2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5819948b-b170-4872-b8f6-5934950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:01.000Z" ,
"modified" : "2016-11-02T08:00:01.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5819948b-b170-4872-b8f6-5934950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:01.000Z" ,
"modified" : "2016-11-02T08:00:01.000Z" ,
"name" : "OSINT - Flying Dragon Eye: Uyghur Themed Threat Activity" ,
"published" : "2016-11-02T08:03:19Z" ,
"object_refs" : [
"x-misp-attribute--581994d6-aa60-461d-9870-5930950d210f" ,
"observed-data--58199523-6178-43d6-8b1f-592e950d210f" ,
"url--58199523-6178-43d6-8b1f-592e950d210f" ,
"observed-data--58199523-0100-4667-81dc-592e950d210f" ,
"url--58199523-0100-4667-81dc-592e950d210f" ,
"observed-data--58199523-3db4-4c81-b411-592e950d210f" ,
"url--58199523-3db4-4c81-b411-592e950d210f" ,
"indicator--58199662-6d4c-4bf8-9d4e-69a2950d210f" ,
"indicator--58199662-0a20-4530-8464-69a2950d210f" ,
"indicator--58199662-4f08-47d8-aa1e-69a2950d210f" ,
"indicator--58199663-b44c-4e29-b015-69a2950d210f" ,
"indicator--58199663-f604-4123-b0c1-69a2950d210f" ,
"indicator--58199663-3e64-4c5f-b2d9-69a2950d210f" ,
"indicator--58199663-c4d8-41ac-812f-69a2950d210f" ,
"indicator--58199664-74ac-4083-b6c9-69a2950d210f" ,
"indicator--58199664-66a8-477a-8f98-69a2950d210f" ,
"indicator--58199664-51f8-41dd-a14a-69a2950d210f" ,
"indicator--58199664-95d0-4232-8769-69a2950d210f" ,
"indicator--58199664-c480-4c4d-b02b-69a2950d210f" ,
"indicator--58199665-68f4-440a-8c11-69a2950d210f" ,
"indicator--58199665-e514-45d4-b192-69a2950d210f" ,
"indicator--58199665-59c4-4e69-b920-69a2950d210f" ,
"indicator--58199665-2eac-4570-aa90-69a2950d210f" ,
"indicator--58199666-07a0-443d-84aa-69a2950d210f" ,
"indicator--58199666-fec4-48b9-88d1-69a2950d210f" ,
"indicator--5819969b-6a80-454a-86c3-7756950d210f" ,
"indicator--58199710-c854-4314-a62c-5936950d210f" ,
"indicator--58199711-6b68-4151-a624-5936950d210f" ,
"indicator--58199793-682c-4562-8b4b-5930950d210f" ,
"indicator--58199793-7cac-4fea-976e-5930950d210f" ,
"indicator--581997bb-ace0-406a-9f0b-69b0950d210f" ,
"indicator--581997bc-5918-45e0-9e31-69b0950d210f" ,
"indicator--581999d8-b7bc-4e14-9b82-5931950d210f" ,
"indicator--581999ff-a8a8-4c8c-b647-5932950d210f" ,
"indicator--581999ff-ea9c-4ad2-8984-5932950d210f" ,
"indicator--58199aae-5a18-4ced-86c8-69b0950d210f" ,
"indicator--58199aae-14dc-4896-969c-69b0950d210f" ,
"indicator--58199aae-c690-4324-b536-69b0950d210f" ,
"indicator--58199aaf-1e80-4115-be88-69b0950d210f" ,
"indicator--58199aaf-18e8-4d01-8825-69b0950d210f" ,
"indicator--58199aaf-1df0-4c0d-8ce4-69b0950d210f" ,
"indicator--58199aaf-1514-452d-b6ee-69b0950d210f" ,
"indicator--58199ab0-3254-498e-b91c-69b0950d210f" ,
"indicator--58199ab0-e800-497f-9335-69b0950d210f" ,
"indicator--58199ab0-341c-4644-ae0c-69b0950d210f" ,
"indicator--58199ab0-eab8-4ba6-9506-69b0950d210f" ,
"indicator--58199ab1-0700-4e3e-88a2-69b0950d210f" ,
"indicator--58199ab1-bb2c-4631-9ef1-69b0950d210f" ,
"indicator--58199ac5-c9dc-4d15-bd66-5932950d210f" ,
"indicator--58199b90-8720-459a-9cc4-69b0950d210f" ,
"indicator--58199b90-a7c4-44fa-9165-69b0950d210f" ,
"indicator--58199b90-87d0-4d4a-8edd-69b0950d210f" ,
"indicator--58199b90-ad1c-4a4e-a85a-69b0950d210f" ,
"indicator--58199b91-80b4-4ef5-b984-69b0950d210f" ,
"indicator--58199b91-9930-4730-abd7-69b0950d210f" ,
"indicator--58199b91-41ec-43b9-b895-69b0950d210f" ,
"indicator--58199b91-8928-4177-8bc6-69b0950d210f" ,
"indicator--58199b91-8910-4c5b-84d5-69b0950d210f" ,
"indicator--58199b92-3990-40e3-99ae-69b0950d210f" ,
"indicator--58199b92-5f60-4bc9-bc55-69b0950d210f" ,
"indicator--58199b92-1da0-4cd8-aa4a-69b0950d210f" ,
"indicator--58199b92-fa98-476a-b72c-69b0950d210f" ,
"indicator--58199b93-fbd0-4a5f-bf4c-69b0950d210f" ,
"indicator--58199b93-cc98-4b20-8bed-69b0950d210f" ,
"indicator--58199d01-ddbc-4294-976e-593002de0b81" ,
"indicator--58199d01-e758-4f49-8c30-593002de0b81" ,
"observed-data--58199d01-d9a0-4d93-a953-593002de0b81" ,
"url--58199d01-d9a0-4d93-a953-593002de0b81" ,
"indicator--58199d02-52cc-4f23-903b-593002de0b81" ,
"indicator--58199d02-16a8-4a5c-9879-593002de0b81" ,
"observed-data--58199d02-d948-4059-8c23-593002de0b81" ,
"url--58199d02-d948-4059-8c23-593002de0b81" ,
"indicator--58199d03-955c-4de5-9ba9-593002de0b81" ,
"indicator--58199d03-c30c-48a2-bc88-593002de0b81" ,
"observed-data--58199d03-0da4-4b22-96c6-593002de0b81" ,
"url--58199d03-0da4-4b22-96c6-593002de0b81" ,
"indicator--58199d03-6b38-470f-aaf8-593002de0b81" ,
"indicator--58199d04-ace4-4566-b96d-593002de0b81" ,
"observed-data--58199d04-8f68-4815-b5fd-593002de0b81" ,
"url--58199d04-8f68-4815-b5fd-593002de0b81" ,
"indicator--58199d04-b1fc-4c68-973e-593002de0b81" ,
"indicator--58199d04-22e4-42fc-a180-593002de0b81" ,
"observed-data--58199d05-e6d4-46c7-809f-593002de0b81" ,
