2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--58355b51-ce70-4549-84cf-6ba7950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:42.000Z" ,
"modified" : "2016-11-23T09:09:42.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--58355b51-ce70-4549-84cf-6ba7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:42.000Z" ,
"modified" : "2016-11-23T09:09:42.000Z" ,
"name" : "OSINT - Tropic Trooper Targets Taiwanese Government and Fossil Fuel Provider With Poison Ivy" ,
"published" : "2016-11-23T10:02:45Z" ,
"object_refs" : [
"observed-data--58355ba4-fa98-4da5-9250-9d09950d210f" ,
"url--58355ba4-fa98-4da5-9250-9d09950d210f" ,
"x-misp-attribute--58355bb1-dbac-47d6-b864-7972950d210f" ,
"indicator--58355bf5-07e4-4c47-bf65-9a1e950d210f" ,
"indicator--58355bf5-62a8-445d-8e1b-9a1e950d210f" ,
"indicator--58355bf5-ba10-47dd-9790-9a1e950d210f" ,
"indicator--58355bf6-74d8-4b9b-8c2c-9a1e950d210f" ,
"indicator--58355bf6-b3a8-432a-89f9-9a1e950d210f" ,
"indicator--58355bf6-b064-49ae-a211-9a1e950d210f" ,
"indicator--58355bf6-48f0-4afb-b251-9a1e950d210f" ,
"indicator--58355bf7-e7d4-488e-8757-9a1e950d210f" ,
"indicator--58355bf7-72dc-49b6-b96a-9a1e950d210f" ,
"indicator--58355bf7-c2e0-4032-87e2-9a1e950d210f" ,
"indicator--58355bf7-2254-48db-98b2-9a1e950d210f" ,
"indicator--58355bf7-b24c-40fc-bc7d-9a1e950d210f" ,
"indicator--58355bf8-1b00-4f3f-b0aa-9a1e950d210f" ,
"indicator--58355bf8-0fbc-4e7b-a2a9-9a1e950d210f" ,
"indicator--58355bf8-da90-4177-a347-9a1e950d210f" ,
"indicator--58355bf8-b570-4157-b76d-9a1e950d210f" ,
"indicator--58355bf9-1b44-41e7-b00f-9a1e950d210f" ,
"indicator--58355bf9-aedc-4edc-a84e-9a1e950d210f" ,
"indicator--58355bf9-3850-47b1-970a-9a1e950d210f" ,
"indicator--58355bf9-75a4-4be3-b9b4-9a1e950d210f" ,
"indicator--58355bf9-6cf8-4ed8-99b8-9a1e950d210f" ,
"indicator--58355bfa-f6e8-4ddd-a898-9a1e950d210f" ,
"indicator--58355bfa-87e0-413c-8ea3-9a1e950d210f" ,
"indicator--58355bfa-ec54-4a15-922d-9a1e950d210f" ,
"indicator--58355bfa-1788-4ae5-9f60-9a1e950d210f" ,
"indicator--58355bfb-f854-4c6a-8e39-9a1e950d210f" ,
"indicator--58355bfb-0b0c-4181-9435-9a1e950d210f" ,
"indicator--58355bfb-ed94-4fc5-937a-9a1e950d210f" ,
"indicator--58355bfc-5920-46b6-bdf3-9a1e950d210f" ,
"indicator--58355bfc-8c78-4a30-abab-9a1e950d210f" ,
"indicator--58355bfc-5760-4734-a746-9a1e950d210f" ,
"indicator--58355bfc-31ec-4821-bda6-9a1e950d210f" ,
"indicator--58355bfd-b8ac-4cb5-a1f8-9a1e950d210f" ,
"indicator--58355bfd-84d4-449f-8712-9a1e950d210f" ,
"indicator--58355bfd-54e0-4e3b-aedd-9a1e950d210f" ,
"indicator--58355bfd-ab70-4f14-b99a-9a1e950d210f" ,
"indicator--58355bfd-7b44-4eab-a082-9a1e950d210f" ,
"indicator--58355bfe-2d80-4751-aaf8-9a1e950d210f" ,
"indicator--58355bfe-3e1c-4a83-a440-9a1e950d210f" ,
"indicator--58355bfe-e708-4266-996b-9a1e950d210f" ,
"indicator--58355bfe-bb54-4f2a-9ddc-9a1e950d210f" ,
"indicator--58355bff-1f48-43a4-8a43-9a1e950d210f" ,
"indicator--58355bff-bcd0-44af-b5bb-9a1e950d210f" ,
"indicator--58355bff-529c-4b6e-818f-9a1e950d210f" ,
"indicator--58355bff-1444-4ccf-b938-9a1e950d210f" ,
"indicator--58355bff-d790-4961-855d-9a1e950d210f" ,
"indicator--58355c00-e9a0-41a2-accc-9a1e950d210f" ,
"indicator--58355c00-9c1c-4f32-8ed6-9a1e950d210f" ,
"indicator--58355c00-69a8-4a74-8f2f-9a1e950d210f" ,
"indicator--58355c00-f338-4d66-a0a3-9a1e950d210f" ,
"indicator--58355c01-96e0-4002-97df-9a1e950d210f" ,
"indicator--58355c01-0984-4aa2-ab48-9a1e950d210f" ,
"indicator--58355c01-a69c-45f3-bfe1-9a1e950d210f" ,
"indicator--58355c01-d284-4205-b7a6-9a1e950d210f" ,
"indicator--58355c01-20f8-48e1-b472-9a1e950d210f" ,
"indicator--58355c22-b3d0-4998-87eb-6ba5950d210f" ,
"indicator--58355c23-e2ec-4701-94bb-6ba5950d210f" ,
"indicator--58355c23-7498-4d53-a28a-6ba5950d210f" ,
"indicator--58355c23-0968-48c6-899c-6ba5950d210f" ,
"indicator--58355c23-965c-44bb-b777-6ba5950d210f" ,
"indicator--58355c24-e70c-478e-908a-6ba5950d210f" ,
"indicator--58355c24-971c-490e-bee5-6ba5950d210f" ,
"indicator--58355c24-36b8-4746-97b7-6ba5950d210f" ,
"indicator--58355c24-a09c-4f8c-a469-6ba5950d210f" ,
"indicator--58355c25-1ccc-497a-a8cc-6ba5950d210f" ,
"indicator--58355c25-ae94-490b-9fac-6ba5950d210f" ,
"indicator--58355c25-1324-45a6-a423-6ba5950d210f" ,
"indicator--58355c25-72d0-4fba-af39-6ba5950d210f" ,
"indicator--58355c25-d564-4782-9bdf-6ba5950d210f" ,
"indicator--58355c26-989c-4736-98c6-6ba5950d210f" ,
"indicator--58355c26-979c-4301-a52c-6ba5950d210f" ,
"indicator--58355c26-1ea0-4d5a-84df-6ba5950d210f" ,
"indicator--58355c26-6df8-4aa0-b46a-6ba5950d210f" ,
"indicator--58355c27-f184-4494-b087-6ba5950d210f" ,
"indicator--58355c27-7168-4ff0-b879-6ba5950d210f" ,
"indicator--58355c27-99b0-4b71-8de3-6ba5950d210f" ,
"indicator--58355c27-7c68-4c60-b9c8-6ba5950d210f" ,
"indicator--58355c27-1dc0-4905-acf5-6ba5950d210f" ,
"indicator--58355c28-45c8-41e8-b406-6ba5950d210f" ,
"indicator--58355c28-e880-4c32-a152-6ba5950d210f" ,
"indicator--58355c34-aae4-45fc-a102-6ba5950d210f" ,
"indicator--58355c34-2a4c-494b-a3c9-6ba5950d210f" ,
"indicator--58355c35-5a74-42ba-ae46-6ba5950d210f" ,
"indicator--58355c35-e31c-4eb9-8972-6ba5950d210f" ,
"indicator--58355c35-85bc-431d-ac67-6ba5950d210f" ,
"indicator--58355c35-5f04-4dba-90d0-6ba5950d210f" ,
"indicator--58355c51-2bf8-4452-803d-9a1e950d210f" ,
"indicator--58355c51-eaec-496a-a3c8-9a1e950d210f" ,
"indicator--58355c52-c298-49f0-a966-9a1e950d210f" ,
"indicator--58355c52-321c-4119-806d-9a1e950d210f" ,
"indicator--58355c52-9558-4a50-abbe-9a1e950d210f" ,
"indicator--58355c52-35dc-478c-9b41-9a1e950d210f" ,
"indicator--58355c52-fd28-43ca-8cbe-9a1e950d210f" ,
"indicator--58355c53-4f20-4b8d-9082-9a1e950d210f" ,
"indicator--58355c53-6820-4b95-a3ff-9a1e950d210f" ,
"indicator--58355c53-d8dc-453e-9412-9a1e950d210f" ,
"indicator--58355c53-c12c-4fbb-805a-9a1e950d210f" ,
"indicator--58355c54-07c8-4815-9fd4-9a1e950d210f" ,
"indicator--58355c54-3c24-4b41-9e44-9a1e950d210f" ,
"indicator--58355c54-6498-4f6b-8d21-9a1e950d210f" ,
"indicator--58355c54-5af4-4f44-9dd0-9a1e950d210f" ,
"indicator--58355c54-7da8-4947-8707-9a1e950d210f" ,
"indicator--58355c55-c428-4dbc-9c98-9a1e950d210f" ,
"indicator--58355c55-bce0-4a35-ab0a-9a1e950d210f" ,
"indicator--58355c55-4ba0-4bb7-a69b-9a1e950d210f" ,
"indicator--58355c55-f9d8-4c96-a682-9a1e950d210f" ,
"indicator--58355c56-aff4-44e2-bfa3-9a1e950d210f" ,
"indicator--58355c56-c770-411c-b5bc-9a1e950d210f" ,
"indicator--58355c56-c0f4-4bf9-96b8-9a1e950d210f" ,
"indicator--58355c56-4c30-4f01-b44a-9a1e950d210f" ,
"indicator--58355c56-063c-4f8f-a8fd-9a1e950d210f" ,
"indicator--58355c57-bcb4-4791-84c3-9a1e950d210f" ,
"indicator--58355c57-6b28-43e4-ade1-9a1e950d210f" ,
"indicator--58355c57-a7d0-47af-9b2b-9a1e950d210f" ,
"indicator--58355c66-fdf8-461d-b8b0-6b9f950d210f" ,
"indicator--58355c66-9500-4ef0-8aa3-6b9f950d210f" ,
"indicator--58355c73-8d1c-44c8-b526-6b9f950d210f" ,
"indicator--58355c73-f6a0-485c-9dcb-6b9f950d210f" ,
"indicator--58355c74-ee0c-43f4-9c6f-6b9f950d210f" ,
"indicator--58355c74-cdfc-45f4-bea2-6b9f950d210f" ,
"indicator--58355c74-045c-4d40-9b54-6b9f950d210f" ,
"indicator--58355c74-0234-4612-bdc3-6b9f950d210f" ,
"indicator--58355cd6-b420-45e3-aa16-9a1e02de0b81" ,
"indicator--58355cd6-f1f0-4a4e-8a30-9a1e02de0b81" ,
"observed-data--58355cd7-2da8-4a8f-aa30-9a1e02de0b81" ,
"url--58355cd7-2da8-4a8f-aa30-9a1e02de0b81" ,
"indicator--58355cd7-4964-42c6-9988-9a1e02de0b81" ,
"indicator--58355cd7-c7c0-4819-8ef3-9a1e02de0b81" ,
"observed-data--58355cd7-7260-4c81-87e6-9a1e02de0b81" ,
"url--58355cd7-7260-4c81-87e6-9a1e02de0b81" ,
"indicator--58355cd8-f350-4dec-bdfa-9a1e02de0b81" ,
"indicator--58355cd8-1f18-47f8-ab03-9a1e02de0b81" ,
"observed-data--58355cd8-beb8-4f13-b30c-9a1e02de0b81" ,
"url--58355cd8-beb8-4f13-b30c-9a1e02de0b81" ,
"indicator--58355cd8-13b4-45d6-98e8-9a1e02de0b81" ,
"indicator--58355cd9-15cc-4290-b0ba-9a1e02de0b81" ,
"observed-data--58355cd9-d238-4178-84b8-9a1e02de0b81" ,
"url--58355cd9-d238-4178-84b8-9a1e02de0b81" ,
"indicator--58355cd9-61e0-4e2d-9d97-9a1e02de0b81" ,
"indicator--58355cd9-0c74-4341-a49d-9a1e02de0b81" ,
"observed-data--58355cda-0258-4d8e-a86a-9a1e02de0b81" ,
"url--58355cda-0258-4d8e-a86a-9a1e02de0b81" ,
"indicator--58355cda-3914-45f9-b448-9a1e02de0b81" ,
"indicator--58355cda-d2a8-46a1-9bba-9a1e02de0b81" ,
"observed-data--58355cda-5e84-4624-b948-9a1e02de0b81" ,
"url--58355cda-5e84-4624-b948-9a1e02de0b81" ,
"indicator--58355cdb-1204-455a-9f12-9a1e02de0b81" ,
"indicator--58355cdb-26a0-4f69-8486-9a1e02de0b81" ,
"observed-data--58355cdb-6da0-41c3-8add-9a1e02de0b81" ,
"url--58355cdb-6da0-41c3-8add-9a1e02de0b81" ,
"indicator--58355cdb-a7a0-49a7-b1c1-9a1e02de0b81" ,
"indicator--58355cdc-bfc0-4e9c-9bcf-9a1e02de0b81" ,
"observed-data--58355cdc-ff60-49df-bc05-9a1e02de0b81" ,
"url--58355cdc-ff60-49df-bc05-9a1e02de0b81" ,
"indicator--58355cdc-7638-45fe-b08c-9a1e02de0b81" ,
"indicator--58355cdc-2ab8-46b2-8c3f-9a1e02de0b81" ,
"observed-data--58355cdc-c9d8-480a-a01c-9a1e02de0b81" ,
"url--58355cdc-c9d8-480a-a01c-9a1e02de0b81" ,
"indicator--58355cdd-80fc-4320-bc15-9a1e02de0b81" ,
"indicator--58355cdd-59fc-479d-9136-9a1e02de0b81" ,
"observed-data--58355cdd-fe04-4a02-a142-9a1e02de0b81" ,
"url--58355cdd-fe04-4a02-a142-9a1e02de0b81" ,
"indicator--58355cdd-c96c-430f-933f-9a1e02de0b81" ,
"indicator--58355cde-0264-4712-8fc6-9a1e02de0b81" ,
"observed-data--58355cde-4ac4-493c-8938-9a1e02de0b81" ,
"url--58355cde-4ac4-493c-8938-9a1e02de0b81" ,
"indicator--58355cde-0210-46c3-b02d-9a1e02de0b81" ,
"indicator--58355cde-b0d4-4ad7-a668-9a1e02de0b81" ,
"observed-data--58355cde-68b4-4c70-9e97-9a1e02de0b81" ,
"url--58355cde-68b4-4c70-9e97-9a1e02de0b81" ,
"indicator--58355cdf-e96c-4a00-a08b-9a1e02de0b81" ,
"indicator--58355cdf-cd9c-45af-a628-9a1e02de0b81" ,
"observed-data--58355cdf-0cec-4140-82fb-9a1e02de0b81" ,
"url--58355cdf-0cec-4140-82fb-9a1e02de0b81" ,
"indicator--58355cdf-49f4-4610-9885-9a1e02de0b81" ,
"indicator--58355ce0-6c28-4f20-819b-9a1e02de0b81" ,
"observed-data--58355ce0-df40-4837-b163-9a1e02de0b81" ,
"url--58355ce0-df40-4837-b163-9a1e02de0b81" ,
"indicator--58355ce0-dfc0-4b74-9862-9a1e02de0b81" ,
"indicator--58355ce0-0578-427d-99a6-9a1e02de0b81" ,
"observed-data--58355ce0-a538-4f87-8547-9a1e02de0b81" ,
"url--58355ce0-a538-4f87-8547-9a1e02de0b81" ,
"indicator--58355ce1-9e5c-49c1-b9c5-9a1e02de0b81" ,
"indicator--58355ce1-7620-4aa8-89a7-9a1e02de0b81" ,
"observed-data--58355ce1-5d70-4f31-9b41-9a1e02de0b81" ,
"url--58355ce1-5d70-4f31-9b41-9a1e02de0b81" ,
"indicator--58355ce1-2dd0-4b5a-a335-9a1e02de0b81" ,
"indicator--58355ce2-7780-419c-9ed3-9a1e02de0b81" ,
"observed-data--58355ce2-3a7c-4fec-a495-9a1e02de0b81" ,
"url--58355ce2-3a7c-4fec-a495-9a1e02de0b81" ,
"indicator--58355ce2-f1c0-4386-860b-9a1e02de0b81" ,
"indicator--58355ce2-78a8-49c8-b000-9a1e02de0b81" ,
"observed-data--58355ce2-7ff8-4c9f-aaed-9a1e02de0b81" ,
"url--58355ce2-7ff8-4c9f-aaed-9a1e02de0b81" ,
"indicator--58355ce3-dfd4-4301-8f5b-9a1e02de0b81" ,
"indicator--58355ce3-8160-4c9e-b1c1-9a1e02de0b81" ,
"observed-data--58355ce3-57b8-487c-bdf1-9a1e02de0b81" ,
"url--58355ce3-57b8-487c-bdf1-9a1e02de0b81" ,
"indicator--58355ce3-07ac-492e-9218-9a1e02de0b81" ,
"indicator--58355ce4-9908-4334-a081-9a1e02de0b81" ,
"observed-data--58355ce4-ed14-4a71-a79a-9a1e02de0b81" ,
"url--58355ce4-ed14-4a71-a79a-9a1e02de0b81" ,
"indicator--58355ce4-d084-45f1-b2f1-9a1e02de0b81" ,
"indicator--58355ce4-54f0-4608-afa7-9a1e02de0b81" ,
"observed-data--58355ce4-52bc-4e63-809e-9a1e02de0b81" ,
"url--58355ce4-52bc-4e63-809e-9a1e02de0b81" ,
"indicator--58355ce5-b2d0-4d2e-b3fa-9a1e02de0b81" ,
"indicator--58355ce5-292c-49c6-818c-9a1e02de0b81" ,
"observed-data--58355ce5-9d54-4f53-9ddc-9a1e02de0b81" ,
"url--58355ce5-9d54-4f53-9ddc-9a1e02de0b81" ,
"indicator--58355ce5-5a88-43fb-95bd-9a1e02de0b81" ,
"indicator--58355ce6-5af0-4f40-8956-9a1e02de0b81" ,
"observed-data--58355ce6-8490-439b-a613-9a1e02de0b81" ,
"url--58355ce6-8490-439b-a613-9a1e02de0b81" ,
"indicator--58355ce6-3fbc-464c-8b94-9a1e02de0b81" ,
"indicator--58355ce6-baa4-4c32-b366-9a1e02de0b81" ,
"observed-data--58355ce7-bed4-4e49-bc76-9a1e02de0b81" ,
"url--58355ce7-bed4-4e49-bc76-9a1e02de0b81" ,
"indicator--58355ce7-7490-4b58-9d16-9a1e02de0b81" ,
"indicator--58355ce7-049c-4626-b71f-9a1e02de0b81" ,
"observed-data--58355ce7-9048-43c9-997f-9a1e02de0b81" ,
"url--58355ce7-9048-43c9-997f-9a1e02de0b81" ,
"indicator--58355ce8-b17c-4414-9d36-9a1e02de0b81" ,
"indicator--58355ce8-67b4-4bf7-a743-9a1e02de0b81" ,
"observed-data--58355ce8-3d24-42f3-a9f5-9a1e02de0b81" ,
"url--58355ce8-3d24-42f3-a9f5-9a1e02de0b81" ,
"indicator--58355ce8-255c-4355-98a1-9a1e02de0b81" ,
"indicator--58355ce8-d784-4fa1-8de4-9a1e02de0b81" ,
"observed-data--58355ce9-9a84-4365-8fed-9a1e02de0b81" ,
"url--58355ce9-9a84-4365-8fed-9a1e02de0b81" ,
"indicator--58355ce9-42e8-4316-8da3-9a1e02de0b81" ,
