adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/58503e2f-4c78-442d-833f-8ad202de0b81.json

2504 lines
105 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--58503e2f-4c78-442d-833f-8ad202de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:38.000Z",
"modified": "2016-12-13T18:38:38.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--58503e2f-4c78-442d-833f-8ad202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:38.000Z",
"modified": "2016-12-13T18:38:38.000Z",
"name": "OSINT - The rise of TeleBots: Analyzing disruptive KillDisk attacks",
"published": "2016-12-13T18:41:32Z",
"object_refs": [
"x-misp-attribute--58503e41-62e8-4280-b09c-467402de0b81",
"observed-data--58503e4e-56bc-45a0-8a80-e8a002de0b81",
"url--58503e4e-56bc-45a0-8a80-e8a002de0b81",
"indicator--58503e62-222c-4236-aa34-e8a002de0b81",
"indicator--58503e63-0a98-4f7b-a6d3-e8a002de0b81",
"indicator--58503e73-ef34-4b46-9215-e8ac02de0b81",
"indicator--58503e73-66cc-42cd-8dd1-e8ac02de0b81",
"indicator--58503e83-6230-4797-8a91-c7c302de0b81",
"indicator--58503e97-84e4-4fe5-a7cc-4ab602de0b81",
"indicator--58503e97-041c-4ebf-9541-479202de0b81",
"indicator--58503ea6-c204-49fc-9ea6-e8a402de0b81",
"indicator--58503eb8-4cac-48aa-b1e7-458d02de0b81",
"indicator--58503eb8-928c-4b35-a948-4f4b02de0b81",
"indicator--58503eb9-06f8-44a2-9940-418602de0b81",
"indicator--58503ec5-1a14-4455-a56f-49ec02de0b81",
"indicator--58503ec5-eab8-42f1-ba84-461c02de0b81",
"indicator--58503ed8-ce04-4ac2-a419-469502de0b81",
"indicator--58503ed9-b6d4-4688-ba83-476b02de0b81",
"indicator--58503ed9-66b8-4518-846f-47aa02de0b81",
"indicator--58503eda-0d74-4e8d-a7c3-406702de0b81",
"indicator--58503eda-bcf0-4241-91ff-425502de0b81",
"indicator--58503eee-5734-415d-a834-44bd02de0b81",
"indicator--58503eef-e4f4-4565-ba44-4eb702de0b81",
"indicator--58503eef-cd30-4c21-9acd-409a02de0b81",
"indicator--58503ef0-c93c-41bf-bd4c-405d02de0b81",
"indicator--58503ef0-6a38-4fa9-b633-4bae02de0b81",
"indicator--58503ef1-3d38-46d8-8e58-405a02de0b81",
"indicator--58503ef1-eeb0-41eb-8d93-41bf02de0b81",
"indicator--58503ef2-bfbc-4cce-bc6a-4ae202de0b81",
"indicator--58503ef2-f5cc-48cb-b254-4afe02de0b81",
"indicator--58503ef3-1630-4ee5-9791-429502de0b81",
"indicator--58503ef3-703c-4518-9dd9-480d02de0b81",
"indicator--58503ef4-ecbc-481e-a3e3-4c1702de0b81",
"indicator--58503ef4-61c0-4b1a-84d8-41c402de0b81",
"indicator--58503ef4-1f20-4beb-b829-4c4d02de0b81",
"indicator--58503ef5-9cd4-4623-8d55-4c0602de0b81",
"indicator--58503f02-21ec-4514-b5ba-c7c302de0b81",
"indicator--58503f14-99ec-4578-b7dd-451502de0b81",
"indicator--58503f14-a8bc-4338-be8d-448202de0b81",
"observed-data--58503f27-ec78-4a65-abb3-425702de0b81",
"domain-name--58503f27-ec78-4a65-abb3-425702de0b81",
"observed-data--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"network-traffic--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"ipv4-addr--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"observed-data--58503f28-a918-4725-b7a7-4d4f02de0b81",
"domain-name--58503f28-a918-4725-b7a7-4d4f02de0b81",
"observed-data--58503f28-747c-4b4a-8cba-4e9902de0b81",
"network-traffic--58503f28-747c-4b4a-8cba-4e9902de0b81",
"ipv4-addr--58503f28-747c-4b4a-8cba-4e9902de0b81",
"observed-data--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"network-traffic--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"ipv4-addr--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"observed-data--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"network-traffic--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"ipv4-addr--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"observed-data--58503f2a-a898-494b-8cfa-480f02de0b81",
"network-traffic--58503f2a-a898-494b-8cfa-480f02de0b81",
"ipv4-addr--58503f2a-a898-494b-8cfa-480f02de0b81",
"observed-data--58503f2a-9d08-4001-93a6-43fc02de0b81",
"domain-name--58503f2a-9d08-4001-93a6-43fc02de0b81",
"observed-data--58503f2b-c1c4-4de6-b948-4be302de0b81",
"network-traffic--58503f2b-c1c4-4de6-b948-4be302de0b81",
"ipv4-addr--58503f2b-c1c4-4de6-b948-4be302de0b81",
"indicator--58503f3a-4414-4e2c-9562-424302de0b81",
"indicator--58503f3a-a690-4478-a0ef-4fd602de0b81",
"indicator--58503f3b-6e14-4deb-82c4-47c602de0b81",