"url--58199d05-e6d4-46c7-809f-593002de0b81" ,
"indicator--58199d05-a17c-4c0b-8842-593002de0b81" ,
"indicator--58199d05-3dec-4053-9bd8-593002de0b81" ,
"observed-data--58199d05-a3d4-4ab0-8d16-593002de0b81" ,
"url--58199d05-a3d4-4ab0-8d16-593002de0b81" ,
"indicator--58199d06-8b1c-41bf-9739-593002de0b81" ,
"indicator--58199d06-2f2c-40dc-b101-593002de0b81" ,
"observed-data--58199d06-5488-450d-95a0-593002de0b81" ,
"url--58199d06-5488-450d-95a0-593002de0b81" ,
"indicator--58199d06-7d04-48bd-9241-593002de0b81" ,
"indicator--58199d06-0020-414d-adda-593002de0b81" ,
"observed-data--58199d07-c2c4-4782-9cd6-593002de0b81" ,
"url--58199d07-c2c4-4782-9cd6-593002de0b81" ,
"indicator--58199d07-78e4-4225-8b38-593002de0b81" ,
"indicator--58199d07-36c0-4736-a131-593002de0b81" ,
"observed-data--58199d07-898c-486b-8f12-593002de0b81" ,
"url--58199d07-898c-486b-8f12-593002de0b81" ,
"indicator--58199d07-b870-4c96-a744-593002de0b81" ,
"indicator--58199d08-c570-45d7-a8ec-593002de0b81" ,
"observed-data--58199d08-efcc-4637-9a08-593002de0b81" ,
"url--58199d08-efcc-4637-9a08-593002de0b81" ,
"indicator--58199d08-6324-4078-8911-593002de0b81" ,
"indicator--58199d08-8cac-4304-afaf-593002de0b81" ,
"observed-data--58199d09-9b1c-40a9-8c1b-593002de0b81" ,
"url--58199d09-9b1c-40a9-8c1b-593002de0b81" ,
"indicator--58199d09-cb20-4457-b416-593002de0b81" ,
"observed-data--58199d09-e9f0-446e-85be-593002de0b81" ,
"url--58199d09-e9f0-446e-85be-593002de0b81" ,
"indicator--58199d09-2004-4f16-964d-593002de0b81" ,
"observed-data--58199d0a-66e0-416c-9dcb-593002de0b81" ,
"url--58199d0a-66e0-416c-9dcb-593002de0b81" ,
"indicator--58199d0a-a2c4-4ab5-9e4d-593002de0b81" ,
"observed-data--58199d0a-7e44-45e0-9fa5-593002de0b81" ,
"url--58199d0a-7e44-45e0-9fa5-593002de0b81" ,
"indicator--58199d0a-3c70-422f-ab84-593002de0b81" ,
"observed-data--58199d0a-9d4c-4a30-b875-593002de0b81" ,
"url--58199d0a-9d4c-4a30-b875-593002de0b81" ,
"indicator--58199d0b-98f8-44bb-999b-593002de0b81" ,
"observed-data--58199d0b-a2ac-4420-aa83-593002de0b81" ,
"url--58199d0b-a2ac-4420-aa83-593002de0b81" ,
"indicator--58199d0c-45cc-4ac6-816e-593002de0b81" ,
"observed-data--58199d0c-6ec8-4d0b-a9cc-593002de0b81" ,
"url--58199d0c-6ec8-4d0b-a9cc-593002de0b81" ,
"indicator--58199d0d-41e0-4732-9124-593002de0b81" ,
"observed-data--58199d0d-5df0-4539-9c22-593002de0b81" ,
"url--58199d0d-5df0-4539-9c22-593002de0b81" ,
"indicator--58199d0e-6504-460f-8263-593002de0b81" ,
"observed-data--58199d0e-a3a0-4794-96ac-593002de0b81" ,
"url--58199d0e-a3a0-4794-96ac-593002de0b81" ,
"indicator--58199d0f-9834-4d37-9332-593002de0b81" ,
"observed-data--58199d0f-7bbc-447e-8b45-593002de0b81" ,
"url--58199d0f-7bbc-447e-8b45-593002de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\"" ,
"osint:source-type=\"technical-report\"" ,
"misp-galaxy:tool=\"PlugX\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--581994d6-aa60-461d-9870-5930950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:25:10.000Z" ,
"modified" : "2016-11-02T07:25:10.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "This paper documents attempted exploitation activity aimed at Uyghur interests outside of China. Exploitation is being attempted via the usual tactic of spear phishing containing malicious attachments to targets. The exploit code attached used for dropping the malware is older \u00e2\u20ac\u201c CVE-2012-0158 \u00e2\u20ac\u201c and from our vantage point, we have no indication of successful or failed exploitation. Nonetheless, we can obtain targeting information and insight into tactics from the spearphish messages used by the threat actors. Successful exploitation typically results in malware calling back to one or more Uyghur themed domain names. The malware payloads observed to be associated with the Uyghur themed C2 domains so far consist of PlugX, Gh0st RAT, and Saker/Xbox, although there may be others that are yet to be discovered.\r\n\r\nIt is possible that additional targeting well beyond CVE-2012-0158 is at play, although in this case it appears that threat actors still thought they could obtain benefit from using a four-year-old vulnerability that has been widely associated with numerous cyber-espionage operations over the years. This may be due to the weakness of defensive posture among those targeted and an attempt at higher return on investment by using exploit code that might still be adequate considering the targets. Pivots on threat infrastructure suggest that the same or related threat actors have direct or indirect access to other types of exploit code such as the \u00e2\u20ac\u0153Four Element Sword\u00e2\u20ac\u009d builder and the numerous types of malware delivered with it (PlugX, 9002 RAT 3102 variant, T9000, Grabber, Gh0st RAT LURK0 variant and perhaps others), profiled in previous ASERT threat intelligence products."