"indicator--58355ce9-8d0c-4ef0-a73a-9a1e02de0b81" ,
"observed-data--58355ce9-6ea8-4224-965e-9a1e02de0b81" ,
"url--58355ce9-6ea8-4224-965e-9a1e02de0b81" ,
"indicator--58355cea-eafc-4fcd-83f0-9a1e02de0b81" ,
"indicator--58355cea-a32c-4715-8b41-9a1e02de0b81" ,
"observed-data--58355cea-a428-4815-9bdb-9a1e02de0b81" ,
"url--58355cea-a428-4815-9bdb-9a1e02de0b81" ,
"indicator--58355cea-105c-428c-96d3-9a1e02de0b81" ,
"indicator--58355ceb-eb5c-4e0f-a8d8-9a1e02de0b81" ,
"observed-data--58355ceb-83d8-4f60-9dfa-9a1e02de0b81" ,
"url--58355ceb-83d8-4f60-9dfa-9a1e02de0b81" ,
"indicator--58355ceb-f564-4563-b78d-9a1e02de0b81" ,
"indicator--58355ceb-0880-4389-8f07-9a1e02de0b81" ,
"observed-data--58355ceb-4638-4268-928f-9a1e02de0b81" ,
"url--58355ceb-4638-4268-928f-9a1e02de0b81" ,
"indicator--58355cec-4e20-4726-b6bf-9a1e02de0b81" ,
"indicator--58355cec-a890-4073-9010-9a1e02de0b81" ,
"observed-data--58355cec-d714-49e1-9df8-9a1e02de0b81" ,
"url--58355cec-d714-49e1-9df8-9a1e02de0b81" ,
"indicator--58355cec-a3e0-41bc-aa8d-9a1e02de0b81" ,
"indicator--58355ced-cac0-4d90-9d9b-9a1e02de0b81" ,
"observed-data--58355ced-e894-40e7-8566-9a1e02de0b81" ,
"url--58355ced-e894-40e7-8566-9a1e02de0b81" ,
"indicator--58355ced-dd88-458a-b3c0-9a1e02de0b81" ,
"indicator--58355ced-f9f0-4d91-b884-9a1e02de0b81" ,
"observed-data--58355ced-a6d0-4c8f-be38-9a1e02de0b81" ,
"url--58355ced-a6d0-4c8f-be38-9a1e02de0b81" ,
"indicator--58355cee-9890-4deb-ab56-9a1e02de0b81" ,
"indicator--58355cee-0ae8-4c1c-b678-9a1e02de0b81" ,
"observed-data--58355cee-f73c-4529-a386-9a1e02de0b81" ,
"url--58355cee-f73c-4529-a386-9a1e02de0b81" ,
"indicator--58355cee-6830-4029-bbd3-9a1e02de0b81" ,
"indicator--58355cef-2e94-46d3-a406-9a1e02de0b81" ,
"observed-data--58355cef-d660-4a82-bd24-9a1e02de0b81" ,
"url--58355cef-d660-4a82-bd24-9a1e02de0b81" ,
"indicator--58355cef-e9cc-4567-a257-9a1e02de0b81" ,
"indicator--58355cef-e1d0-46c6-8c4b-9a1e02de0b81" ,
"observed-data--58355cef-3c94-4cdc-bbf8-9a1e02de0b81" ,
"url--58355cef-3c94-4cdc-bbf8-9a1e02de0b81" ,
"indicator--58355cf0-e308-4036-a640-9a1e02de0b81" ,
"indicator--58355cf0-2380-4472-a4c8-9a1e02de0b81" ,
"observed-data--58355cf0-b6e0-4103-ae22-9a1e02de0b81" ,
"url--58355cf0-b6e0-4103-ae22-9a1e02de0b81" ,
"indicator--58355cf0-4be8-4562-8d52-9a1e02de0b81" ,
"indicator--58355cf1-fa1c-41bf-b498-9a1e02de0b81" ,
"observed-data--58355cf1-3910-4fa2-bb7f-9a1e02de0b81" ,
"url--58355cf1-3910-4fa2-bb7f-9a1e02de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ba4-fa98-4da5-9250-9d09950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:04:36.000Z" ,
"modified" : "2016-11-23T09:04:36.000Z" ,
"first_observed" : "2016-11-23T09:04:36Z" ,
"last_observed" : "2016-11-23T09:04:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ba4-fa98-4da5-9250-9d09950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ba4-fa98-4da5-9250-9d09950d210f" ,
"value" : "http://researchcenter.paloaltonetworks.com/2016/11/unit42-tropic-trooper-targets-taiwanese-government-and-fossil-fuel-provider-with-poison-ivy/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--58355bb1-dbac-47d6-b864-7972950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:04:49.000Z" ,
"modified" : "2016-11-23T09:04:49.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Taiwan has been a regular target of cyber espionage threat actors for a number of years. Reasons for Taiwan being targeted range from being one of the sovereign states of the disputed South China Sea region to its emerging economy and growth with Taiwan being one of the most innovative countries in the High-Tech industry in Asia.\r\n\r\nIn early August, Unit 42 identified two attacks using similar techniques. The more interesting one was a targeted attack towards the Secretary General of Taiwan\u00e2\u20ac\u2122s Government office \u00e2\u20ac\u201c Executive Yuan. The Executive Yuan has several individual boards which are formed to enforce different executing functions of the government. The Executive Yuan Council evaluates statutory and budgetary bills and bills concerning martial law, amnesty, declaration of war, conclusion of peace and treaties, and other important affairs. Given the important functions undertaken by the Executive Yuan office, it is not a surprise that they were targeted. The second attack was against an energy sector company also located in Taiwan.\r\n\r\nThe attacks in this case are associated with a campaign called Tropic Trooper, which has been active since at least 2011 and is known for heavily targeting Taiwan. One of the attacks used their known Yahoyah malware, but the other attack deployed the widely available Poison Ivy RAT. This confirms the actors are using Poison Ivy as part of their toolkit, something speculated in the original Trend Micro report but not confirmed by them. Further analysis uncovered a handful of ties indicating the actors may also be using the PCShare malware family, which has not been previously tied to the group."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf5-07e4-4c47-bf65-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:57.000Z" ,
"modified" : "2016-11-23T09:05:57.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.dpponline.trickip.org/images/D2015_id.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf5-62a8-445d-8e1b-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:57.000Z" ,
"modified" : "2016-11-23T09:05:57.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://223.27.35.244/images/D2015_id.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf5-ba10-47dd-9790-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:57.000Z" ,
"modified" : "2016-11-23T09:05:57.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.myinfo.ocry.com/images/D2015_id.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf6-74d8-4b9b-8c2c-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:58.000Z" ,
"modified" : "2016-11-23T09:05:58.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://belindianlab.itemdb.com/1613986301|C7A5398FBD8214C92F6596CC39B8866B0121E53422D6B8378E5D1F5F63844D693810BDED362511ED3630DC4F6A2B1302354C31242753DACB331EF3CF808E4E107B12F103F0C040F87DAA6CAB0676A25EBC673D9DFA078915F93361308E10BB5BA7DF1A90FEB614F1A1F12C7A135B60926A5D49FCE025F577FE0DEE937C803BE27D']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf6-b3a8-432a-89f9-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:58.000Z" ,
"modified" : "2016-11-23T09:05:58.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://202.153.193.73/images/kong.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf6-b064-49ae-a211-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:58.000Z" ,
"modified" : "2016-11-23T09:05:58.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://113.10.221.89/images/kong.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf6-48f0-4afb-b251-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:58.000Z" ,
"modified" : "2016-11-23T09:05:58.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://61.221.169.31/images/kongj.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf7-e7d4-488e-8757-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:59.000Z" ,
"modified" : "2016-11-23T09:05:59.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.forensic611.3-a.net/monitor/images/Smarp140102.24.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf7-72dc-49b6-b96a-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:59.000Z" ,
"modified" : "2016-11-23T09:05:59.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.bannered.4dq.com/monitor/images/Smarp140102.24.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf7-c2e0-4032-87e2-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:59.000Z" ,
"modified" : "2016-11-23T09:05:59.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.forensic.zyns.com/monitor/images/Smarp140102.24.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf7-2254-48db-98b2-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:59.000Z" ,
"modified" : "2016-11-23T09:05:59.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://113.10.221.89/Pictures/sbsb_0620.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf7-b24c-40fc-bc7d-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:05:59.000Z" ,
"modified" : "2016-11-23T09:05:59.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.ccdog.net/Pictures/sbsb_0620.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:05:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf8-1b00-4f3f-b0aa-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:00.000Z" ,
"modified" : "2016-11-23T09:06:00.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.forensic611.3-a.net/monitor/images/Smartzh131225.24.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf8-0fbc-4e7b-a2a9-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:00.000Z" ,
"modified" : "2016-11-23T09:06:00.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.bannered.4dq.com/monitor/images/Smartzh131225.24.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf8-da90-4177-a347-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:00.000Z" ,
"modified" : "2016-11-23T09:06:00.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.forensic.zyns.com/monitor/images/Smartzh131225.24.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf8-b570-4157-b76d-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:00.000Z" ,
"modified" : "2016-11-23T09:06:00.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.zzbooks.net/Pictures/lclc_0523.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf9-1b44-41e7-b00f-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:01.000Z" ,
"modified" : "2016-11-23T09:06:01.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.ccdog.net/Pictures/lclc_0523.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf9-aedc-4edc-a84e-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:01.000Z" ,
"modified" : "2016-11-23T09:06:01.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://113.10.221.89/Pictures/lclc_0523.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf9-3850-47b1-970a-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:01.000Z" ,
"modified" : "2016-11-23T09:06:01.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://50.117.38.164/Pictures/dzh_0925.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf9-75a4-4be3-b9b4-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:01.000Z" ,
"modified" : "2016-11-23T09:06:01.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.cham.com.tw/images/dzh_0925.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bf9-6cf8-4ed8-99b8-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:01.000Z" ,
"modified" : "2016-11-23T09:06:01.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://113.10.221.89/Pictures/dzh_0925.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfa-f6e8-4ddd-a898-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:02.000Z" ,
"modified" : "2016-11-23T09:06:02.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.ccdog.net/Pictures/jpg_140430.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfa-87e0-413c-8ea3-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:02.000Z" ,
"modified" : "2016-11-23T09:06:02.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://198.100.122.66/Pictures/jpg_140430.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfa-ec54-4a15-922d-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:02.000Z" ,
"modified" : "2016-11-23T09:06:02.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://192.69.221.92/Pictures/jpg_140430.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfa-1788-4ae5-9f60-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:02.000Z" ,
"modified" : "2016-11-23T09:06:02.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.bannered.4dq.com/monitor/images/SmartNav141216.64.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfb-f854-4c6a-8e39-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:03.000Z" ,
"modified" : "2016-11-23T09:06:03.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.amberisic611.4dq.com/monitor/images/SmartNav141216.64.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfb-0b0c-4181-9435-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:03.000Z" ,
"modified" : "2016-11-23T09:06:03.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.metacu.ygto.com/monitor/images/SmartNav141216.64.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfb-ed94-4fc5-937a-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:03.000Z" ,
"modified" : "2016-11-23T09:06:03.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.metacu.ygto.com/monitor/images/SmartNav141216.32.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfc-5920-46b6-bdf3-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:04.000Z" ,