"indicator--5850402e-f8a8-4990-ba17-484002de0b81",
"indicator--5850402f-a854-4c2e-af09-431a02de0b81",
"observed-data--58504030-569c-417e-a638-49e502de0b81",
"url--58504030-569c-417e-a638-49e502de0b81",
"indicator--58504030-0760-4dcf-8527-409e02de0b81",
"indicator--58504031-ffa8-46c5-9bb6-429f02de0b81",
"observed-data--58504031-4490-49ed-854e-429202de0b81",
"url--58504031-4490-49ed-854e-429202de0b81",
"indicator--58504032-0ec8-49a1-94f3-482b02de0b81",
"indicator--58504032-e93c-4675-bb15-4e5b02de0b81",
"observed-data--58504033-4cf4-4a9a-a6d3-405302de0b81",
"url--58504033-4cf4-4a9a-a6d3-405302de0b81",
"indicator--58504033-4f20-4199-af62-440802de0b81",
"indicator--58504034-e410-4ff2-ad04-483302de0b81",
"observed-data--58504034-db74-413e-a182-4bec02de0b81",
"url--58504034-db74-413e-a182-4bec02de0b81",
"indicator--58504035-d258-418c-825d-48b102de0b81",
"indicator--58504035-8c44-4988-8226-488002de0b81",
"observed-data--58504036-c064-4e2c-9d3f-484d02de0b81",
"url--58504036-c064-4e2c-9d3f-484d02de0b81",
"indicator--58504036-1ce4-46ad-9a87-40f502de0b81",
"indicator--58504037-f7ac-43a0-9e31-485f02de0b81",
"observed-data--58504037-9f80-4883-8f0d-46b302de0b81",
"url--58504037-9f80-4883-8f0d-46b302de0b81",
"indicator--58504038-7214-4a85-a564-4ee102de0b81",
"indicator--58504038-e2c4-4186-96bf-4f3b02de0b81",
"observed-data--58504039-f2d8-419a-936a-4f4602de0b81",
"url--58504039-f2d8-419a-936a-4f4602de0b81",
"indicator--58504039-15bc-45d6-b60f-4dc602de0b81",
"indicator--5850403a-eec4-4723-a1e0-4ff902de0b81",
"observed-data--5850403a-fdf0-46d5-abcc-4bf802de0b81",
"url--5850403a-fdf0-46d5-abcc-4bf802de0b81",
"indicator--5850403b-0c30-4fe4-b6f1-482e02de0b81",
"indicator--5850403b-2be0-4103-8f8f-4ceb02de0b81",
"observed-data--5850403c-4150-43c1-be39-482502de0b81",
"url--5850403c-4150-43c1-be39-482502de0b81",
"indicator--5850403c-e308-48a9-b780-415702de0b81",
"indicator--5850403d-ac3c-4442-a474-4b2f02de0b81",
"observed-data--5850403d-507c-4196-b7e7-461702de0b81",
"url--5850403d-507c-4196-b7e7-461702de0b81",
"indicator--5850403d-6128-4f26-bf07-4fa102de0b81",
"indicator--5850403e-5358-4e0c-be49-485202de0b81",
"observed-data--5850403e-6d80-44e0-8c42-4b7102de0b81",
"url--5850403e-6d80-44e0-8c42-4b7102de0b81",
"indicator--5850403f-49bc-4edb-9e43-451502de0b81",
"indicator--5850403f-b088-4448-b8aa-4f4702de0b81",
"observed-data--58504040-8818-4b41-b6f3-421502de0b81",
"url--58504040-8818-4b41-b6f3-421502de0b81",
"indicator--58504040-f9a4-4380-87a4-405a02de0b81",
"indicator--58504041-d378-4427-aafb-415d02de0b81",
"observed-data--58504041-6110-4ca7-be7a-4fd602de0b81",
"url--58504041-6110-4ca7-be7a-4fd602de0b81",
"indicator--58504042-c64c-4694-a0ff-47b902de0b81",
"indicator--58504042-1fa8-423e-87d2-40ee02de0b81",
"observed-data--58504043-2dc4-43c6-9623-423f02de0b81",
"url--58504043-2dc4-43c6-9623-423f02de0b81",
"indicator--58504043-2408-4775-944a-4c1202de0b81",
"indicator--58504044-c16c-46f8-87e9-48bb02de0b81",
"observed-data--58504044-2238-4999-9bd4-471902de0b81",
"url--58504044-2238-4999-9bd4-471902de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"misp-galaxy:threat-actor=\"TeleBots\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--58503e41-62e8-4280-b09c-467402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:30:25.000Z",
"modified": "2016-12-13T18:30:25.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "In the second half of 2016, ESET researchers identified a unique malicious toolset that was used in targeted cyberattacks against high-value targets in the Ukrainian financial sector. We believe that the main goal of attackers using these tools is cybersabotage. This blog post outlines the details about the campaign that we discovered.\r\n\r\nWe will refer to the gang behind the malware as TeleBots. However it\u00e2\u20ac\u2122s important to say that these attackers, and the toolset used, share a number of similarities with the BlackEnergy group, which conducted attacks against the energy industry in Ukraine in December 2015 and January 2016. In fact, we think that the BlackEnergy group has evolved into the TeleBots group."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503e4e-56bc-45a0-8a80-e8a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:30:38.000Z",