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199523-6178-43d6-8b1f-592e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:26:27.000Z" ,
"modified" : "2016-11-02T07:26:27.000Z" ,
"first_observed" : "2016-11-02T07:26:27Z" ,
"last_observed" : "2016-11-02T07:26:27Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199523-6178-43d6-8b1f-592e950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199523-6178-43d6-8b1f-592e950d210f" ,
"value" : "https://www.arbornetworks.com/blog/asert/flying-dragon-eye-uyghur-themed-threat-activity/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199523-0100-4667-81dc-592e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:26:27.000Z" ,
"modified" : "2016-11-02T07:26:27.000Z" ,
"first_observed" : "2016-11-02T07:26:27Z" ,
"last_observed" : "2016-11-02T07:26:27Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199523-0100-4667-81dc-592e950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199523-0100-4667-81dc-592e950d210f" ,
"value" : "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/11/TLP-WHITE-Flying-Dragon-Eye-Uyghur-Themed-Threat-Activity.pdf"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199523-3db4-4c81-b411-592e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:26:27.000Z" ,
"modified" : "2016-11-02T07:26:27.000Z" ,
"first_observed" : "2016-11-02T07:26:27Z" ,
"last_observed" : "2016-11-02T07:26:27Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199523-3db4-4c81-b411-592e950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199523-3db4-4c81-b411-592e950d210f" ,
"value" : "https://www.arbornetworks.com/blog/asert/wp-content/uploads/2016/09/FlyingDragonEye_IOC.csv"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199662-6d4c-4bf8-9d4e-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:46.000Z" ,
"modified" : "2016-11-02T07:31:46.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'www.turkistanuyghur.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199662-0a20-4530-8464-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:46.000Z" ,
"modified" : "2016-11-02T07:31:46.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'www.yawropauyghur.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199662-4f08-47d8-aa1e-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:46.000Z" ,
"modified" : "2016-11-02T07:31:46.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'www.whitewall.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199663-b44c-4e29-b015-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:47.000Z" ,
"modified" : "2016-11-02T07:31:47.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'dtsx.uygurinfo.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199663-f604-4123-b0c1-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:47.000Z" ,
"modified" : "2016-11-02T07:31:47.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'ks.uygurinfo.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199663-3e64-4c5f-b2d9-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:47.000Z" ,
"modified" : "2016-11-02T07:31:47.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'uygurinfo.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199663-c4d8-41ac-812f-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:47.000Z" ,
"modified" : "2016-11-02T07:31:47.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'tibettimes.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199664-74ac-4083-b6c9-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:48.000Z" ,
"modified" : "2016-11-02T07:31:48.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'www.amerikauyghur.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199664-66a8-477a-8f98-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:48.000Z" ,
"modified" : "2016-11-02T07:31:48.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'www.japanuyghur.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199664-51f8-41dd-a14a-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:48.000Z" ,
"modified" : "2016-11-02T07:31:48.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'www.hotansft.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199664-95d0-4232-8769-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:48.000Z" ,
"modified" : "2016-11-02T07:31:48.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'turkiyeuyghur.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199664-c480-4c4d-b02b-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:48.000Z" ,
"modified" : "2016-11-02T07:31:48.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'www.tibetimes.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199665-68f4-440a-8c11-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:49.000Z" ,
"modified" : "2016-11-02T07:31:49.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'freetibet.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199665-e514-45d4-b192-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:49.000Z" ,
"modified" : "2016-11-02T07:31:49.000Z" ,
"description" : "suspicious domain" ,
"pattern" : "[domain-name:value = 'russiauyghur.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199665-59c4-4e69-b920-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:49.000Z" ,
"modified" : "2016-11-02T07:31:49.000Z" ,
"description" : "suspicious IP" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.83.144']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199665-2eac-4570-aa90-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:49.000Z" ,
"modified" : "2016-11-02T07:31:49.000Z" ,
"description" : "suspicious IP" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.225.133']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199666-07a0-443d-84aa-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:50.000Z" ,
"modified" : "2016-11-02T07:31:50.000Z" ,
"description" : "suspicious IP" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.240.218']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199666-fec4-48b9-88d1-69a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:31:50.000Z" ,
"modified" : "2016-11-02T07:31:50.000Z" ,
"description" : "suspicious IP" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.240.195']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:31:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5819969b-6a80-454a-86c3-7756950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:32:43.000Z" ,
"modified" : "2016-11-02T07:32:43.000Z" ,
"description" : "suspicious email" ,
"pattern" : "[email-message:from_ref.value = '2732115454@qq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:32:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"email-src\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199710-c854-4314-a62c-5936950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:34:40.000Z" ,
"modified" : "2016-11-02T07:34:40.000Z" ,
"description" : "PlugX malware" ,