"modified" : "2016-11-23T09:06:04.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.amberisic611.4dq.com/monitor/images/SmartNav141216.32.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfc-8c78-4a30-abab-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:04.000Z" ,
"modified" : "2016-11-23T09:06:04.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.bannered.4dq.com/monitor/images/SmartNav141216.32.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfc-5760-4734-a746-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:04.000Z" ,
"modified" : "2016-11-23T09:06:04.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.ccdog.net/Pictures/20150120-hex.64.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfc-31ec-4821-bda6-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:04.000Z" ,
"modified" : "2016-11-23T09:06:04.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://23.27.112.216/Pictures/20150120-hex.64.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfd-b8ac-4cb5-a1f8-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:05.000Z" ,
"modified" : "2016-11-23T09:06:05.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.zzbook.net/Pictures/20150120-hex.64.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfd-84d4-449f-8712-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:05.000Z" ,
"modified" : "2016-11-23T09:06:05.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.zzbook.net/Pictures/20150120-hex.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfd-54e0-4e3b-aedd-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:05.000Z" ,
"modified" : "2016-11-23T09:06:05.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://23.27.112.216/Pictures/20150120-hex.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfd-ab70-4f14-b99a-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:05.000Z" ,
"modified" : "2016-11-23T09:06:05.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.ccdog.net/Pictures/20150120-hex.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfd-7b44-4eab-a082-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:05.000Z" ,
"modified" : "2016-11-23T09:06:05.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.ccdog.net/Pictures/h20141212012.64.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfe-2d80-4751-aaf8-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:06.000Z" ,
"modified" : "2016-11-23T09:06:06.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://23.27.112.216/Pictures/h20141212012.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfe-3e1c-4a83-a440-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:06.000Z" ,
"modified" : "2016-11-23T09:06:06.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://113.10.221.89/Pictures/h20141212012.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfe-e708-4266-996b-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:06.000Z" ,
"modified" : "2016-11-23T09:06:06.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://bbs.ccdog.net/Pictures/h20141212012.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bfe-bb54-4f2a-9ddc-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:06.000Z" ,
"modified" : "2016-11-23T09:06:06.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://113.10.221.89/Pictures/ooba_0823.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bff-1f48-43a4-8a43-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:07.000Z" ,
"modified" : "2016-11-23T09:06:07.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://198.100.122.66/Pictures/ooba_0823.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bff-bcd0-44af-b5bb-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:07.000Z" ,
"modified" : "2016-11-23T09:06:07.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://50.117.38.164/Pictures/ooba_0823.24.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bff-529c-4b6e-818f-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:07.000Z" ,
"modified" : "2016-11-23T09:06:07.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.metacu.ygto.com/monitor/images/SmartNav0120.64.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bff-1444-4ccf-b938-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:07.000Z" ,
"modified" : "2016-11-23T09:06:07.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.amberisic611.4dq.com/monitor/images/SmartNav0120.64.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355bff-d790-4961-855d-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:07.000Z" ,
"modified" : "2016-11-23T09:06:07.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.bannered.4dq.com/moitor/images/SmartNav0120.64.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c00-e9a0-41a2-accc-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:08.000Z" ,
"modified" : "2016-11-23T09:06:08.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.bannered.4dq.com/moitor/images/SmartNav0120.32.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c00-9c1c-4f32-8ed6-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:08.000Z" ,
"modified" : "2016-11-23T09:06:08.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.metacu.ygto.com/monitor/images/SmartNav0120.32.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c00-69a8-4a74-8f2f-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:08.000Z" ,
"modified" : "2016-11-23T09:06:08.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://www.amberisic611.4dq.com/monitor/images/SmartNav0120.32.gif']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c00-f338-4d66-a0a3-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:08.000Z" ,
"modified" : "2016-11-23T09:06:08.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://49.254.211.75//tedws/1.64.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c01-96e0-4002-97df-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:09.000Z" ,
"modified" : "2016-11-23T09:06:09.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://107.183.183.235/public/1.64.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c01-0984-4aa2-ab48-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:09.000Z" ,
"modified" : "2016-11-23T09:06:09.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://49.254.211.75//tedws/1.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c01-a69c-45f3-bfe1-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:09.000Z" ,
"modified" : "2016-11-23T09:06:09.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://107.183.183.235/public/1.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c01-d284-4205-b7a6-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:09.000Z" ,
"modified" : "2016-11-23T09:06:09.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://flanando.fartit.com/2015/p1.64.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c01-20f8-48e1-b472-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:09.000Z" ,
"modified" : "2016-11-23T09:06:09.000Z" ,
"description" : "C2 HTTP requests" ,
"pattern" : "[url:value = 'http://flanando.fartit.com/2015/p1.32.jpg']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c22-b3d0-4998-87eb-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:42.000Z" ,
"modified" : "2016-11-23T09:06:42.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'news.hpc.tw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c23-e2ec-4701-94bb-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:43.000Z" ,
"modified" : "2016-11-23T09:06:43.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.dpponline.trickip.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c23-7498-4d53-a28a-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:43.000Z" ,
"modified" : "2016-11-23T09:06:43.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.forensic.zyns.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c23-0968-48c6-899c-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:43.000Z" ,
"modified" : "2016-11-23T09:06:43.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.bannered.4dq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c23-965c-44bb-b777-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:43.000Z" ,
"modified" : "2016-11-23T09:06:43.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.forensic611.3-a.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c24-e70c-478e-908a-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:44.000Z" ,
"modified" : "2016-11-23T09:06:44.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'bbs.zzbooks.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c24-971c-490e-bee5-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:44.000Z" ,
"modified" : "2016-11-23T09:06:44.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'bbs.ccdog.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c24-36b8-4746-97b7-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:44.000Z" ,
"modified" : "2016-11-23T09:06:44.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'wallstreet.1dumb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c24-a09c-4f8c-a469-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:44.000Z" ,
"modified" : "2016-11-23T09:06:44.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.cham.com.tw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c25-1ccc-497a-a8cc-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:45.000Z" ,
"modified" : "2016-11-23T09:06:45.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'pinkker.zzux.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c25-ae94-490b-9fac-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:45.000Z" ,
"modified" : "2016-11-23T09:06:45.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.amberisic611.4dq.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c25-1324-45a6-a423-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:45.000Z" ,
"modified" : "2016-11-23T09:06:45.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.metacu.ygto.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c25-72d0-4fba-af39-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:45.000Z" ,
"modified" : "2016-11-23T09:06:45.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'bbs.zzbook.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c25-d564-4782-9bdf-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:45.000Z" ,
"modified" : "2016-11-23T09:06:45.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.myinfo.ocry.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c26-989c-4736-98c6-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:46.000Z" ,
"modified" : "2016-11-23T09:06:46.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'www.gmal1.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c26-979c-4301-a52c-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:46.000Z" ,
"modified" : "2016-11-23T09:06:46.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'redpeach.youdontcare.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c26-1ea0-4d5a-84df-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:46.000Z" ,
"modified" : "2016-11-23T09:06:46.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'redapple.justdied.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c26-6df8-4aa0-b46a-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:46.000Z" ,
"modified" : "2016-11-23T09:06:46.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'stone.mypop3.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c27-f184-4494-b087-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:47.000Z" ,
"modified" : "2016-11-23T09:06:47.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'zeus.jkub.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c27-7168-4ff0-b879-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:47.000Z" ,
"modified" : "2016-11-23T09:06:47.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'sniper.mynumber.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c27-99b0-4b71-8de3-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:47.000Z" ,
"modified" : "2016-11-23T09:06:47.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'unclesam.jungleheart.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c27-7c68-4c60-b9c8-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:47.000Z" ,
"modified" : "2016-11-23T09:06:47.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'arora.x24hr.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c27-1dc0-4905-acf5-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:47.000Z" ,