"modified": "2016-12-13T18:30:38.000Z",
"first_observed": "2016-12-13T18:30:38Z",
"last_observed": "2016-12-13T18:30:38Z",
"number_observed": 1,
"object_refs": [
"url--58503e4e-56bc-45a0-8a80-e8a002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58503e4e-56bc-45a0-8a80-e8a002de0b81",
"value": "http://www.welivesecurity.com/2016/12/13/rise-telebots-analyzing-disruptive-killdisk-attacks/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503e62-222c-4236-aa34-e8a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:30:58.000Z",
"modified": "2016-12-13T18:30:58.000Z",
"description": "Win32/KillDisk",
"pattern": "[file:hashes.SHA1 = '71a2b3f48828e4552637fa9753f0324b7146f3af']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:30:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503e63-0a98-4f7b-a6d3-e8a002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:30:59.000Z",
"modified": "2016-12-13T18:30:59.000Z",
"description": "Win32/KillDisk",
"pattern": "[file:hashes.SHA1 = '8eb8527562dda552fc6b8827c0ebf50968848f1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:30:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503e73-ef34-4b46-9215-e8ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:31:15.000Z",
"modified": "2016-12-13T18:31:15.000Z",
"description": "Intercepter-NG and silent WinPCAP installer",
"pattern": "[file:hashes.SHA1 = '64cb897acc37e12e4f49c4da4dfad606b3976225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503e73-66cc-42cd-8dd1-e8ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:31:15.000Z",
"modified": "2016-12-13T18:31:15.000Z",
"description": "Intercepter-NG and silent WinPCAP installer",
"pattern": "[file:hashes.SHA1 = 'a0b9a35675153f4933c3e55418b6566e1a5dbf8a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:31:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503e83-6230-4797-8a91-c7c302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:31:31.000Z",
"modified": "2016-12-13T18:31:31.000Z",
"description": "Win64/Spy.KeyLogger.G trojan",
"pattern": "[file:hashes.SHA1 = '7582de9e93e2f35f9a63b59317eba48846eea4c7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:31:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503e97-84e4-4fe5-a7cc-4ab602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:31:51.000Z",
"modified": "2016-12-13T18:31:51.000Z",
"description": "CredRaptor password stealer",
"pattern": "[file:hashes.SHA1 = 'fffc20567da4656059860ed06c53fd4e5ad664c2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:31:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503e97-041c-4ebf-9541-479202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:31:51.000Z",
"modified": "2016-12-13T18:31:51.000Z",
"description": "CredRaptor password stealer",
"pattern": "[file:hashes.SHA1 = '58a45ef055b287bad7b81033e17446ee6b682e2d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:31:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ea6-c204-49fc-9ea6-e8a402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:06.000Z",
"modified": "2016-12-13T18:32:06.000Z",
"description": "LDAP query tool",
"pattern": "[file:hashes.SHA1 = '81f73c76fbf4ab3487d5e6e8629e83c0568de713']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eb8-4cac-48aa-b1e7-458d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:24.000Z",
"modified": "2016-12-13T18:32:24.000Z",
"description": "Modified Mimikatz",
"pattern": "[file:hashes.SHA1 = 'b0ba3405bb2b0fa5ba34b57c2cc7e5c184d86991']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eb8-928c-4b35-a948-4f4b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:24.000Z",
"modified": "2016-12-13T18:32:24.000Z",
"description": "Modified Mimikatz",
"pattern": "[file:hashes.SHA1 = 'ad2d3d00c7573733b70d9780ae3b89eeb8c62c76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eb9-06f8-44a2-9940-418602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:25.000Z",
"modified": "2016-12-13T18:32:25.000Z",
"description": "Modified Mimikatz",
"pattern": "[file:hashes.SHA1 = 'd8614bc1d428ebabccbfae76a81037ff908a8f79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ec5-1a14-4455-a56f-49ec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:37.000Z",
