.000Z",
"modified": "2016-07-26T12:22:58.000Z",
"first_observed": "2016-07-26T12:22:58Z",
"last_observed": "2016-07-26T12:22:58Z",
"number_observed": 1,
"object_refs": [
"url--57975622-e57c-462c-af76-4be302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975622-e57c-462c-af76-4be302de0b81",
"value": "https://www.virustotal.com/file/6fa84f3aaba12557129a59501d71f3a9a690e099ae8e3a4a9ec3c4a25c37a493/analysis/1469513474/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975622-687c-4cf6-8637-435b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:58.000Z",
"modified": "2016-07-26T12:22:58.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 38e71afcdd6236ac3ad24bda393a81c6",
"pattern": "[file:hashes.SHA256 = '53a30dfd90bd1208dcfe534ccd0b798d629aa989ccaeae952384cfe9ecb17369']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975622-9068-4870-ab8c-4d8a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:58.000Z",
"modified": "2016-07-26T12:22:58.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 38e71afcdd6236ac3ad24bda393a81c6",
"pattern": "[file:hashes.SHA1 = '5d61d614731beeb520f767fcbb5afe151341238a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975622-3090-4fa5-a399-4ca602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:58.000Z",
"modified": "2016-07-26T12:22:58.000Z",
"first_observed": "2016-07-26T12:22:58Z",
"last_observed": "2016-07-26T12:22:58Z",
"number_observed": 1,
"object_refs": [
"url--57975622-3090-4fa5-a399-4ca602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975622-3090-4fa5-a399-4ca602de0b81",
"value": "https://www.virustotal.com/file/53a30dfd90bd1208dcfe534ccd0b798d629aa989ccaeae952384cfe9ecb17369/analysis/1469513474/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975623-9840-4ac9-a0d4-487702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:59.000Z",
"modified": "2016-07-26T12:22:59.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 375f240df2718fc3e0137e109eef57ee",
"pattern": "[file:hashes.SHA256 = '8f2340f45861dbc36f8138f5be25ea9109368a31b2d577631f96ff9fff65b26a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975623-b670-4b49-aaf2-483502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:59.000Z",
"modified": "2016-07-26T12:22:59.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 375f240df2718fc3e0137e109eef57ee",
"pattern": "[file:hashes.SHA1 = 'c9dddd6d4858234e1be971c7f66193ea907ac8d8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975623-4d64-41f7-a1db-48fe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:59.000Z",
"modified": "2016-07-26T12:22:59.000Z",
"first_observed": "2016-07-26T12:22:59Z",
"last_observed": "2016-07-26T12:22:59Z",
"number_observed": 1,
"object_refs": [
"url--57975623-4d64-41f7-a1db-48fe02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975623-4d64-41f7-a1db-48fe02de0b81",
"value": "https://www.virustotal.com/file/8f2340f45861dbc36f8138f5be25ea9109368a31b2d577631f96ff9fff65b26a/analysis/1469513475/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975623-24dc-467c-ba30-436702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:59.000Z",
"modified": "2016-07-26T12:22:59.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2ba26a9cc1af4479e99dcc6a0e7d5d67",
"pattern": "[file:hashes.SHA256 = '962ce88813913c907d16b30a1c9f54e6d7281d9c901aa0e11bf6deb9b5ff659a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975623-c8c0-4beb-bde6-4f0d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:22:59.000Z",
"modified": "2016-07-26T12:22:59.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 2ba26a9cc1af4479e99dcc6a0e7d5d67",
"pattern": "[file:hashes.SHA1 = 'dcccd7a9886e147ecf01718047e1f911323ca8c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:22:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975624-d77c-4f01-8711-433302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:23:00.000Z",
"modified": "2016-07-26T12:23:00.000Z",
"first_observed": "2016-07-26T12:23:00Z",
"last_observed": "2016-07-26T12:23:00Z",
"number_observed": 1,
"object_refs": [
"url--57975624-d77c-4f01-8711-433302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975624-d77c-4f01-8711-433302de0b81",
"value": "https://www.virustotal.com/file/962ce88813913c907d16b30a1c9f54e6d7281d9c901aa0e11bf6deb9b5ff659a/analysis/1465070384/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975624-dcc4-408e-b4e3-43b002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:23:00.000Z",
"modified": "2016-07-26T12:23:00.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1de10c5bc704d3eaf4f0cfa5ddd63f2d",
"pattern": "[file:hashes.SHA256 = '09d7cd078a46a33750b002594eb7340af55a1cefe5f4451a8bdfcd6af97449bf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:23:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975624-aa64-4ab1-ac4e-4b9e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:23:00.000Z",
"modified": "2016-07-26T12:23:00.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 1de10c5bc704d3eaf4f0cfa5ddd63f2d",
"pattern": "[file:hashes.SHA1 = '926162aadd5208b0764c0351074709ecf02bc7b8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:23:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975624-16e4-49aa-9a7a-434702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:23:00.000Z",
"modified": "2016-07-26T12:23:00.000Z",
"first_observed": "2016-07-26T12:23:00Z",
"last_observed": "2016-07-26T12:23:00Z",
"number_observed": 1,
"object_refs": [
"url--57975624-16e4-49aa-9a7a-434702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975624-16e4-49aa-9a7a-434702de0b81",
"value": "https://www.virustotal.com/file/09d7cd078a46a33750b002594eb7340af55a1cefe5f4451a8bdfcd6af97449bf/analysis/1469513475/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975624-ce20-42f4-8932-458102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:23:00.000Z",
"modified": "2016-07-26T12:23:00.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0bbff4654d0c4551c58376e6a99dfda0",
"pattern": "[file:hashes.SHA256 = 'f671bd2a4f5a4df475c6860bbc8198bcce0e2cf229a596ea169b38cb318a012b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:23:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57975625-937c-40da-bbf0-45ea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:23:01.000Z",
"modified": "2016-07-26T12:23:01.000Z",
"description": "Imported via the Freetext Import Tool - Xchecked via VT: 0bbff4654d0c4551c58376e6a99dfda0",
"pattern": "[file:hashes.SHA1 = '4a575bfe63262d53a765de254f534e830d03f638']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-26T12:23:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57975625-7024-4664-b88b-45a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-07-26T12:23:01.000Z",
"modified": "2016-07-26T12:23:01.000Z",
"first_observed": "2016-07-26T12:23:01Z",
"last_observed": "2016-07-26T12:23:01Z",
"number_observed": 1,
"object_refs": [
"url--57975625-7024-4664-b88b-45a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57975625-7024-4664-b88b-45a002de0b81",
"value": "https://www.virustotal.com/file/f671bd2a4f5a4df475c6860bbc8198bcce0e2cf229a596ea169b38cb318a012b/analysis/1468316763/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
2023-04-21 13:25:09 +00:00
]
}