"modified" : "2016-11-23T09:06:47.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'flanando.fartit.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c28-45c8-41e8-b406-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:48.000Z" ,
"modified" : "2016-11-23T09:06:48.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'belindianlab.itemdb.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c28-e880-4c32-a152-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:06:48.000Z" ,
"modified" : "2016-11-23T09:06:48.000Z" ,
"description" : "C2 domains" ,
"pattern" : "[domain-name:value = 'kr.dns1.us']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:06:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c34-aae4-45fc-a102-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:00.000Z" ,
"modified" : "2016-11-23T09:07:00.000Z" ,
"description" : "Poison Ivy" ,
"pattern" : "[file:hashes.SHA256 = '6966e511a45e42a9cfa32799dd3ecf9ec1c2cf62ed491f872210334a26e8a533']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c34-2a4c-494b-a3c9-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:00.000Z" ,
"modified" : "2016-11-23T09:07:00.000Z" ,
"description" : "Poison Ivy" ,
"pattern" : "[file:hashes.SHA256 = '84f9d3c0895fbcc3148ec77b967eb9cdf33eb90915937b91a61664d36eed7464']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c35-5a74-42ba-ae46-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:01.000Z" ,
"modified" : "2016-11-23T09:07:01.000Z" ,
"description" : "Poison Ivy" ,
"pattern" : "[file:hashes.SHA256 = 'c4b73d2102c25e31e3b73a8547a0120e1d3706eed96392acb174ecbf1218fa37']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c35-e31c-4eb9-8972-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:01.000Z" ,
"modified" : "2016-11-23T09:07:01.000Z" ,
"description" : "Poison Ivy" ,
"pattern" : "[file:hashes.SHA256 = 'c9d0d7e3ba9a1369b670511966f2c3b5fa3618d3b8ac99cbc3a732bd13501b99']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c35-85bc-431d-ac67-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:01.000Z" ,
"modified" : "2016-11-23T09:07:01.000Z" ,
"description" : "Poison Ivy" ,
"pattern" : "[file:hashes.SHA256 = 'ee3f29d2a68217825666dae6a56ae7ee96297ea7f88ae4fd78819983ae67a3ce']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c35-5f04-4dba-90d0-6ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:01.000Z" ,
"modified" : "2016-11-23T09:07:01.000Z" ,
"description" : "Poison Ivy" ,
"pattern" : "[file:hashes.SHA256 = 'edfedfad21bd37b890d0e21c3c832ff9493612f9959a32d6406750b2d4a93697']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c51-2bf8-4452-803d-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:29.000Z" ,
"modified" : "2016-11-23T09:07:29.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '85904e7b88b5049fb99b4b8456d9f01bdbf8f6fcf0f77943aed1ce7e6f7127c2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c51-eaec-496a-a3c8-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:29.000Z" ,
"modified" : "2016-11-23T09:07:29.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '2fce75daea5fdaafba376a86c59d5bc3e32f7fe5e735ec1e1811971910bc4009']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c52-c298-49f0-a966-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:30.000Z" ,
"modified" : "2016-11-23T09:07:30.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'aa812b1c0b24435b8e01100760bc4fef44032b4b0d787a8cf9aef83abd9d5dbd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c52-321c-4119-806d-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:30.000Z" ,
"modified" : "2016-11-23T09:07:30.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '9623d6f3a3952280f3e83f8dbb29942694bb682296d36c4f4d1d7414a7493db0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c52-9558-4a50-abbe-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:30.000Z" ,
"modified" : "2016-11-23T09:07:30.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'f0aa64c1646d91b0decbe4d4e6a7cc53bfd770c86ded9a7408034fa14d2bad83']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c52-35dc-478c-9b41-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:30.000Z" ,
"modified" : "2016-11-23T09:07:30.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '73bba13d1c7b6794be485a5eeb7b79a62f109c27c4c698601945702303dbcd6c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c52-fd28-43ca-8cbe-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:30.000Z" ,
"modified" : "2016-11-23T09:07:30.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '25809242472a9e1f08ff83c00fae943a630867604ff95c7a57313187287384d2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c53-4f20-4b8d-9082-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:31.000Z" ,
"modified" : "2016-11-23T09:07:31.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '72d14f0a7ecb04eb2962bc9d8491194deb856ceebf30e7ecd644620932f3d4b0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c53-6820-4b95-a3ff-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:31.000Z" ,
"modified" : "2016-11-23T09:07:31.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '2172cc228760d6e4fa297bc485637a2b17103ae88237b30df39babe548cefaa5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c53-d8dc-453e-9412-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:31.000Z" ,
"modified" : "2016-11-23T09:07:31.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'fdeb384ff68b99514f329eeffb05692c4c1580ca52e43e6dcbb5d760c2a78aa4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c53-c12c-4fbb-805a-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:31.000Z" ,
"modified" : "2016-11-23T09:07:31.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '1432a8a6ae6faa5d9f441b918ddc3edddb9c133458853ad356756835fe7b3291']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c54-07c8-4815-9fd4-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:32.000Z" ,
"modified" : "2016-11-23T09:07:32.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'a4334a33e4a87cfa52e9e24f6b4d3da0b686f71b25e5cc9a6f144485ea63108a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c54-3c24-4b41-9e44-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:32.000Z" ,
"modified" : "2016-11-23T09:07:32.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '7f8abefcc4598c643dff1ebf570677fd5c2a4f3d08bc8ddabbfbef1eed097fb3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c54-6498-4f6b-8d21-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:32.000Z" ,
"modified" : "2016-11-23T09:07:32.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '8e1a0d93ae644ac80048e5c3485bc6282a69d52cf26f94d2be1ce634851ac3aa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c54-5af4-4f44-9dd0-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:32.000Z" ,
"modified" : "2016-11-23T09:07:32.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'c2ad0204ff90c113f7984a9db6006c9f09631c4983098803591170be62cdfaa7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c54-7da8-4947-8707-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:32.000Z" ,
"modified" : "2016-11-23T09:07:32.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '8ccaade84c9c7d5955e8aa1a0d36542beeaed5b8f619aedf82f74e8fd5a5283b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c55-c428-4dbc-9c98-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:33.000Z" ,
"modified" : "2016-11-23T09:07:33.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '03e9c25fe979f149f6dafb0398cdf3d2223b26f24009ef0f83825b60e961d111']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c55-bce0-4a35-ab0a-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:33.000Z" ,
"modified" : "2016-11-23T09:07:33.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'bee4cc2c3c393953f9247eab45767e01cd26d40037fb00bd69441e026d860a63']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c55-4ba0-4bb7-a69b-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:33.000Z" ,
"modified" : "2016-11-23T09:07:33.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '626f65d4d638437aaa8352fe06589165d52a91e0963c988348b00734b0a3419f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c55-f9d8-4c96-a682-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:33.000Z" ,
"modified" : "2016-11-23T09:07:33.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '5395f709ef1ca64c57be367f9795b66b5775b6e73f57089386a85925cc0ec596']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c56-aff4-44e2-bfa3-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:34.000Z" ,
"modified" : "2016-11-23T09:07:34.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '72cc8c41008310024e9339b9e45bec7815b7fa8a0c3b6a56769d22bc4ced10ed']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c56-c770-411c-b5bc-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:34.000Z" ,
"modified" : "2016-11-23T09:07:34.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'fefd9bfb0f984590b54908c6868b39ca587a3e0d8198b795ff58f67adee4b9e9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c56-c0f4-4bf9-96b8-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:34.000Z" ,
"modified" : "2016-11-23T09:07:34.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '4ee115734733dae0705e5b2cb6789a1cdb877bc53e2fdb6e18ab845c0522d43b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c56-4c30-4f01-b44a-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:34.000Z" ,
"modified" : "2016-11-23T09:07:34.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '6b6ec318ede71baf79004fe22c46a8d7a500dc6ba6dd40b2641fe9a1c2b3dbd5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c56-063c-4f8f-a8fd-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:34.000Z" ,
"modified" : "2016-11-23T09:07:34.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '78eda231bf494c7008a4ad49e982f2470597199829d46b166a75f654e3cb8d59']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c57-bcb4-4791-84c3-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:35.000Z" ,
"modified" : "2016-11-23T09:07:35.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '21857cdd794649d72ab1bf90acfa8a57767a2a176b46cdb930025cf9242303bb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c57-6b28-43e4-ade1-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:35.000Z" ,
"modified" : "2016-11-23T09:07:35.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = 'bff5f2f84efc450b10f1a66064ed3afaf740c844c15af88a927c46a0b2146498']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c57-a7d0-47af-9b2b-9a1e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:35.000Z" ,
"modified" : "2016-11-23T09:07:35.000Z" ,
"description" : "Yahoyah" ,
"pattern" : "[file:hashes.SHA256 = '6597c49bedf3fb1964e7f6ccbb03db9e38a5903a671209ae4d3fb4f9f4db4c95']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c66-fdf8-461d-b8b0-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:50.000Z" ,
"modified" : "2016-11-23T09:07:50.000Z" ,
"description" : "PCShare" ,
"pattern" : "[file:hashes.SHA256 = 'd76d7d64c941713d4faaedd5c972558c5136cd1b7de237280faaae89143e7d94']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c66-9500-4ef0-8aa3-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:07:50.000Z" ,
"modified" : "2016-11-23T09:07:50.000Z" ,
"description" : "PCShare" ,
"pattern" : "[file:hashes.SHA256 = '66d672a94f21e86655f243877ee04d7e67a515a7153891563f1aeedb2edbe579']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:07:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c73-8d1c-44c8-b526-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:08:03.000Z" ,
"modified" : "2016-11-23T09:08:03.000Z" ,
"description" : "Winsloader" ,
"pattern" : "[file:hashes.SHA256 = 'c098235a43d9788661490d2c7b09b1b2b3544d22ee8d9ae6cd5d16a977fd1155']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:08:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c73-f6a0-485c-9dcb-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:08:03.000Z" ,
"modified" : "2016-11-23T09:08:03.000Z" ,
"description" : "Winsloader" ,
"pattern" : "[file:hashes.SHA256 = 'e81bc530075d6d31358aea5784d977d1ac2932a13a615cd1319d01d6e39c2995']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:08:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c74-ee0c-43f4-9c6f-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:08:04.000Z" ,
"modified" : "2016-11-23T09:08:04.000Z" ,
"description" : "Winsloader" ,
"pattern" : "[file:hashes.SHA256 = 'cf32fb6371cc751b852c2e2e607c813e0de71cd7bcf3892a9a23b57dfd38d6fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:08:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c74-cdfc-45f4-bea2-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:08:04.000Z" ,
"modified" : "2016-11-23T09:08:04.000Z" ,
"description" : "Winsloader" ,