"modified": "2016-12-13T18:32:37.000Z",
"description": "BCS-server",
"pattern": "[file:hashes.SHA1 = '4b692e2597683354e106dfb9b90677c9311972a1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ec5-eab8-42f1-ba84-461c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:37.000Z",
"modified": "2016-12-13T18:32:37.000Z",
"description": "BCS-server",
"pattern": "[file:hashes.SHA1 = 'bf3cb98dc668e455188ebb4c311bd19cd9f46667']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ed8-ce04-4ac2-a419-469502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:56.000Z",
"modified": "2016-12-13T18:32:56.000Z",
"description": "VBS backdoors",
"pattern": "[file:hashes.SHA1 = 'f00f632749418b2b75ca9ece73a02c485621c3b4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ed9-b6d4-4688-ba83-476b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:57.000Z",
"modified": "2016-12-13T18:32:57.000Z",
"description": "VBS backdoors",
"pattern": "[file:hashes.SHA1 = '06e1f816cbaf45bd6ee55f74f0261a674e805f86']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ed9-66b8-4518-846f-47aa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:57.000Z",
"modified": "2016-12-13T18:32:57.000Z",
"description": "VBS backdoors",
"pattern": "[file:hashes.SHA1 = '35d71de3e665cf9d6a685ae02c3876b7d56b1687']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eda-0d74-4e8d-a7c3-406702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:58.000Z",
"modified": "2016-12-13T18:32:58.000Z",
"description": "VBS backdoors",
"pattern": "[file:hashes.SHA1 = 'f22cea7bc080e712e85549848d35e7d5908d9b49']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eda-bcf0-4241-91ff-425502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:32:58.000Z",
"modified": "2016-12-13T18:32:58.000Z",
"description": "VBS backdoors",
"pattern": "[file:hashes.SHA1 = 'c473ccb92581a803c1f1540be2193bc8b9599bfe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:32:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eee-5734-415d-a834-44bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:18.000Z",
"modified": "2016-12-13T18:33:18.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '16c206d9cfd4c82d6652afb1eebb589a927b041b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eef-e4f4-4565-ba44-4eb702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:19.000Z",
"modified": "2016-12-13T18:33:19.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '1dc1660677a41b6622b795a1eb5aa5e5118d8f18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503eef-cd30-4c21-9acd-409a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:19.000Z",
"modified": "2016-12-13T18:33:19.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '26da35564d04bb308d57f645f353d1de1fb76677']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef0-c93c-41bf-bd4c-405d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:20.000Z",
"modified": "2016-12-13T18:33:20.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '30d2da7caf740baaa8a1300ee48220b3043a327d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef0-6a38-4fa9-b633-4bae02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:20.000Z",
"modified": "2016-12-13T18:33:20.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '385f26d29b46ff55c5f4d6bbfd3da12eb5c33ed7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef1-3d38-46d8-8e58-405a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:21.000Z",
"modified": "2016-12-13T18:33:21.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '4d5023f9f9d0ba7a7328a8ee341dbbca244f72c5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef1-eeb0-41eb-8d93-41bf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:21.000Z",
"modified": "2016-12-13T18:33:21.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '57dad9cda501bc8f1d0496ef010146d9a1d3734f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef2-bfbc-4cce-bc6a-4ae202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:22.000Z",
"modified": "2016-12-13T18:33:22.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '68377a993e5a85eb39aded400755a22eb7273ca0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef2-f5cc-48cb-b254-4afe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:22.000Z",