"pattern" : "[file:hashes.MD5 = 'fa85f8a332ac26892a8ad6f21491404a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:34:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199711-6b68-4151-a624-5936950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:34:41.000Z" ,
"modified" : "2016-11-02T07:34:41.000Z" ,
"description" : "PlugX malware" ,
"pattern" : "[file:hashes.SHA256 = 'a351040c0da2837f19b357baea4bffe194b0cd0d86bf262f8be1126e3a9d44d8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:34:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199793-682c-4562-8b4b-5930950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:36:51.000Z" ,
"modified" : "2016-11-02T07:36:51.000Z" ,
"description" : "Gh0stRAT LURK0" ,
"pattern" : "[file:hashes.SHA256 = 'b625e605932196efbc6c80a18f61a71d27d82935209a1abde2ec591973fed31e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:36:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199793-7cac-4fea-976e-5930950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:36:51.000Z" ,
"modified" : "2016-11-02T07:36:51.000Z" ,
"description" : "Gh0stRAT LURK0" ,
"pattern" : "[file:hashes.MD5 = '4edda0e2a8a415272f475f3af4d17dc1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:36:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--581997bb-ace0-406a-9f0b-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:37:31.000Z" ,
"modified" : "2016-11-02T07:37:31.000Z" ,
"description" : "Saker/Xbox" ,
"pattern" : "[file:hashes.SHA256 = 'c39e0fc30c2604b3eb9694591789a8e3d4cee7bcc4f9b03349e10c45304aef59']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:37:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--581997bc-5918-45e0-9e31-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:37:32.000Z" ,
"modified" : "2016-11-02T07:37:32.000Z" ,
"description" : "Saker/Xbox" ,
"pattern" : "[file:hashes.MD5 = '86088922528b4d0a5493046527b29822']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:37:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--581999d8-b7bc-4e14-9b82-5931950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:46:32.000Z" ,
"modified" : "2016-11-02T07:46:32.000Z" ,
"description" : "IP before sinkholing - www.turkiyeuyghur.com - Saker/Xbox" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.118.87']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:46:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--581999ff-a8a8-4c8c-b647-5932950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:47:11.000Z" ,
"modified" : "2016-11-02T07:47:11.000Z" ,
"description" : "Saker/Xbox" ,
"pattern" : "[file:hashes.SHA256 = '3714058d90b2149169188418773165b620abd1481b47d1551d79679bfe21d28c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:47:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--581999ff-ea9c-4ad2-8984-5932950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:47:11.000Z" ,
"modified" : "2016-11-02T07:47:11.000Z" ,
"description" : "Saker/Xbox" ,
"pattern" : "[file:hashes.MD5 = 'e490174855b8548161613fd5d9955e7a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:47:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199aae-5a18-4ced-86c8-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:06.000Z" ,
"modified" : "2016-11-02T07:50:06.000Z" ,
"description" : "Mutex match" ,
"pattern" : "[file:hashes.SHA256 = 'f15840fbade7a5611391193a4a53f63ef465ab451f7783da21cad7303ea3b68c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199aae-14dc-4896-969c-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:06.000Z" ,
"modified" : "2016-11-02T07:50:06.000Z" ,
"description" : "Mutex match" ,
"pattern" : "[file:hashes.MD5 = 'e49e235b301a4316ef58753c093279f0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199aae-c690-4324-b536-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:06.000Z" ,
"modified" : "2016-11-02T07:50:06.000Z" ,
"description" : "Mutex match" ,
"pattern" : "[file:hashes.SHA256 = '97ec795227818fedc70fad9f2df8cb839d9fb75b502f3598614610d4e8e1be78']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199aaf-1e80-4115-be88-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:07.000Z" ,
"modified" : "2016-11-02T07:50:07.000Z" ,
"description" : "Mutex match" ,
"pattern" : "[file:hashes.MD5 = '0ea68dd9463626082bb96ad373bd84e0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199aaf-18e8-4d01-8825-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:07.000Z" ,
"modified" : "2016-11-02T07:50:07.000Z" ,
"description" : "PEHash of Prior samples" ,
"pattern" : "[file:hashes.PEHASH = '59781db8be6bb162f5c8ee8cf950fe191417baa4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"pehash\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199aaf-1df0-4c0d-8ce4-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:07.000Z" ,
"modified" : "2016-11-02T07:50:07.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.SHA256 = '444c6589ed030da41ba49d20ac38029e5213978fadef2ee94408e4f91395b488']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199aaf-1514-452d-b6ee-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:07.000Z" ,
"modified" : "2016-11-02T07:50:07.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.MD5 = '1a169a7e52879bad47e2834abfe50361']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199ab0-3254-498e-b91c-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:08.000Z" ,
"modified" : "2016-11-02T07:50:08.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.SHA256 = 'ef3e7b1c37aef1d8359169cca9409db4709632b9aa8bf44febe0d91e93ab537e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199ab0-e800-497f-9335-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:08.000Z" ,
"modified" : "2016-11-02T07:50:08.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.MD5 = '731a9761626e39bb84b34343bdae67b0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199ab0-341c-4644-ae0c-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:08.000Z" ,
"modified" : "2016-11-02T07:50:08.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.SHA256 = '62a033fc586c6220ee0c0ea8ff207ab038776455505fa2137e9591433ada26e1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199ab0-eab8-4ba6-9506-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:08.000Z" ,
"modified" : "2016-11-02T07:50:08.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.MD5 = '1dc2e57dbf63051608cff83d8b88d352']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199ab1-0700-4e3e-88a2-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:09.000Z" ,
"modified" : "2016-11-02T07:50:09.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.SHA256 = '087e45f63ce00c4df07f81837eceb0b322773822feee01cfc005e5fc14e50f5e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199ab1-bb2c-4631-9ef1-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:09.000Z" ,
"modified" : "2016-11-02T07:50:09.000Z" ,
"description" : "Sample matching PEHash" ,