"pattern" : "[file:hashes.SHA256 = '07663f8bca3c2118f3f77221c35873fd8dd61d9afa30e566fe4b51bcfb000834']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:08:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c74-045c-4d40-9b54-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:08:04.000Z" ,
"modified" : "2016-11-23T09:08:04.000Z" ,
"description" : "Winsloader" ,
"pattern" : "[file:hashes.SHA256 = '92da05bae1d9694a1f63b854e86b5b17ef27d5fc2551318e49e17677c7c90042']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:08:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355c74-0234-4612-bdc3-6b9f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:08:04.000Z" ,
"modified" : "2016-11-23T09:08:04.000Z" ,
"description" : "Winsloader" ,
"pattern" : "[file:hashes.SHA256 = 'e267ecfd37f3af55e8b02b081e7c9d8c0bf633e1d5acb0228be694eae4660eee']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:08:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd6-b420-45e3-aa16-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:42.000Z" ,
"modified" : "2016-11-23T09:09:42.000Z" ,
"description" : "Winsloader - Xchecked via VT: e267ecfd37f3af55e8b02b081e7c9d8c0bf633e1d5acb0228be694eae4660eee" ,
"pattern" : "[file:hashes.SHA1 = '21141ed63e651a3c4be5009b5dd2cff457533a9c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd6-f1f0-4a4e-8a30-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:42.000Z" ,
"modified" : "2016-11-23T09:09:42.000Z" ,
"description" : "Winsloader - Xchecked via VT: e267ecfd37f3af55e8b02b081e7c9d8c0bf633e1d5acb0228be694eae4660eee" ,
"pattern" : "[file:hashes.MD5 = 'af797d920fda253b27f48941a30664bb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cd7-2da8-4a8f-aa30-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:43.000Z" ,
"modified" : "2016-11-23T09:09:43.000Z" ,
"first_observed" : "2016-11-23T09:09:43Z" ,
"last_observed" : "2016-11-23T09:09:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cd7-2da8-4a8f-aa30-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cd7-2da8-4a8f-aa30-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/e267ecfd37f3af55e8b02b081e7c9d8c0bf633e1d5acb0228be694eae4660eee/analysis/1429321512/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd7-4964-42c6-9988-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:43.000Z" ,
"modified" : "2016-11-23T09:09:43.000Z" ,
"description" : "Winsloader - Xchecked via VT: 92da05bae1d9694a1f63b854e86b5b17ef27d5fc2551318e49e17677c7c90042" ,
"pattern" : "[file:hashes.SHA1 = 'a7b4381b1f9161992b358eda9bd58a6b219a13d3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd7-c7c0-4819-8ef3-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:43.000Z" ,
"modified" : "2016-11-23T09:09:43.000Z" ,
"description" : "Winsloader - Xchecked via VT: 92da05bae1d9694a1f63b854e86b5b17ef27d5fc2551318e49e17677c7c90042" ,
"pattern" : "[file:hashes.MD5 = 'c0177c651dd58e4961d2190ff91c6f44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cd7-7260-4c81-87e6-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:43.000Z" ,
"modified" : "2016-11-23T09:09:43.000Z" ,
"first_observed" : "2016-11-23T09:09:43Z" ,
"last_observed" : "2016-11-23T09:09:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cd7-7260-4c81-87e6-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cd7-7260-4c81-87e6-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/92da05bae1d9694a1f63b854e86b5b17ef27d5fc2551318e49e17677c7c90042/analysis/1442487745/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd8-f350-4dec-bdfa-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:44.000Z" ,
"modified" : "2016-11-23T09:09:44.000Z" ,
"description" : "Winsloader - Xchecked via VT: 07663f8bca3c2118f3f77221c35873fd8dd61d9afa30e566fe4b51bcfb000834" ,
"pattern" : "[file:hashes.SHA1 = '69ff7ddfd15246f234d18d582cceb1eef22e627e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd8-1f18-47f8-ab03-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:44.000Z" ,
"modified" : "2016-11-23T09:09:44.000Z" ,
"description" : "Winsloader - Xchecked via VT: 07663f8bca3c2118f3f77221c35873fd8dd61d9afa30e566fe4b51bcfb000834" ,
"pattern" : "[file:hashes.MD5 = '069d26cd523f1576bbd335141bae8c55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cd8-beb8-4f13-b30c-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:44.000Z" ,
"modified" : "2016-11-23T09:09:44.000Z" ,
"first_observed" : "2016-11-23T09:09:44Z" ,
"last_observed" : "2016-11-23T09:09:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cd8-beb8-4f13-b30c-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cd8-beb8-4f13-b30c-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/07663f8bca3c2118f3f77221c35873fd8dd61d9afa30e566fe4b51bcfb000834/analysis/1438091726/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd8-13b4-45d6-98e8-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:44.000Z" ,
"modified" : "2016-11-23T09:09:44.000Z" ,
"description" : "Winsloader - Xchecked via VT: cf32fb6371cc751b852c2e2e607c813e0de71cd7bcf3892a9a23b57dfd38d6fc" ,
"pattern" : "[file:hashes.SHA1 = '0e4b1885ce0c9b9c9240ae6e961b6ad16dbced11']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd9-15cc-4290-b0ba-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:45.000Z" ,
"modified" : "2016-11-23T09:09:45.000Z" ,
"description" : "Winsloader - Xchecked via VT: cf32fb6371cc751b852c2e2e607c813e0de71cd7bcf3892a9a23b57dfd38d6fc" ,
"pattern" : "[file:hashes.MD5 = '231a9766bdc006c36ae1dedb2251c07a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cd9-d238-4178-84b8-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:45.000Z" ,
"modified" : "2016-11-23T09:09:45.000Z" ,
"first_observed" : "2016-11-23T09:09:45Z" ,
"last_observed" : "2016-11-23T09:09:45Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cd9-d238-4178-84b8-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cd9-d238-4178-84b8-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/cf32fb6371cc751b852c2e2e607c813e0de71cd7bcf3892a9a23b57dfd38d6fc/analysis/1438091836/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd9-61e0-4e2d-9d97-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:45.000Z" ,
"modified" : "2016-11-23T09:09:45.000Z" ,
"description" : "Winsloader - Xchecked via VT: c098235a43d9788661490d2c7b09b1b2b3544d22ee8d9ae6cd5d16a977fd1155" ,
"pattern" : "[file:hashes.SHA1 = 'aa32739c1b5c23274bfbdc24b882a53c868d1e04']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cd9-0c74-4341-a49d-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:45.000Z" ,
"modified" : "2016-11-23T09:09:45.000Z" ,
"description" : "Winsloader - Xchecked via VT: c098235a43d9788661490d2c7b09b1b2b3544d22ee8d9ae6cd5d16a977fd1155" ,
"pattern" : "[file:hashes.MD5 = '53f5b9d9e81612804ddaf15e71d983c7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cda-0258-4d8e-a86a-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:45.000Z" ,
"modified" : "2016-11-23T09:09:45.000Z" ,
"first_observed" : "2016-11-23T09:09:45Z" ,
"last_observed" : "2016-11-23T09:09:45Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cda-0258-4d8e-a86a-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cda-0258-4d8e-a86a-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/c098235a43d9788661490d2c7b09b1b2b3544d22ee8d9ae6cd5d16a977fd1155/analysis/1476436424/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cda-3914-45f9-b448-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:46.000Z" ,
"modified" : "2016-11-23T09:09:46.000Z" ,
"description" : "PCShare - Xchecked via VT: 66d672a94f21e86655f243877ee04d7e67a515a7153891563f1aeedb2edbe579" ,
"pattern" : "[file:hashes.SHA1 = '90636a757fc6de1ca3500fd7f6fbf6979db9877c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cda-d2a8-46a1-9bba-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:46.000Z" ,
"modified" : "2016-11-23T09:09:46.000Z" ,
"description" : "PCShare - Xchecked via VT: 66d672a94f21e86655f243877ee04d7e67a515a7153891563f1aeedb2edbe579" ,
"pattern" : "[file:hashes.MD5 = '46756afbfb92fd2dd96335a24219efd9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cda-5e84-4624-b948-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:46.000Z" ,
"modified" : "2016-11-23T09:09:46.000Z" ,
"first_observed" : "2016-11-23T09:09:46Z" ,
"last_observed" : "2016-11-23T09:09:46Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cda-5e84-4624-b948-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cda-5e84-4624-b948-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/66d672a94f21e86655f243877ee04d7e67a515a7153891563f1aeedb2edbe579/analysis/1473182804/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdb-1204-455a-9f12-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:47.000Z" ,
"modified" : "2016-11-23T09:09:47.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 6597c49bedf3fb1964e7f6ccbb03db9e38a5903a671209ae4d3fb4f9f4db4c95" ,
"pattern" : "[file:hashes.SHA1 = '93e315877c65dee9cf16a0fdb9515c6152997471']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdb-26a0-4f69-8486-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:47.000Z" ,
"modified" : "2016-11-23T09:09:47.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 6597c49bedf3fb1964e7f6ccbb03db9e38a5903a671209ae4d3fb4f9f4db4c95" ,
"pattern" : "[file:hashes.MD5 = 'c0c96e3f268331c0c457895429e1d512']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cdb-6da0-41c3-8add-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:47.000Z" ,
"modified" : "2016-11-23T09:09:47.000Z" ,
"first_observed" : "2016-11-23T09:09:47Z" ,
"last_observed" : "2016-11-23T09:09:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cdb-6da0-41c3-8add-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cdb-6da0-41c3-8add-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/6597c49bedf3fb1964e7f6ccbb03db9e38a5903a671209ae4d3fb4f9f4db4c95/analysis/1474508218/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdb-a7a0-49a7-b1c1-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:47.000Z" ,
"modified" : "2016-11-23T09:09:47.000Z" ,
"description" : "Yahoyah - Xchecked via VT: bff5f2f84efc450b10f1a66064ed3afaf740c844c15af88a927c46a0b2146498" ,
"pattern" : "[file:hashes.SHA1 = '3660ec18f7bd450738f79083e9f50dfa65baab68']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdc-bfc0-4e9c-9bcf-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:48.000Z" ,
"modified" : "2016-11-23T09:09:48.000Z" ,
"description" : "Yahoyah - Xchecked via VT: bff5f2f84efc450b10f1a66064ed3afaf740c844c15af88a927c46a0b2146498" ,
"pattern" : "[file:hashes.MD5 = 'd723f8bf72451730f48f533b372dddff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cdc-ff60-49df-bc05-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:48.000Z" ,
"modified" : "2016-11-23T09:09:48.000Z" ,
"first_observed" : "2016-11-23T09:09:48Z" ,
"last_observed" : "2016-11-23T09:09:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cdc-ff60-49df-bc05-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cdc-ff60-49df-bc05-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/bff5f2f84efc450b10f1a66064ed3afaf740c844c15af88a927c46a0b2146498/analysis/1433511664/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdc-7638-45fe-b08c-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:48.000Z" ,
"modified" : "2016-11-23T09:09:48.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 21857cdd794649d72ab1bf90acfa8a57767a2a176b46cdb930025cf9242303bb" ,
"pattern" : "[file:hashes.SHA1 = '1e69a7fbd495a1ea7fcd00bd9f59cb7eb7bdf6e0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdc-2ab8-46b2-8c3f-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:48.000Z" ,
"modified" : "2016-11-23T09:09:48.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 21857cdd794649d72ab1bf90acfa8a57767a2a176b46cdb930025cf9242303bb" ,
"pattern" : "[file:hashes.MD5 = '7fa40b6a592890c93b06796503f8771d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cdc-c9d8-480a-a01c-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:48.000Z" ,
"modified" : "2016-11-23T09:09:48.000Z" ,
"first_observed" : "2016-11-23T09:09:48Z" ,
"last_observed" : "2016-11-23T09:09:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cdc-c9d8-480a-a01c-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cdc-c9d8-480a-a01c-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/21857cdd794649d72ab1bf90acfa8a57767a2a176b46cdb930025cf9242303bb/analysis/1422518606/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdd-80fc-4320-bc15-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:49.000Z" ,
"modified" : "2016-11-23T09:09:49.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 78eda231bf494c7008a4ad49e982f2470597199829d46b166a75f654e3cb8d59" ,