"modified": "2016-12-13T18:33:22.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '77d7ea627f645219cf6b8454459baef1e5192467']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef3-1630-4ee5-9791-429502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:23.000Z",
"modified": "2016-12-13T18:33:23.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '7b87ad4a25e80000ff1011b51f03e48e8ea6c23d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef3-703c-4518-9dd9-480d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:23.000Z",
"modified": "2016-12-13T18:33:23.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '7c822f0fdb5ec14dd335cbe0238448c14015f495']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef4-ecbc-481e-a3e3-4c1702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:24.000Z",
"modified": "2016-12-13T18:33:24.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '86abbf8a4cf9828381dde9fd09e55446e7533e78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef4-61c0-4b1a-84d8-41c402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:24.000Z",
"modified": "2016-12-13T18:33:24.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = '9512a8280214674e6b16b07be281bb9f0255004b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef4-1f20-4beb-b829-4c4d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:24.000Z",
"modified": "2016-12-13T18:33:24.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = 'b2e9d964c304fc91dcaf39ff44e3c38132c94655']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503ef5-9cd4-4623-8d55-4c0602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:25.000Z",
"modified": "2016-12-13T18:33:25.000Z",
"description": "Python/TeleBot.AA backdoor",
"pattern": "[file:hashes.SHA1 = 'fe4c1c6b3d8fdc9e562c57849e8094393075bc93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503f02-21ec-4514-b5ba-c7c302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:38.000Z",
"modified": "2016-12-13T18:33:38.000Z",
"description": "Win32/TrojanDownloader.Agent.CWY",
"pattern": "[file:hashes.SHA1 = 'f1bf54186c2c64cd104755f247867238c8472504']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503f14-99ec-4578-b7dd-451502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:56.000Z",
"modified": "2016-12-13T18:33:56.000Z",
"description": "XLS documents with malicious macro",
"pattern": "[file:hashes.SHA1 = '7fc462f1734c09d8d70c6779a4f1a3e6e2a9cc9f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503f14-a8bc-4338-be8d-448202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:33:56.000Z",
"modified": "2016-12-13T18:33:56.000Z",
"description": "XLS documents with malicious macro",
"pattern": "[file:hashes.SHA1 = 'c361a06e51d2e2cd560f43d4cc9dabe765536179']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:33:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f27-ec78-4a65-abb3-425702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:15.000Z",
"modified": "2016-12-13T18:34:15.000Z",
"first_observed": "2016-12-13T18:34:15Z",
"last_observed": "2016-12-13T18:34:15Z",
"number_observed": 1,
"object_refs": [
"domain-name--58503f27-ec78-4a65-abb3-425702de0b81"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--58503f27-ec78-4a65-abb3-425702de0b81",
"value": "srv70.putdrive.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:16.000Z",
"modified": "2016-12-13T18:34:16.000Z",
"first_observed": "2016-12-13T18:34:16Z",
"last_observed": "2016-12-13T18:34:16Z",
"number_observed": 1,
"object_refs": [
"network-traffic--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"ipv4-addr--58503f28-1a5c-46ca-a24e-4a3f02de0b81"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"dst_ref": "ipv4-addr--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--58503f28-1a5c-46ca-a24e-4a3f02de0b81",
"value": "188.165.14.185"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f28-a918-4725-b7a7-4d4f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:16.000Z",
"modified": "2016-12-13T18:34:16.000Z",
"first_observed": "2016-12-13T18:34:16Z",