"pattern" : "[file:hashes.MD5 = 'de07dc9e83bfd445ad7cc58baab671f2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199ac5-c9dc-4d15-bd66-5932950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:50:29.000Z" ,
"modified" : "2016-11-02T07:50:29.000Z" ,
"description" : "suspicious mutex in Saker/Xbox" ,
"pattern" : "[mutex:name = 'pcdebug.1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:50:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"mutex\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b90-8720-459a-9cc4-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:52.000Z" ,
"modified" : "2016-11-02T07:53:52.000Z" ,
"description" : "Google aqsakla Rabiye isming.doc" ,
"pattern" : "[file:hashes.SHA256 = '3f3d0a5aa2799d6afe74c5cb6e077e375078b173263c5ca887ffe2e22164b10f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b90-a7c4-44fa-9165-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:52.000Z" ,
"modified" : "2016-11-02T07:53:52.000Z" ,
"description" : "agahlandurushname.doc" ,
"pattern" : "[file:hashes.SHA256 = '7b587b104219784e9fd3dc9c13a0f652e73baed01e8c3b24828a92f151f3c698']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b90-87d0-4d4a-8edd-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:52.000Z" ,
"modified" : "2016-11-02T07:53:52.000Z" ,
"description" : "chaqiriq.doc" ,
"pattern" : "[file:hashes.SHA256 = '4ab388b1310918144ad95e418ebe12251a97cb69fbed3f0dd9f04d780ddd132d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b90-ad1c-4a4e-a85a-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:52.000Z" ,
"modified" : "2016-11-02T07:53:52.000Z" ,
"description" : "chaqiriq.doc" ,
"pattern" : "[file:hashes.SHA256 = '940d0770e644c152d60a13f9d40015a1089419361de33fe127e032f4bb446c69']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b91-80b4-4ef5-b984-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:53.000Z" ,
"modified" : "2016-11-02T07:53:53.000Z" ,
"description" : "chqiriq.doc" ,
"pattern" : "[file:hashes.SHA256 = '0c35a508ece0c9269e176b6b278a96f7ca29e04a2ca2319a91b585f27abfe2f6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b91-9930-4730-abd7-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:53.000Z" ,
"modified" : "2016-11-02T07:53:53.000Z" ,
"description" : "tetqiqat doklati.doc" ,
"pattern" : "[file:hashes.SHA256 = '5e818eeb0cffeb6f65f611a17f522560912ae19372e7f734be6df5e35ba82337']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b91-41ec-43b9-b895-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:53.000Z" ,
"modified" : "2016-11-02T07:53:53.000Z" ,
"description" : "istepaname.doc" ,
"pattern" : "[file:hashes.SHA256 = 'e55912a134902ab73c52cb42f32051745214275b59a95d565cfcb7560d32f601']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b91-8928-4177-8bc6-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:53.000Z" ,
"modified" : "2016-11-02T07:53:53.000Z" ,
"description" : "jedwel.doc" ,
"pattern" : "[file:hashes.SHA256 = '45e39db2a877ff2663efc4d66ed4084ffdb6ddb4926112b7c471872208b96767']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b91-8910-4c5b-84d5-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:53.000Z" ,
"modified" : "2016-11-02T07:53:53.000Z" ,
"description" : "teklipname.doc" ,
"pattern" : "[file:hashes.SHA256 = 'f4fd8554710017caa042b52122d7985c7f510df8e2c26f1ffa6e27233bfe9b54']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b92-3990-40e3-99ae-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:54.000Z" ,
"modified" : "2016-11-02T07:53:54.000Z" ,
"description" : "Tetqiqat doklati.doc" ,
"pattern" : "[file:hashes.SHA256 = '9feee2a3fe49fe774d414999ac393655255e7c035ffc93bbd031a2331fd89dc8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b92-5f60-4bc9-bc55-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:54.000Z" ,
"modified" : "2016-11-02T07:53:54.000Z" ,
"description" : "uqturush.doc" ,
"pattern" : "[file:hashes.SHA256 = '3bbf0f821c89ba03d30deb63eec59c8e9e76c20578ad805de9971bdbcd2855d2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b92-1da0-4cd8-aa4a-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:54.000Z" ,
"modified" : "2016-11-02T07:53:54.000Z" ,
"description" : "malware" ,
"pattern" : "[file:hashes.SHA256 = '69c2da4061890050dc0ca28db6f240c8ed6c4897f4174bcd5d1bca00ade537d5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b92-fa98-476a-b72c-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:54.000Z" ,
"modified" : "2016-11-02T07:53:54.000Z" ,
"description" : "malware" ,
"pattern" : "[file:hashes.MD5 = '9de14f249afc4e6979d8f2106e405b21']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b93-fbd0-4a5f-bf4c-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:55.000Z" ,
"modified" : "2016-11-02T07:53:55.000Z" ,
"description" : "malware" ,
"pattern" : "[file:hashes.SHA256 = 'be7a14927ff11536a5bfd6c21d3f4a304659001f1f13b6d90ce0e031522817e5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199b93-cc98-4b20-8bed-69b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T07:53:55.000Z" ,
"modified" : "2016-11-02T07:53:55.000Z" ,
"description" : "malware" ,
"pattern" : "[file:hashes.MD5 = '2f981ac92284f1c710e53a5a2d41257a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T07:53:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d01-ddbc-4294-976e-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:01.000Z" ,
"modified" : "2016-11-02T08:00:01.000Z" ,
"description" : "uqturush.doc - Xchecked via VT: 3bbf0f821c89ba03d30deb63eec59c8e9e76c20578ad805de9971bdbcd2855d2" ,
"pattern" : "[file:hashes.SHA1 = '3f4719e1132fbe99c61ba2860c01a59c1bb9eee4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d01-e758-4f49-8c30-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:01.000Z" ,
"modified" : "2016-11-02T08:00:01.000Z" ,
"description" : "uqturush.doc - Xchecked via VT: 3bbf0f821c89ba03d30deb63eec59c8e9e76c20578ad805de9971bdbcd2855d2" ,
"pattern" : "[file:hashes.MD5 = 'e680b0b3e1679d64044795ea9800d52e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d01-d9a0-4d93-a953-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:01.000Z" ,
"modified" : "2016-11-02T08:00:01.000Z" ,
"first_observed" : "2016-11-02T08:00:01Z" ,
"last_observed" : "2016-11-02T08:00:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d01-d9a0-4d93-a953-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d01-d9a0-4d93-a953-593002de0b81" ,
"value" : "https://www.virustotal.com/file/3bbf0f821c89ba03d30deb63eec59c8e9e76c20578ad805de9971bdbcd2855d2/analysis/1457003870/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d02-52cc-4f23-903b-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:02.000Z" ,
"modified" : "2016-11-02T08:00:02.000Z" ,
"description" : "Tetqiqat doklati.doc - Xchecked via VT: 9feee2a3fe49fe774d414999ac393655255e7c035ffc93bbd031a2331fd89dc8" ,
"pattern" : "[file:hashes.SHA1 = '2fd166e52f0a4daa795763eb66207b1a14d8e59e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d02-16a8-4a5c-9879-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:02.000Z" ,
"modified" : "2016-11-02T08:00:02.000Z" ,