"pattern" : "[file:hashes.SHA1 = '5b635d72362146512cd3260f97b1535afc137923']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdd-59fc-479d-9136-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:49.000Z" ,
"modified" : "2016-11-23T09:09:49.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 78eda231bf494c7008a4ad49e982f2470597199829d46b166a75f654e3cb8d59" ,
"pattern" : "[file:hashes.MD5 = 'a792403699da41a6534e7a59401a19c7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cdd-fe04-4a02-a142-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:49.000Z" ,
"modified" : "2016-11-23T09:09:49.000Z" ,
"first_observed" : "2016-11-23T09:09:49Z" ,
"last_observed" : "2016-11-23T09:09:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cdd-fe04-4a02-a142-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cdd-fe04-4a02-a142-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/78eda231bf494c7008a4ad49e982f2470597199829d46b166a75f654e3cb8d59/analysis/1422519372/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdd-c96c-430f-933f-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:49.000Z" ,
"modified" : "2016-11-23T09:09:49.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 6b6ec318ede71baf79004fe22c46a8d7a500dc6ba6dd40b2641fe9a1c2b3dbd5" ,
"pattern" : "[file:hashes.SHA1 = 'ba71031ec0dccf09fbc48af61a22e5faa6b055a4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cde-0264-4712-8fc6-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:50.000Z" ,
"modified" : "2016-11-23T09:09:50.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 6b6ec318ede71baf79004fe22c46a8d7a500dc6ba6dd40b2641fe9a1c2b3dbd5" ,
"pattern" : "[file:hashes.MD5 = '0043240bebaf921674559ed9f05505f1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cde-4ac4-493c-8938-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:50.000Z" ,
"modified" : "2016-11-23T09:09:50.000Z" ,
"first_observed" : "2016-11-23T09:09:50Z" ,
"last_observed" : "2016-11-23T09:09:50Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cde-4ac4-493c-8938-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cde-4ac4-493c-8938-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/6b6ec318ede71baf79004fe22c46a8d7a500dc6ba6dd40b2641fe9a1c2b3dbd5/analysis/1479852213/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cde-0210-46c3-b02d-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:50.000Z" ,
"modified" : "2016-11-23T09:09:50.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 4ee115734733dae0705e5b2cb6789a1cdb877bc53e2fdb6e18ab845c0522d43b" ,
"pattern" : "[file:hashes.SHA1 = '457d15327d2c2333235afa85fe65e19eeac828d2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cde-b0d4-4ad7-a668-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:50.000Z" ,
"modified" : "2016-11-23T09:09:50.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 4ee115734733dae0705e5b2cb6789a1cdb877bc53e2fdb6e18ab845c0522d43b" ,
"pattern" : "[file:hashes.MD5 = 'fe0ad2e2c155a3938f4a2f907cae5244']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cde-68b4-4c70-9e97-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:50.000Z" ,
"modified" : "2016-11-23T09:09:50.000Z" ,
"first_observed" : "2016-11-23T09:09:50Z" ,
"last_observed" : "2016-11-23T09:09:50Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cde-68b4-4c70-9e97-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cde-68b4-4c70-9e97-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/4ee115734733dae0705e5b2cb6789a1cdb877bc53e2fdb6e18ab845c0522d43b/analysis/1445838748/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdf-e96c-4a00-a08b-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:51.000Z" ,
"modified" : "2016-11-23T09:09:51.000Z" ,
"description" : "Yahoyah - Xchecked via VT: fefd9bfb0f984590b54908c6868b39ca587a3e0d8198b795ff58f67adee4b9e9" ,
"pattern" : "[file:hashes.SHA1 = 'c4ae20ef0a90f095a88a9ea9920e97733a4d5626']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdf-cd9c-45af-a628-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:51.000Z" ,
"modified" : "2016-11-23T09:09:51.000Z" ,
"description" : "Yahoyah - Xchecked via VT: fefd9bfb0f984590b54908c6868b39ca587a3e0d8198b795ff58f67adee4b9e9" ,
"pattern" : "[file:hashes.MD5 = '19256544f1f6de323a79631a76898e7c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cdf-0cec-4140-82fb-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:51.000Z" ,
"modified" : "2016-11-23T09:09:51.000Z" ,
"first_observed" : "2016-11-23T09:09:51Z" ,
"last_observed" : "2016-11-23T09:09:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cdf-0cec-4140-82fb-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cdf-0cec-4140-82fb-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/fefd9bfb0f984590b54908c6868b39ca587a3e0d8198b795ff58f67adee4b9e9/analysis/1479853170/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cdf-49f4-4610-9885-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:51.000Z" ,
"modified" : "2016-11-23T09:09:51.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 72cc8c41008310024e9339b9e45bec7815b7fa8a0c3b6a56769d22bc4ced10ed" ,
"pattern" : "[file:hashes.SHA1 = 'e1480984daab1d275b99b8a2cd4013295b97392a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce0-6c28-4f20-819b-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:52.000Z" ,
"modified" : "2016-11-23T09:09:52.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 72cc8c41008310024e9339b9e45bec7815b7fa8a0c3b6a56769d22bc4ced10ed" ,
"pattern" : "[file:hashes.MD5 = '1001e79098476cf9f11d35e2d8f6bf11']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce0-df40-4837-b163-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:52.000Z" ,
"modified" : "2016-11-23T09:09:52.000Z" ,
"first_observed" : "2016-11-23T09:09:52Z" ,
"last_observed" : "2016-11-23T09:09:52Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce0-df40-4837-b163-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce0-df40-4837-b163-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/72cc8c41008310024e9339b9e45bec7815b7fa8a0c3b6a56769d22bc4ced10ed/analysis/1426342555/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce0-dfc0-4b74-9862-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:52.000Z" ,
"modified" : "2016-11-23T09:09:52.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 5395f709ef1ca64c57be367f9795b66b5775b6e73f57089386a85925cc0ec596" ,
"pattern" : "[file:hashes.SHA1 = 'a3655df2811069ea7a818517c9e9f11561fce3e8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce0-0578-427d-99a6-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:52.000Z" ,
"modified" : "2016-11-23T09:09:52.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 5395f709ef1ca64c57be367f9795b66b5775b6e73f57089386a85925cc0ec596" ,
"pattern" : "[file:hashes.MD5 = '0c7e55509e0b6d4277b3facf864af018']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce0-a538-4f87-8547-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:52.000Z" ,
"modified" : "2016-11-23T09:09:52.000Z" ,
"first_observed" : "2016-11-23T09:09:52Z" ,
"last_observed" : "2016-11-23T09:09:52Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce0-a538-4f87-8547-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce0-a538-4f87-8547-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/5395f709ef1ca64c57be367f9795b66b5775b6e73f57089386a85925cc0ec596/analysis/1431473021/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce1-9e5c-49c1-b9c5-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:53.000Z" ,
"modified" : "2016-11-23T09:09:53.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 626f65d4d638437aaa8352fe06589165d52a91e0963c988348b00734b0a3419f" ,
"pattern" : "[file:hashes.SHA1 = '05ca63213f79a9c235b8b9f360080aa4a0d46c18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce1-7620-4aa8-89a7-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:53.000Z" ,
"modified" : "2016-11-23T09:09:53.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 626f65d4d638437aaa8352fe06589165d52a91e0963c988348b00734b0a3419f" ,
"pattern" : "[file:hashes.MD5 = 'dcbc2de64289cd13a2ab3fe49dbb5bca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce1-5d70-4f31-9b41-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:53.000Z" ,
"modified" : "2016-11-23T09:09:53.000Z" ,
"first_observed" : "2016-11-23T09:09:53Z" ,
"last_observed" : "2016-11-23T09:09:53Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce1-5d70-4f31-9b41-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce1-5d70-4f31-9b41-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/626f65d4d638437aaa8352fe06589165d52a91e0963c988348b00734b0a3419f/analysis/1358490405/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce1-2dd0-4b5a-a335-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:53.000Z" ,
"modified" : "2016-11-23T09:09:53.000Z" ,
"description" : "Yahoyah - Xchecked via VT: bee4cc2c3c393953f9247eab45767e01cd26d40037fb00bd69441e026d860a63" ,
"pattern" : "[file:hashes.SHA1 = '3a8bed630679a30c8f945a7f9fe9eef18dd18ef8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce2-7780-419c-9ed3-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:54.000Z" ,
"modified" : "2016-11-23T09:09:54.000Z" ,
"description" : "Yahoyah - Xchecked via VT: bee4cc2c3c393953f9247eab45767e01cd26d40037fb00bd69441e026d860a63" ,
"pattern" : "[file:hashes.MD5 = '1281c83aca5b17fca3014263bbdd9477']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce2-3a7c-4fec-a495-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:54.000Z" ,
"modified" : "2016-11-23T09:09:54.000Z" ,
"first_observed" : "2016-11-23T09:09:54Z" ,
"last_observed" : "2016-11-23T09:09:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce2-3a7c-4fec-a495-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce2-3a7c-4fec-a495-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/bee4cc2c3c393953f9247eab45767e01cd26d40037fb00bd69441e026d860a63/analysis/1479853148/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce2-f1c0-4386-860b-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:54.000Z" ,
"modified" : "2016-11-23T09:09:54.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 03e9c25fe979f149f6dafb0398cdf3d2223b26f24009ef0f83825b60e961d111" ,
"pattern" : "[file:hashes.SHA1 = '77eaac29dc3f46fdd4782b3a633a9c4b35fbdf20']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce2-78a8-49c8-b000-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:54.000Z" ,
"modified" : "2016-11-23T09:09:54.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 03e9c25fe979f149f6dafb0398cdf3d2223b26f24009ef0f83825b60e961d111" ,
"pattern" : "[file:hashes.MD5 = 'e20abe1f32aa7ac4f20f8ce24f7d1f62']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce2-7ff8-4c9f-aaed-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:54.000Z" ,
"modified" : "2016-11-23T09:09:54.000Z" ,
"first_observed" : "2016-11-23T09:09:54Z" ,
"last_observed" : "2016-11-23T09:09:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce2-7ff8-4c9f-aaed-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce2-7ff8-4c9f-aaed-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/03e9c25fe979f149f6dafb0398cdf3d2223b26f24009ef0f83825b60e961d111/analysis/1479852262/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce3-dfd4-4301-8f5b-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:55.000Z" ,
"modified" : "2016-11-23T09:09:55.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 8ccaade84c9c7d5955e8aa1a0d36542beeaed5b8f619aedf82f74e8fd5a5283b" ,
"pattern" : "[file:hashes.SHA1 = 'dc21329a94e0f85c827086147cdff291083f32e1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce3-8160-4c9e-b1c1-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:55.000Z" ,
"modified" : "2016-11-23T09:09:55.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 8ccaade84c9c7d5955e8aa1a0d36542beeaed5b8f619aedf82f74e8fd5a5283b" ,
"pattern" : "[file:hashes.MD5 = 'cd78f95d558fd3e5510298fe3c5b83a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce3-57b8-487c-bdf1-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:55.000Z" ,
"modified" : "2016-11-23T09:09:55.000Z" ,
"first_observed" : "2016-11-23T09:09:55Z" ,
"last_observed" : "2016-11-23T09:09:55Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce3-57b8-487c-bdf1-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce3-57b8-487c-bdf1-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/8ccaade84c9c7d5955e8aa1a0d36542beeaed5b8f619aedf82f74e8fd5a5283b/analysis/1438091845/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce3-07ac-492e-9218-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:55.000Z" ,
"modified" : "2016-11-23T09:09:55.000Z" ,
"description" : "Yahoyah - Xchecked via VT: c2ad0204ff90c113f7984a9db6006c9f09631c4983098803591170be62cdfaa7" ,