"last_observed": "2016-12-13T18:34:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--58503f28-a918-4725-b7a7-4d4f02de0b81"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--58503f28-a918-4725-b7a7-4d4f02de0b81",
"value": "api.telegram.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f28-747c-4b4a-8cba-4e9902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:16.000Z",
"modified": "2016-12-13T18:34:16.000Z",
"first_observed": "2016-12-13T18:34:16Z",
"last_observed": "2016-12-13T18:34:16Z",
"number_observed": 1,
"object_refs": [
"network-traffic--58503f28-747c-4b4a-8cba-4e9902de0b81",
"ipv4-addr--58503f28-747c-4b4a-8cba-4e9902de0b81"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--58503f28-747c-4b4a-8cba-4e9902de0b81",
"dst_ref": "ipv4-addr--58503f28-747c-4b4a-8cba-4e9902de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--58503f28-747c-4b4a-8cba-4e9902de0b81",
"value": "149.154.167.200"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:17.000Z",
"modified": "2016-12-13T18:34:17.000Z",
"first_observed": "2016-12-13T18:34:17Z",
"last_observed": "2016-12-13T18:34:17Z",
"number_observed": 1,
"object_refs": [
"network-traffic--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"ipv4-addr--58503f29-2b9c-4d14-82a6-4dda02de0b81"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"dst_ref": "ipv4-addr--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--58503f29-2b9c-4d14-82a6-4dda02de0b81",
"value": "149.154.167.197"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:17.000Z",
"modified": "2016-12-13T18:34:17.000Z",
"first_observed": "2016-12-13T18:34:17Z",
"last_observed": "2016-12-13T18:34:17Z",
"number_observed": 1,
"object_refs": [
"network-traffic--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"ipv4-addr--58503f29-2fbc-4fbc-8e65-4b0202de0b81"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"dst_ref": "ipv4-addr--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--58503f29-2fbc-4fbc-8e65-4b0202de0b81",
"value": "149.154.167.198"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f2a-a898-494b-8cfa-480f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:18.000Z",
"modified": "2016-12-13T18:34:18.000Z",
"first_observed": "2016-12-13T18:34:18Z",
"last_observed": "2016-12-13T18:34:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--58503f2a-a898-494b-8cfa-480f02de0b81",
"ipv4-addr--58503f2a-a898-494b-8cfa-480f02de0b81"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--58503f2a-a898-494b-8cfa-480f02de0b81",
"dst_ref": "ipv4-addr--58503f2a-a898-494b-8cfa-480f02de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--58503f2a-a898-494b-8cfa-480f02de0b81",
"value": "149.154.167.199"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f2a-9d08-4001-93a6-43fc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:18.000Z",
"modified": "2016-12-13T18:34:18.000Z",
"first_observed": "2016-12-13T18:34:18Z",
"last_observed": "2016-12-13T18:34:18Z",
"number_observed": 1,
"object_refs": [
"domain-name--58503f2a-9d08-4001-93a6-43fc02de0b81"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--58503f2a-9d08-4001-93a6-43fc02de0b81",
"value": "smtp-mail.outlook.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58503f2b-c1c4-4de6-b948-4be302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:19.000Z",
"modified": "2016-12-13T18:34:19.000Z",
"first_observed": "2016-12-13T18:34:19Z",
"last_observed": "2016-12-13T18:34:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--58503f2b-c1c4-4de6-b948-4be302de0b81",
"ipv4-addr--58503f2b-c1c4-4de6-b948-4be302de0b81"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--58503f2b-c1c4-4de6-b948-4be302de0b81",
"dst_ref": "ipv4-addr--58503f2b-c1c4-4de6-b948-4be302de0b81",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--58503f2b-c1c4-4de6-b948-4be302de0b81",
"value": "65.55.176.126"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503f3a-4414-4e2c-9562-424302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:34.000Z",
"modified": "2016-12-13T18:34:34.000Z",
"description": "C&C Server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.190.137.212']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:34:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503f3a-a690-4478-a0ef-4fd602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:34.000Z",