"description" : "Tetqiqat doklati.doc - Xchecked via VT: 9feee2a3fe49fe774d414999ac393655255e7c035ffc93bbd031a2331fd89dc8" ,
"pattern" : "[file:hashes.MD5 = '7d808f496a8e66adfa6af76838f1c3a4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d02-d948-4059-8c23-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:02.000Z" ,
"modified" : "2016-11-02T08:00:02.000Z" ,
"first_observed" : "2016-11-02T08:00:02Z" ,
"last_observed" : "2016-11-02T08:00:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d02-d948-4059-8c23-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d02-d948-4059-8c23-593002de0b81" ,
"value" : "https://www.virustotal.com/file/9feee2a3fe49fe774d414999ac393655255e7c035ffc93bbd031a2331fd89dc8/analysis/1467389786/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d03-955c-4de5-9ba9-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:03.000Z" ,
"modified" : "2016-11-02T08:00:03.000Z" ,
"description" : "teklipname.doc - Xchecked via VT: f4fd8554710017caa042b52122d7985c7f510df8e2c26f1ffa6e27233bfe9b54" ,
"pattern" : "[file:hashes.SHA1 = 'ec8816b82bab16ae26777b17eea95883bea5c3fb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d03-c30c-48a2-bc88-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:03.000Z" ,
"modified" : "2016-11-02T08:00:03.000Z" ,
"description" : "teklipname.doc - Xchecked via VT: f4fd8554710017caa042b52122d7985c7f510df8e2c26f1ffa6e27233bfe9b54" ,
"pattern" : "[file:hashes.MD5 = '190b6d19b3d2088acbd56323dbd98973']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d03-0da4-4b22-96c6-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:03.000Z" ,
"modified" : "2016-11-02T08:00:03.000Z" ,
"first_observed" : "2016-11-02T08:00:03Z" ,
"last_observed" : "2016-11-02T08:00:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d03-0da4-4b22-96c6-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d03-0da4-4b22-96c6-593002de0b81" ,
"value" : "https://www.virustotal.com/file/f4fd8554710017caa042b52122d7985c7f510df8e2c26f1ffa6e27233bfe9b54/analysis/1467397149/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d03-6b38-470f-aaf8-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:03.000Z" ,
"modified" : "2016-11-02T08:00:03.000Z" ,
"description" : "jedwel.doc - Xchecked via VT: 45e39db2a877ff2663efc4d66ed4084ffdb6ddb4926112b7c471872208b96767" ,
"pattern" : "[file:hashes.SHA1 = '3b59b1b2d5416bbb4a28da2a45414bc0605bcead']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d04-ace4-4566-b96d-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:04.000Z" ,
"modified" : "2016-11-02T08:00:04.000Z" ,
"description" : "jedwel.doc - Xchecked via VT: 45e39db2a877ff2663efc4d66ed4084ffdb6ddb4926112b7c471872208b96767" ,
"pattern" : "[file:hashes.MD5 = '9985b1ab655f26e8a05f8402ad0ea300']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d04-8f68-4815-b5fd-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:04.000Z" ,
"modified" : "2016-11-02T08:00:04.000Z" ,
"first_observed" : "2016-11-02T08:00:04Z" ,
"last_observed" : "2016-11-02T08:00:04Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d04-8f68-4815-b5fd-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d04-8f68-4815-b5fd-593002de0b81" ,
"value" : "https://www.virustotal.com/file/45e39db2a877ff2663efc4d66ed4084ffdb6ddb4926112b7c471872208b96767/analysis/1467395826/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d04-b1fc-4c68-973e-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:04.000Z" ,
"modified" : "2016-11-02T08:00:04.000Z" ,
"description" : "istepaname.doc - Xchecked via VT: e55912a134902ab73c52cb42f32051745214275b59a95d565cfcb7560d32f601" ,
"pattern" : "[file:hashes.SHA1 = 'fbc27bcf672d1ea3d4ff9cb3a8fd6a55d92d8b74']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d04-22e4-42fc-a180-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:04.000Z" ,
"modified" : "2016-11-02T08:00:04.000Z" ,
"description" : "istepaname.doc - Xchecked via VT: e55912a134902ab73c52cb42f32051745214275b59a95d565cfcb7560d32f601" ,
"pattern" : "[file:hashes.MD5 = '6d9091def6fbf3ead3136eaa1861113c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d05-e6d4-46c7-809f-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:04.000Z" ,
"modified" : "2016-11-02T08:00:04.000Z" ,
"first_observed" : "2016-11-02T08:00:04Z" ,
"last_observed" : "2016-11-02T08:00:04Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d05-e6d4-46c7-809f-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d05-e6d4-46c7-809f-593002de0b81" ,
"value" : "https://www.virustotal.com/file/e55912a134902ab73c52cb42f32051745214275b59a95d565cfcb7560d32f601/analysis/1458644189/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d05-a17c-4c0b-8842-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:05.000Z" ,
"modified" : "2016-11-02T08:00:05.000Z" ,
"description" : "tetqiqat doklati.doc - Xchecked via VT: 5e818eeb0cffeb6f65f611a17f522560912ae19372e7f734be6df5e35ba82337" ,
"pattern" : "[file:hashes.SHA1 = '29283c126924dca11b05af968a1de2ad46e8dc9c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d05-3dec-4053-9bd8-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:05.000Z" ,
"modified" : "2016-11-02T08:00:05.000Z" ,
"description" : "tetqiqat doklati.doc - Xchecked via VT: 5e818eeb0cffeb6f65f611a17f522560912ae19372e7f734be6df5e35ba82337" ,
"pattern" : "[file:hashes.MD5 = 'dad5fca029351bde31de9fff3541fdf5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d05-a3d4-4ab0-8d16-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:05.000Z" ,
"modified" : "2016-11-02T08:00:05.000Z" ,
"first_observed" : "2016-11-02T08:00:05Z" ,
"last_observed" : "2016-11-02T08:00:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d05-a3d4-4ab0-8d16-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d05-a3d4-4ab0-8d16-593002de0b81" ,
"value" : "https://www.virustotal.com/file/5e818eeb0cffeb6f65f611a17f522560912ae19372e7f734be6df5e35ba82337/analysis/1467970728/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d06-8b1c-41bf-9739-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:06.000Z" ,
"modified" : "2016-11-02T08:00:06.000Z" ,
"description" : "chqiriq.doc - Xchecked via VT: 0c35a508ece0c9269e176b6b278a96f7ca29e04a2ca2319a91b585f27abfe2f6" ,
"pattern" : "[file:hashes.SHA1 = '4d697c3afd6b948ec28b7c4e9b0f1d63577ef170']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d06-2f2c-40dc-b101-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:06.000Z" ,
"modified" : "2016-11-02T08:00:06.000Z" ,
"description" : "chqiriq.doc - Xchecked via VT: 0c35a508ece0c9269e176b6b278a96f7ca29e04a2ca2319a91b585f27abfe2f6" ,
"pattern" : "[file:hashes.MD5 = '740d347f595983b88d8c4b415e900388']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d06-5488-450d-95a0-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:06.000Z" ,
"modified" : "2016-11-02T08:00:06.000Z" ,
"first_observed" : "2016-11-02T08:00:06Z" ,