"pattern" : "[file:hashes.SHA1 = '4ce80deb28aabeab1425a5f35073665d63a35fa1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce4-9908-4334-a081-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:56.000Z" ,
"modified" : "2016-11-23T09:09:56.000Z" ,
"description" : "Yahoyah - Xchecked via VT: c2ad0204ff90c113f7984a9db6006c9f09631c4983098803591170be62cdfaa7" ,
"pattern" : "[file:hashes.MD5 = '7337596ee26c28c74f6c20dcd07fe65f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce4-ed14-4a71-a79a-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:56.000Z" ,
"modified" : "2016-11-23T09:09:56.000Z" ,
"first_observed" : "2016-11-23T09:09:56Z" ,
"last_observed" : "2016-11-23T09:09:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce4-ed14-4a71-a79a-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce4-ed14-4a71-a79a-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/c2ad0204ff90c113f7984a9db6006c9f09631c4983098803591170be62cdfaa7/analysis/1434497996/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce4-d084-45f1-b2f1-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:56.000Z" ,
"modified" : "2016-11-23T09:09:56.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 8e1a0d93ae644ac80048e5c3485bc6282a69d52cf26f94d2be1ce634851ac3aa" ,
"pattern" : "[file:hashes.SHA1 = '0d4fb560ea2f4540af676aaebc5a044930e0081a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce4-54f0-4608-afa7-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:56.000Z" ,
"modified" : "2016-11-23T09:09:56.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 8e1a0d93ae644ac80048e5c3485bc6282a69d52cf26f94d2be1ce634851ac3aa" ,
"pattern" : "[file:hashes.MD5 = '26ae7e12115e34827ec0b35e188ee9f7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce4-52bc-4e63-809e-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:56.000Z" ,
"modified" : "2016-11-23T09:09:56.000Z" ,
"first_observed" : "2016-11-23T09:09:56Z" ,
"last_observed" : "2016-11-23T09:09:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce4-52bc-4e63-809e-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce4-52bc-4e63-809e-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/8e1a0d93ae644ac80048e5c3485bc6282a69d52cf26f94d2be1ce634851ac3aa/analysis/1443177871/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce5-b2d0-4d2e-b3fa-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:57.000Z" ,
"modified" : "2016-11-23T09:09:57.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 7f8abefcc4598c643dff1ebf570677fd5c2a4f3d08bc8ddabbfbef1eed097fb3" ,
"pattern" : "[file:hashes.SHA1 = '2d590d6b8c722c4a6bb9559e6bc36e1325632b0c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce5-292c-49c6-818c-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:57.000Z" ,
"modified" : "2016-11-23T09:09:57.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 7f8abefcc4598c643dff1ebf570677fd5c2a4f3d08bc8ddabbfbef1eed097fb3" ,
"pattern" : "[file:hashes.MD5 = '5f6ed8620a3ecc1335420c63572b915e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce5-9d54-4f53-9ddc-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:57.000Z" ,
"modified" : "2016-11-23T09:09:57.000Z" ,
"first_observed" : "2016-11-23T09:09:57Z" ,
"last_observed" : "2016-11-23T09:09:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce5-9d54-4f53-9ddc-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce5-9d54-4f53-9ddc-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/7f8abefcc4598c643dff1ebf570677fd5c2a4f3d08bc8ddabbfbef1eed097fb3/analysis/1437447555/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce5-5a88-43fb-95bd-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:57.000Z" ,
"modified" : "2016-11-23T09:09:57.000Z" ,
"description" : "Yahoyah - Xchecked via VT: a4334a33e4a87cfa52e9e24f6b4d3da0b686f71b25e5cc9a6f144485ea63108a" ,
"pattern" : "[file:hashes.SHA1 = 'f4b39b3fbeb2094eb4782d954c1ae10dc3f2ae71']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce6-5af0-4f40-8956-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:58.000Z" ,
"modified" : "2016-11-23T09:09:58.000Z" ,
"description" : "Yahoyah - Xchecked via VT: a4334a33e4a87cfa52e9e24f6b4d3da0b686f71b25e5cc9a6f144485ea63108a" ,
"pattern" : "[file:hashes.MD5 = 'b33761b1127d912580b7e240f820b0fd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce6-8490-439b-a613-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:58.000Z" ,
"modified" : "2016-11-23T09:09:58.000Z" ,
"first_observed" : "2016-11-23T09:09:58Z" ,
"last_observed" : "2016-11-23T09:09:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce6-8490-439b-a613-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce6-8490-439b-a613-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/a4334a33e4a87cfa52e9e24f6b4d3da0b686f71b25e5cc9a6f144485ea63108a/analysis/1437447674/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce6-3fbc-464c-8b94-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:58.000Z" ,
"modified" : "2016-11-23T09:09:58.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 1432a8a6ae6faa5d9f441b918ddc3edddb9c133458853ad356756835fe7b3291" ,
"pattern" : "[file:hashes.SHA1 = 'dd011e35df5b529f4a92d480428c63faa8a6da3f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce6-baa4-4c32-b366-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:58.000Z" ,
"modified" : "2016-11-23T09:09:58.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 1432a8a6ae6faa5d9f441b918ddc3edddb9c133458853ad356756835fe7b3291" ,
"pattern" : "[file:hashes.MD5 = '216702154571022bd17f769ec2484a56']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce7-bed4-4e49-bc76-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:59.000Z" ,
"modified" : "2016-11-23T09:09:59.000Z" ,
"first_observed" : "2016-11-23T09:09:59Z" ,
"last_observed" : "2016-11-23T09:09:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce7-bed4-4e49-bc76-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce7-bed4-4e49-bc76-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/1432a8a6ae6faa5d9f441b918ddc3edddb9c133458853ad356756835fe7b3291/analysis/1479852246/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce7-7490-4b58-9d16-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:59.000Z" ,
"modified" : "2016-11-23T09:09:59.000Z" ,
"description" : "Yahoyah - Xchecked via VT: fdeb384ff68b99514f329eeffb05692c4c1580ca52e43e6dcbb5d760c2a78aa4" ,
"pattern" : "[file:hashes.SHA1 = 'aef101fb24bd39e3cc14c26796c0336f2cb1d540']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce7-049c-4626-b71f-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:59.000Z" ,
"modified" : "2016-11-23T09:09:59.000Z" ,
"description" : "Yahoyah - Xchecked via VT: fdeb384ff68b99514f329eeffb05692c4c1580ca52e43e6dcbb5d760c2a78aa4" ,
"pattern" : "[file:hashes.MD5 = '93fa49f69aa9873c7f19823161bd8406']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:09:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce7-9048-43c9-997f-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:09:59.000Z" ,
"modified" : "2016-11-23T09:09:59.000Z" ,
"first_observed" : "2016-11-23T09:09:59Z" ,
"last_observed" : "2016-11-23T09:09:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce7-9048-43c9-997f-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce7-9048-43c9-997f-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/fdeb384ff68b99514f329eeffb05692c4c1580ca52e43e6dcbb5d760c2a78aa4/analysis/1479853136/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce8-b17c-4414-9d36-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:00.000Z" ,
"modified" : "2016-11-23T09:10:00.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 2172cc228760d6e4fa297bc485637a2b17103ae88237b30df39babe548cefaa5" ,
"pattern" : "[file:hashes.SHA1 = '7d5fd316f12ff39e5a9b43dabd66eccdcdb164e7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce8-67b4-4bf7-a743-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:00.000Z" ,
"modified" : "2016-11-23T09:10:00.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 2172cc228760d6e4fa297bc485637a2b17103ae88237b30df39babe548cefaa5" ,
"pattern" : "[file:hashes.MD5 = 'bb2d57a1a557908253c96ae43f07a95d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce8-3d24-42f3-a9f5-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:00.000Z" ,
"modified" : "2016-11-23T09:10:00.000Z" ,
"first_observed" : "2016-11-23T09:10:00Z" ,
"last_observed" : "2016-11-23T09:10:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce8-3d24-42f3-a9f5-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce8-3d24-42f3-a9f5-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/2172cc228760d6e4fa297bc485637a2b17103ae88237b30df39babe548cefaa5/analysis/1479852189/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce8-255c-4355-98a1-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:00.000Z" ,
"modified" : "2016-11-23T09:10:00.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 72d14f0a7ecb04eb2962bc9d8491194deb856ceebf30e7ecd644620932f3d4b0" ,
"pattern" : "[file:hashes.SHA1 = '56680180af5a792dca8e6112c57810b5e06bca1b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce8-d784-4fa1-8de4-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:00.000Z" ,
"modified" : "2016-11-23T09:10:00.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 72d14f0a7ecb04eb2962bc9d8491194deb856ceebf30e7ecd644620932f3d4b0" ,
"pattern" : "[file:hashes.MD5 = 'f9de4ccd73275eab6251ed0c736fc433']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce9-9a84-4365-8fed-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:01.000Z" ,
"modified" : "2016-11-23T09:10:01.000Z" ,
"first_observed" : "2016-11-23T09:10:01Z" ,
"last_observed" : "2016-11-23T09:10:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce9-9a84-4365-8fed-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce9-9a84-4365-8fed-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/72d14f0a7ecb04eb2962bc9d8491194deb856ceebf30e7ecd644620932f3d4b0/analysis/1479853166/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce9-42e8-4316-8da3-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:01.000Z" ,
"modified" : "2016-11-23T09:10:01.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 25809242472a9e1f08ff83c00fae943a630867604ff95c7a57313187287384d2" ,
"pattern" : "[file:hashes.SHA1 = '1cfb0b13da1da4b797cd52fa4876be4db39eb111']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ce9-8d0c-4ef0-a73a-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:01.000Z" ,
"modified" : "2016-11-23T09:10:01.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 25809242472a9e1f08ff83c00fae943a630867604ff95c7a57313187287384d2" ,
"pattern" : "[file:hashes.MD5 = '8f3047b2a4fb37c4244f4775e210535a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ce9-6ea8-4224-965e-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:01.000Z" ,
"modified" : "2016-11-23T09:10:01.000Z" ,
"first_observed" : "2016-11-23T09:10:01Z" ,
"last_observed" : "2016-11-23T09:10:01Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ce9-6ea8-4224-965e-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ce9-6ea8-4224-965e-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/25809242472a9e1f08ff83c00fae943a630867604ff95c7a57313187287384d2/analysis/1444208071/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cea-eafc-4fcd-83f0-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:02.000Z" ,
"modified" : "2016-11-23T09:10:02.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 73bba13d1c7b6794be485a5eeb7b79a62f109c27c4c698601945702303dbcd6c" ,
"pattern" : "[file:hashes.SHA1 = 'b2128b8d4a62efb4d1e4ed09f312a5ac46742832']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cea-a32c-4715-8b41-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:02.000Z" ,
"modified" : "2016-11-23T09:10:02.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 73bba13d1c7b6794be485a5eeb7b79a62f109c27c4c698601945702303dbcd6c" ,
"pattern" : "[file:hashes.MD5 = '1d5ff5244fd7162a4bace25206ac4cd5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cea-a428-4815-9bdb-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:02.000Z" ,
"modified" : "2016-11-23T09:10:02.000Z" ,
"first_observed" : "2016-11-23T09:10:02Z" ,
"last_observed" : "2016-11-23T09:10:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cea-a428-4815-9bdb-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cea-a428-4815-9bdb-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/73bba13d1c7b6794be485a5eeb7b79a62f109c27c4c698601945702303dbcd6c/analysis/1444208480/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cea-105c-428c-96d3-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:02.000Z" ,
"modified" : "2016-11-23T09:10:02.000Z" ,
"description" : "Yahoyah - Xchecked via VT: f0aa64c1646d91b0decbe4d4e6a7cc53bfd770c86ded9a7408034fa14d2bad83" ,