"modified": "2016-12-13T18:34:34.000Z",
"description": "C&C Server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.141.37.3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:34:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58503f3b-6e14-4deb-82c4-47c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:34:35.000Z",
"modified": "2016-12-13T18:34:35.000Z",
"description": "C&C Server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.233.134.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:34:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850402e-f8a8-4990-ba17-484002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:38.000Z",
"modified": "2016-12-13T18:38:38.000Z",
"description": "XLS documents with malicious macro - Xchecked via VT: c361a06e51d2e2cd560f43d4cc9dabe765536179",
"pattern": "[file:hashes.SHA256 = '97b317afa02cd35db40c197fea3a6ef8cdc8c01ca73523983850f323a47d0c2e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850402f-a854-4c2e-af09-431a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:39.000Z",
"modified": "2016-12-13T18:38:39.000Z",
"description": "XLS documents with malicious macro - Xchecked via VT: c361a06e51d2e2cd560f43d4cc9dabe765536179",
"pattern": "[file:hashes.MD5 = '7d4fc63f2096a485d2da3db1150e6d34']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504030-569c-417e-a638-49e502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:40.000Z",
"modified": "2016-12-13T18:38:40.000Z",
"first_observed": "2016-12-13T18:38:40Z",
"last_observed": "2016-12-13T18:38:40Z",
"number_observed": 1,
"object_refs": [
"url--58504030-569c-417e-a638-49e502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504030-569c-417e-a638-49e502de0b81",
"value": "https://www.virustotal.com/file/97b317afa02cd35db40c197fea3a6ef8cdc8c01ca73523983850f323a47d0c2e/analysis/1481528849/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504030-0760-4dcf-8527-409e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:40.000Z",
"modified": "2016-12-13T18:38:40.000Z",
"description": "XLS documents with malicious macro - Xchecked via VT: 7fc462f1734c09d8d70c6779a4f1a3e6e2a9cc9f",
"pattern": "[file:hashes.SHA256 = 'a260320bb52eb0fe767d7e30e069492ab063b65a26969dd78d10d8141b850bc8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504031-ffa8-46c5-9bb6-429f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:41.000Z",
"modified": "2016-12-13T18:38:41.000Z",
"description": "XLS documents with malicious macro - Xchecked via VT: 7fc462f1734c09d8d70c6779a4f1a3e6e2a9cc9f",
"pattern": "[file:hashes.MD5 = 'fd0fd58b20b1476e8f67d6a05307e9bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504031-4490-49ed-854e-429202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:41.000Z",
"modified": "2016-12-13T18:38:41.000Z",
"first_observed": "2016-12-13T18:38:41Z",
"last_observed": "2016-12-13T18:38:41Z",
"number_observed": 1,
"object_refs": [
"url--58504031-4490-49ed-854e-429202de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504031-4490-49ed-854e-429202de0b81",
"value": "https://www.virustotal.com/file/a260320bb52eb0fe767d7e30e069492ab063b65a26969dd78d10d8141b850bc8/analysis/1481528895/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504032-0ec8-49a1-94f3-482b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:42.000Z",
"modified": "2016-12-13T18:38:42.000Z",
"description": "Win32/TrojanDownloader.Agent.CWY - Xchecked via VT: f1bf54186c2c64cd104755f247867238c8472504",
"pattern": "[file:hashes.SHA256 = '2ee5a743bd420aa04e0ea9ab7a25e1cc2c346a55d6a518f267896694d75539a2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504032-e93c-4675-bb15-4e5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:42.000Z",
"modified": "2016-12-13T18:38:42.000Z",
"description": "Win32/TrojanDownloader.Agent.CWY - Xchecked via VT: f1bf54186c2c64cd104755f247867238c8472504",
"pattern": "[file:hashes.MD5 = '1019c101fc1ae71e5c1687e34f0628e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504033-4cf4-4a9a-a6d3-405302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:43.000Z",
"modified": "2016-12-13T18:38:43.000Z",