"last_observed" : "2016-11-02T08:00:06Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d06-5488-450d-95a0-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d06-5488-450d-95a0-593002de0b81" ,
"value" : "https://www.virustotal.com/file/0c35a508ece0c9269e176b6b278a96f7ca29e04a2ca2319a91b585f27abfe2f6/analysis/1467385502/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d06-7d04-48bd-9241-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:06.000Z" ,
"modified" : "2016-11-02T08:00:06.000Z" ,
"description" : "chaqiriq.doc - Xchecked via VT: 940d0770e644c152d60a13f9d40015a1089419361de33fe127e032f4bb446c69" ,
"pattern" : "[file:hashes.SHA1 = 'f7eab4176799794121cd9a8b288bcea09ad7e695']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d06-0020-414d-adda-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:06.000Z" ,
"modified" : "2016-11-02T08:00:06.000Z" ,
"description" : "chaqiriq.doc - Xchecked via VT: 940d0770e644c152d60a13f9d40015a1089419361de33fe127e032f4bb446c69" ,
"pattern" : "[file:hashes.MD5 = '24b6088b65b1f67cf04dfadd4719f807']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d07-c2c4-4782-9cd6-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:07.000Z" ,
"modified" : "2016-11-02T08:00:07.000Z" ,
"first_observed" : "2016-11-02T08:00:07Z" ,
"last_observed" : "2016-11-02T08:00:07Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d07-c2c4-4782-9cd6-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d07-c2c4-4782-9cd6-593002de0b81" ,
"value" : "https://www.virustotal.com/file/940d0770e644c152d60a13f9d40015a1089419361de33fe127e032f4bb446c69/analysis/1467396978/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d07-78e4-4225-8b38-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:07.000Z" ,
"modified" : "2016-11-02T08:00:07.000Z" ,
"description" : "chaqiriq.doc - Xchecked via VT: 4ab388b1310918144ad95e418ebe12251a97cb69fbed3f0dd9f04d780ddd132d" ,
"pattern" : "[file:hashes.SHA1 = 'e4ad541c4386f24a7ab6e8f9be46e5100c759704']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d07-36c0-4736-a131-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:07.000Z" ,
"modified" : "2016-11-02T08:00:07.000Z" ,
"description" : "chaqiriq.doc - Xchecked via VT: 4ab388b1310918144ad95e418ebe12251a97cb69fbed3f0dd9f04d780ddd132d" ,
"pattern" : "[file:hashes.MD5 = '62d2cdce3736dc5d9a2f036d27ffc780']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d07-898c-486b-8f12-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:07.000Z" ,
"modified" : "2016-11-02T08:00:07.000Z" ,
"first_observed" : "2016-11-02T08:00:07Z" ,
"last_observed" : "2016-11-02T08:00:07Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d07-898c-486b-8f12-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d07-898c-486b-8f12-593002de0b81" ,
"value" : "https://www.virustotal.com/file/4ab388b1310918144ad95e418ebe12251a97cb69fbed3f0dd9f04d780ddd132d/analysis/1457591232/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d07-b870-4c96-a744-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:07.000Z" ,
"modified" : "2016-11-02T08:00:07.000Z" ,
"description" : "agahlandurushname.doc - Xchecked via VT: 7b587b104219784e9fd3dc9c13a0f652e73baed01e8c3b24828a92f151f3c698" ,
"pattern" : "[file:hashes.SHA1 = '911d6bcf69b881df38971ae4c0d07c624cea9daf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d08-c570-45d7-a8ec-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:08.000Z" ,
"modified" : "2016-11-02T08:00:08.000Z" ,
"description" : "agahlandurushname.doc - Xchecked via VT: 7b587b104219784e9fd3dc9c13a0f652e73baed01e8c3b24828a92f151f3c698" ,
"pattern" : "[file:hashes.MD5 = '5ddded4e5686ad25a02db8ef534173f1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d08-efcc-4637-9a08-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:08.000Z" ,
"modified" : "2016-11-02T08:00:08.000Z" ,
"first_observed" : "2016-11-02T08:00:08Z" ,
"last_observed" : "2016-11-02T08:00:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d08-efcc-4637-9a08-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d08-efcc-4637-9a08-593002de0b81" ,
"value" : "https://www.virustotal.com/file/7b587b104219784e9fd3dc9c13a0f652e73baed01e8c3b24828a92f151f3c698/analysis/1458310333/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d08-6324-4078-8911-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:08.000Z" ,
"modified" : "2016-11-02T08:00:08.000Z" ,
"description" : "Google aqsakla Rabiye isming.doc - Xchecked via VT: 3f3d0a5aa2799d6afe74c5cb6e077e375078b173263c5ca887ffe2e22164b10f" ,
"pattern" : "[file:hashes.SHA1 = '4879022a39c2917e629edffc3af1c57cf81c58ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d08-8cac-4304-afaf-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:08.000Z" ,
"modified" : "2016-11-02T08:00:08.000Z" ,
"description" : "Google aqsakla Rabiye isming.doc - Xchecked via VT: 3f3d0a5aa2799d6afe74c5cb6e077e375078b173263c5ca887ffe2e22164b10f" ,
"pattern" : "[file:hashes.MD5 = '5d16e305ef6dc2db9c0ff1b498277e8c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d09-9b1c-40a9-8c1b-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:09.000Z" ,
"modified" : "2016-11-02T08:00:09.000Z" ,
"first_observed" : "2016-11-02T08:00:09Z" ,
"last_observed" : "2016-11-02T08:00:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d09-9b1c-40a9-8c1b-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d09-9b1c-40a9-8c1b-593002de0b81" ,
"value" : "https://www.virustotal.com/file/3f3d0a5aa2799d6afe74c5cb6e077e375078b173263c5ca887ffe2e22164b10f/analysis/1456781229/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d09-cb20-4457-b416-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:09.000Z" ,
"modified" : "2016-11-02T08:00:09.000Z" ,
"description" : "Sample matching PEHash - Xchecked via VT: 087e45f63ce00c4df07f81837eceb0b322773822feee01cfc005e5fc14e50f5e" ,
"pattern" : "[file:hashes.SHA1 = '24378312a80c9be83f2b7c294a168dd8e030a8b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d09-e9f0-446e-85be-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:09.000Z" ,
"modified" : "2016-11-02T08:00:09.000Z" ,
"first_observed" : "2016-11-02T08:00:09Z" ,
"last_observed" : "2016-11-02T08:00:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d09-e9f0-446e-85be-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d09-e9f0-446e-85be-593002de0b81" ,
"value" : "https://www.virustotal.com/file/087e45f63ce00c4df07f81837eceb0b322773822feee01cfc005e5fc14e50f5e/analysis/1442671182/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d09-2004-4f16-964d-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:09.000Z" ,
"modified" : "2016-11-02T08:00:09.000Z" ,
"description" : "Sample matching PEHash - Xchecked via VT: ef3e7b1c37aef1d8359169cca9409db4709632b9aa8bf44febe0d91e93ab537e" ,
"pattern" : "[file:hashes.SHA1 = '94b9a2835df032a5907cdd6bac8172270a4b7282']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0a-66e0-416c-9dcb-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:10.000Z" ,
"modified" : "2016-11-02T08:00:10.000Z" ,