"pattern" : "[file:hashes.SHA1 = 'e9f2edfe2a6215b5d9a3763eff70d1c400243835']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ceb-eb5c-4e0f-a8d8-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:03.000Z" ,
"modified" : "2016-11-23T09:10:03.000Z" ,
"description" : "Yahoyah - Xchecked via VT: f0aa64c1646d91b0decbe4d4e6a7cc53bfd770c86ded9a7408034fa14d2bad83" ,
"pattern" : "[file:hashes.MD5 = 'eeada911413c7f7dad76fab9821ada45']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ceb-83d8-4f60-9dfa-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:03.000Z" ,
"modified" : "2016-11-23T09:10:03.000Z" ,
"first_observed" : "2016-11-23T09:10:03Z" ,
"last_observed" : "2016-11-23T09:10:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ceb-83d8-4f60-9dfa-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ceb-83d8-4f60-9dfa-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/f0aa64c1646d91b0decbe4d4e6a7cc53bfd770c86ded9a7408034fa14d2bad83/analysis/1447908782/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ceb-f564-4563-b78d-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:03.000Z" ,
"modified" : "2016-11-23T09:10:03.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 9623d6f3a3952280f3e83f8dbb29942694bb682296d36c4f4d1d7414a7493db0" ,
"pattern" : "[file:hashes.SHA1 = '3e6caaeffc23692658a017e31af6dd273040e98a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ceb-0880-4389-8f07-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:03.000Z" ,
"modified" : "2016-11-23T09:10:03.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 9623d6f3a3952280f3e83f8dbb29942694bb682296d36c4f4d1d7414a7493db0" ,
"pattern" : "[file:hashes.MD5 = '778f2b4bd460518778482e4545627fe8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ceb-4638-4268-928f-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:03.000Z" ,
"modified" : "2016-11-23T09:10:03.000Z" ,
"first_observed" : "2016-11-23T09:10:03Z" ,
"last_observed" : "2016-11-23T09:10:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ceb-4638-4268-928f-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ceb-4638-4268-928f-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/9623d6f3a3952280f3e83f8dbb29942694bb682296d36c4f4d1d7414a7493db0/analysis/1450625452/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cec-4e20-4726-b6bf-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:04.000Z" ,
"modified" : "2016-11-23T09:10:04.000Z" ,
"description" : "Yahoyah - Xchecked via VT: aa812b1c0b24435b8e01100760bc4fef44032b4b0d787a8cf9aef83abd9d5dbd" ,
"pattern" : "[file:hashes.SHA1 = 'b3a018a62811d959ecae55ee9fd7936d157cc3e3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cec-a890-4073-9010-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:04.000Z" ,
"modified" : "2016-11-23T09:10:04.000Z" ,
"description" : "Yahoyah - Xchecked via VT: aa812b1c0b24435b8e01100760bc4fef44032b4b0d787a8cf9aef83abd9d5dbd" ,
"pattern" : "[file:hashes.MD5 = 'd475d1576a5994eb88e44f2dd496b03f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cec-d714-49e1-9df8-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:04.000Z" ,
"modified" : "2016-11-23T09:10:04.000Z" ,
"first_observed" : "2016-11-23T09:10:04Z" ,
"last_observed" : "2016-11-23T09:10:04Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cec-d714-49e1-9df8-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cec-d714-49e1-9df8-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/aa812b1c0b24435b8e01100760bc4fef44032b4b0d787a8cf9aef83abd9d5dbd/analysis/1413732485/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cec-a3e0-41bc-aa8d-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:04.000Z" ,
"modified" : "2016-11-23T09:10:04.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 2fce75daea5fdaafba376a86c59d5bc3e32f7fe5e735ec1e1811971910bc4009" ,
"pattern" : "[file:hashes.SHA1 = '8771b13f8b1e768d57556ba0b8a0ed905861b416']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ced-cac0-4d90-9d9b-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:05.000Z" ,
"modified" : "2016-11-23T09:10:05.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 2fce75daea5fdaafba376a86c59d5bc3e32f7fe5e735ec1e1811971910bc4009" ,
"pattern" : "[file:hashes.MD5 = '7cf254d99c34b3e6a10482a471cc3f70']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ced-e894-40e7-8566-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:05.000Z" ,
"modified" : "2016-11-23T09:10:05.000Z" ,
"first_observed" : "2016-11-23T09:10:05Z" ,
"last_observed" : "2016-11-23T09:10:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ced-e894-40e7-8566-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ced-e894-40e7-8566-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/2fce75daea5fdaafba376a86c59d5bc3e32f7fe5e735ec1e1811971910bc4009/analysis/1464977697/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ced-dd88-458a-b3c0-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:05.000Z" ,
"modified" : "2016-11-23T09:10:05.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 85904e7b88b5049fb99b4b8456d9f01bdbf8f6fcf0f77943aed1ce7e6f7127c2" ,
"pattern" : "[file:hashes.SHA1 = '11f5be9476f63bbf40b4303dd5c13f29914349e7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355ced-f9f0-4d91-b884-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:05.000Z" ,
"modified" : "2016-11-23T09:10:05.000Z" ,
"description" : "Yahoyah - Xchecked via VT: 85904e7b88b5049fb99b4b8456d9f01bdbf8f6fcf0f77943aed1ce7e6f7127c2" ,
"pattern" : "[file:hashes.MD5 = '1590ff9da2ac7f28f02564d4114a43d2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355ced-a6d0-4c8f-be38-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:05.000Z" ,
"modified" : "2016-11-23T09:10:05.000Z" ,
"first_observed" : "2016-11-23T09:10:05Z" ,
"last_observed" : "2016-11-23T09:10:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355ced-a6d0-4c8f-be38-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355ced-a6d0-4c8f-be38-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/85904e7b88b5049fb99b4b8456d9f01bdbf8f6fcf0f77943aed1ce7e6f7127c2/analysis/1474630413/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cee-9890-4deb-ab56-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:06.000Z" ,
"modified" : "2016-11-23T09:10:06.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: edfedfad21bd37b890d0e21c3c832ff9493612f9959a32d6406750b2d4a93697" ,
"pattern" : "[file:hashes.SHA1 = '76357792cb680f647ad27f69488086b7cada38a6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cee-0ae8-4c1c-b678-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:06.000Z" ,
"modified" : "2016-11-23T09:10:06.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: edfedfad21bd37b890d0e21c3c832ff9493612f9959a32d6406750b2d4a93697" ,
"pattern" : "[file:hashes.MD5 = 'cd54c44f1103d01584bc831f4a821c02']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cee-f73c-4529-a386-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:06.000Z" ,
"modified" : "2016-11-23T09:10:06.000Z" ,
"first_observed" : "2016-11-23T09:10:06Z" ,
"last_observed" : "2016-11-23T09:10:06Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cee-f73c-4529-a386-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cee-f73c-4529-a386-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/edfedfad21bd37b890d0e21c3c832ff9493612f9959a32d6406750b2d4a93697/analysis/1410970449/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cee-6830-4029-bbd3-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:06.000Z" ,
"modified" : "2016-11-23T09:10:06.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: ee3f29d2a68217825666dae6a56ae7ee96297ea7f88ae4fd78819983ae67a3ce" ,
"pattern" : "[file:hashes.SHA1 = 'a7bfb6d1793a8d711c93f8b12218c7d77b07a947']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cef-2e94-46d3-a406-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:07.000Z" ,
"modified" : "2016-11-23T09:10:07.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: ee3f29d2a68217825666dae6a56ae7ee96297ea7f88ae4fd78819983ae67a3ce" ,
"pattern" : "[file:hashes.MD5 = 'fa8000bae499ccbb56022f13cde350b2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cef-d660-4a82-bd24-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:07.000Z" ,
"modified" : "2016-11-23T09:10:07.000Z" ,
"first_observed" : "2016-11-23T09:10:07Z" ,
"last_observed" : "2016-11-23T09:10:07Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cef-d660-4a82-bd24-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cef-d660-4a82-bd24-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/ee3f29d2a68217825666dae6a56ae7ee96297ea7f88ae4fd78819983ae67a3ce/analysis/1463181111/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cef-e9cc-4567-a257-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:07.000Z" ,
"modified" : "2016-11-23T09:10:07.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: c9d0d7e3ba9a1369b670511966f2c3b5fa3618d3b8ac99cbc3a732bd13501b99" ,
"pattern" : "[file:hashes.SHA1 = '1500d082c509fed6ef37bf0ce314475fdc293845']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cef-e1d0-46c6-8c4b-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:07.000Z" ,
"modified" : "2016-11-23T09:10:07.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: c9d0d7e3ba9a1369b670511966f2c3b5fa3618d3b8ac99cbc3a732bd13501b99" ,
"pattern" : "[file:hashes.MD5 = '4b7f5a088e43361cf6ce738661c4aa5c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cef-3c94-4cdc-bbf8-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:07.000Z" ,
"modified" : "2016-11-23T09:10:07.000Z" ,
"first_observed" : "2016-11-23T09:10:07Z" ,
"last_observed" : "2016-11-23T09:10:07Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cef-3c94-4cdc-bbf8-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cef-3c94-4cdc-bbf8-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/c9d0d7e3ba9a1369b670511966f2c3b5fa3618d3b8ac99cbc3a732bd13501b99/analysis/1437635994/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cf0-e308-4036-a640-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:08.000Z" ,
"modified" : "2016-11-23T09:10:08.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: c4b73d2102c25e31e3b73a8547a0120e1d3706eed96392acb174ecbf1218fa37" ,
"pattern" : "[file:hashes.SHA1 = '3634781a265d783377d887361eeda08b1016c38f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cf0-2380-4472-a4c8-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:08.000Z" ,
"modified" : "2016-11-23T09:10:08.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: c4b73d2102c25e31e3b73a8547a0120e1d3706eed96392acb174ecbf1218fa37" ,
"pattern" : "[file:hashes.MD5 = '6d28b55b2ae1f529635dc898c2e3cc34']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cf0-b6e0-4103-ae22-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:08.000Z" ,
"modified" : "2016-11-23T09:10:08.000Z" ,
"first_observed" : "2016-11-23T09:10:08Z" ,
"last_observed" : "2016-11-23T09:10:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cf0-b6e0-4103-ae22-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cf0-b6e0-4103-ae22-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/c4b73d2102c25e31e3b73a8547a0120e1d3706eed96392acb174ecbf1218fa37/analysis/1450348934/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cf0-4be8-4562-8d52-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:08.000Z" ,
"modified" : "2016-11-23T09:10:08.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: 84f9d3c0895fbcc3148ec77b967eb9cdf33eb90915937b91a61664d36eed7464" ,
"pattern" : "[file:hashes.SHA1 = '06f034b3cf9dc0dac0db615eb11ff979dbb6bc2f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58355cf1-fa1c-41bf-b498-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:09.000Z" ,
"modified" : "2016-11-23T09:10:09.000Z" ,
"description" : "Poison Ivy - Xchecked via VT: 84f9d3c0895fbcc3148ec77b967eb9cdf33eb90915937b91a61664d36eed7464" ,
"pattern" : "[file:hashes.MD5 = '7194dcb825f4df1ea78e4cac8582f148']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-11-23T09:10:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58355cf1-3910-4fa2-bb7f-9a1e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-11-23T09:10:09.000Z" ,
"modified" : "2016-11-23T09:10:09.000Z" ,
"first_observed" : "2016-11-23T09:10:09Z" ,
"last_observed" : "2016-11-23T09:10:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58355cf1-3910-4fa2-bb7f-9a1e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58355cf1-3910-4fa2-bb7f-9a1e02de0b81" ,
"value" : "https://www.virustotal.com/file/84f9d3c0895fbcc3148ec77b967eb9cdf33eb90915937b91a61664d36eed7464/analysis/1455275839/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}