"first_observed" : "2016-11-02T08:00:10Z" ,
"last_observed" : "2016-11-02T08:00:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0a-66e0-416c-9dcb-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0a-66e0-416c-9dcb-593002de0b81" ,
"value" : "https://www.virustotal.com/file/ef3e7b1c37aef1d8359169cca9409db4709632b9aa8bf44febe0d91e93ab537e/analysis/1462788842/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d0a-a2c4-4ab5-9e4d-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:10.000Z" ,
"modified" : "2016-11-02T08:00:10.000Z" ,
"description" : "Sample matching PEHash - Xchecked via VT: 444c6589ed030da41ba49d20ac38029e5213978fadef2ee94408e4f91395b488" ,
"pattern" : "[file:hashes.SHA1 = '9ccf2631deab313232966ec49ddb8be4c6c4467d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0a-7e44-45e0-9fa5-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:10.000Z" ,
"modified" : "2016-11-02T08:00:10.000Z" ,
"first_observed" : "2016-11-02T08:00:10Z" ,
"last_observed" : "2016-11-02T08:00:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0a-7e44-45e0-9fa5-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0a-7e44-45e0-9fa5-593002de0b81" ,
"value" : "https://www.virustotal.com/file/444c6589ed030da41ba49d20ac38029e5213978fadef2ee94408e4f91395b488/analysis/1441268734/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d0a-3c70-422f-ab84-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:10.000Z" ,
"modified" : "2016-11-02T08:00:10.000Z" ,
"description" : "Mutex match - Xchecked via VT: 97ec795227818fedc70fad9f2df8cb839d9fb75b502f3598614610d4e8e1be78" ,
"pattern" : "[file:hashes.SHA1 = '1142f615293497837744d81e53b8490caf490c27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0a-9d4c-4a30-b875-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:10.000Z" ,
"modified" : "2016-11-02T08:00:10.000Z" ,
"first_observed" : "2016-11-02T08:00:10Z" ,
"last_observed" : "2016-11-02T08:00:10Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0a-9d4c-4a30-b875-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0a-9d4c-4a30-b875-593002de0b81" ,
"value" : "https://www.virustotal.com/file/97ec795227818fedc70fad9f2df8cb839d9fb75b502f3598614610d4e8e1be78/analysis/1442165720/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d0b-98f8-44bb-999b-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:11.000Z" ,
"modified" : "2016-11-02T08:00:11.000Z" ,
"description" : "Mutex match - Xchecked via VT: f15840fbade7a5611391193a4a53f63ef465ab451f7783da21cad7303ea3b68c" ,
"pattern" : "[file:hashes.SHA1 = '9db5c270a803e98b0135d16a1fa51c212de5d07d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0b-a2ac-4420-aa83-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:11.000Z" ,
"modified" : "2016-11-02T08:00:11.000Z" ,
"first_observed" : "2016-11-02T08:00:11Z" ,
"last_observed" : "2016-11-02T08:00:11Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0b-a2ac-4420-aa83-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0b-a2ac-4420-aa83-593002de0b81" ,
"value" : "https://www.virustotal.com/file/f15840fbade7a5611391193a4a53f63ef465ab451f7783da21cad7303ea3b68c/analysis/1442165665/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d0c-45cc-4ac6-816e-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:12.000Z" ,
"modified" : "2016-11-02T08:00:12.000Z" ,
"description" : "Saker/Xbox - Xchecked via VT: 3714058d90b2149169188418773165b620abd1481b47d1551d79679bfe21d28c" ,
"pattern" : "[file:hashes.SHA1 = 'f2d65afc2c1f59dc0bd4e1faaa41c0c976195408']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0c-6ec8-4d0b-a9cc-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:12.000Z" ,
"modified" : "2016-11-02T08:00:12.000Z" ,
"first_observed" : "2016-11-02T08:00:12Z" ,
"last_observed" : "2016-11-02T08:00:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0c-6ec8-4d0b-a9cc-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0c-6ec8-4d0b-a9cc-593002de0b81" ,
"value" : "https://www.virustotal.com/file/3714058d90b2149169188418773165b620abd1481b47d1551d79679bfe21d28c/analysis/1462960434/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d0d-41e0-4732-9124-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:13.000Z" ,
"modified" : "2016-11-02T08:00:13.000Z" ,
"description" : "Saker/Xbox - Xchecked via VT: c39e0fc30c2604b3eb9694591789a8e3d4cee7bcc4f9b03349e10c45304aef59" ,
"pattern" : "[file:hashes.SHA1 = '2dbd9349bcfb243398648e46f9994b727642e7cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0d-5df0-4539-9c22-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:13.000Z" ,
"modified" : "2016-11-02T08:00:13.000Z" ,
"first_observed" : "2016-11-02T08:00:13Z" ,
"last_observed" : "2016-11-02T08:00:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0d-5df0-4539-9c22-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0d-5df0-4539-9c22-593002de0b81" ,
"value" : "https://www.virustotal.com/file/c39e0fc30c2604b3eb9694591789a8e3d4cee7bcc4f9b03349e10c45304aef59/analysis/1471881852/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d0e-6504-460f-8263-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:14.000Z" ,
"modified" : "2016-11-02T08:00:14.000Z" ,
"description" : "Gh0stRAT LURK0 - Xchecked via VT: b625e605932196efbc6c80a18f61a71d27d82935209a1abde2ec591973fed31e" ,
"pattern" : "[file:hashes.SHA1 = 'b6a78ea984a34a3ae00b5aca3445f1c12118029c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0e-a3a0-4794-96ac-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:14.000Z" ,
"modified" : "2016-11-02T08:00:14.000Z" ,
"first_observed" : "2016-11-02T08:00:14Z" ,
"last_observed" : "2016-11-02T08:00:14Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0e-a3a0-4794-96ac-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0e-a3a0-4794-96ac-593002de0b81" ,
"value" : "https://www.virustotal.com/file/b625e605932196efbc6c80a18f61a71d27d82935209a1abde2ec591973fed31e/analysis/1462776856/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58199d0f-9834-4d37-9332-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:15.000Z" ,
"modified" : "2016-11-02T08:00:15.000Z" ,
"description" : "PlugX malware - Xchecked via VT: a351040c0da2837f19b357baea4bffe194b0cd0d86bf262f8be1126e3a9d44d8" ,
"pattern" : "[file:hashes.SHA1 = '9a19a983e5c9db7f7675bbb93173699b12df3955']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-02T08:00:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58199d0f-7bbc-447e-8b45-593002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-02T08:00:15.000Z" ,
"modified" : "2016-11-02T08:00:15.000Z" ,
"first_observed" : "2016-11-02T08:00:15Z" ,
"last_observed" : "2016-11-02T08:00:15Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58199d0f-7bbc-447e-8b45-593002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58199d0f-7bbc-447e-8b45-593002de0b81" ,
"value" : "https://www.virustotal.com/file/a351040c0da2837f19b357baea4bffe194b0cd0d86bf262f8be1126e3a9d44d8/analysis/1458560323/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