"first_observed": "2016-12-13T18:38:43Z",
"last_observed": "2016-12-13T18:38:43Z",
"number_observed": 1,
"object_refs": [
"url--58504033-4cf4-4a9a-a6d3-405302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504033-4cf4-4a9a-a6d3-405302de0b81",
"value": "https://www.virustotal.com/file/2ee5a743bd420aa04e0ea9ab7a25e1cc2c346a55d6a518f267896694d75539a2/analysis/1479466980/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504033-4f20-4199-af62-440802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:43.000Z",
"modified": "2016-12-13T18:38:43.000Z",
"description": "Python/TeleBot.AA backdoor - Xchecked via VT: 57dad9cda501bc8f1d0496ef010146d9a1d3734f",
"pattern": "[file:hashes.SHA256 = 'ea57a45dda5b735fc2a982700a21363cbee138de2605d1df06103a5d94c539da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504034-e410-4ff2-ad04-483302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:44.000Z",
"modified": "2016-12-13T18:38:44.000Z",
"description": "Python/TeleBot.AA backdoor - Xchecked via VT: 57dad9cda501bc8f1d0496ef010146d9a1d3734f",
"pattern": "[file:hashes.MD5 = '24313581bbbffa9a784b48075b525810']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504034-db74-413e-a182-4bec02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:44.000Z",
"modified": "2016-12-13T18:38:44.000Z",
"first_observed": "2016-12-13T18:38:44Z",
"last_observed": "2016-12-13T18:38:44Z",
"number_observed": 1,
"object_refs": [
"url--58504034-db74-413e-a182-4bec02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504034-db74-413e-a182-4bec02de0b81",
"value": "https://www.virustotal.com/file/ea57a45dda5b735fc2a982700a21363cbee138de2605d1df06103a5d94c539da/analysis/1481525869/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504035-d258-418c-825d-48b102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:45.000Z",
"modified": "2016-12-13T18:38:45.000Z",
"description": "Python/TeleBot.AA backdoor - Xchecked via VT: 385f26d29b46ff55c5f4d6bbfd3da12eb5c33ed7",
"pattern": "[file:hashes.SHA256 = 'dcdc4c72c6e0867e74790a882e8e8c20e8a38416e9b10ed64fbf0f64f4e2567c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504035-8c44-4988-8226-488002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:45.000Z",
"modified": "2016-12-13T18:38:45.000Z",
"description": "Python/TeleBot.AA backdoor - Xchecked via VT: 385f26d29b46ff55c5f4d6bbfd3da12eb5c33ed7",
"pattern": "[file:hashes.MD5 = '0fce93cd9beeea30a7f0e2a819d2b968']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504036-c064-4e2c-9d3f-484d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:46.000Z",
"modified": "2016-12-13T18:38:46.000Z",
"first_observed": "2016-12-13T18:38:46Z",
"last_observed": "2016-12-13T18:38:46Z",
"number_observed": 1,
"object_refs": [
"url--58504036-c064-4e2c-9d3f-484d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504036-c064-4e2c-9d3f-484d02de0b81",
"value": "https://www.virustotal.com/file/dcdc4c72c6e0867e74790a882e8e8c20e8a38416e9b10ed64fbf0f64f4e2567c/analysis/1481552578/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504036-1ce4-46ad-9a87-40f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:46.000Z",
"modified": "2016-12-13T18:38:46.000Z",
"description": "Python/TeleBot.AA backdoor - Xchecked via VT: 16c206d9cfd4c82d6652afb1eebb589a927b041b",
"pattern": "[file:hashes.SHA256 = '904df5d6b900fcdac44c002f03ab1fbc698b8d421a22639819b3b208aaa6ea2c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504037-f7ac-43a0-9e31-485f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:47.000Z",
"modified": "2016-12-13T18:38:47.000Z",
"description": "Python/TeleBot.AA backdoor - Xchecked via VT: 16c206d9cfd4c82d6652afb1eebb589a927b041b",
"pattern": "[file:hashes.MD5 = '75ee947e31a40ab4b5cde9f4a767310b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504037-9f80-4883-8f0d-46b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:47.000Z",
"modified": "2016-12-13T18:38:47.000Z",
"first_observed": "2016-12-13T18:38:47Z",
"last_observed": "2016-12-13T18:38:47Z",
"number_observed": 1,
"object_refs": [
"url--58504037-9f80-4883-8f0d-46b302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504037-9f80-4883-8f0d-46b302de0b81",
"value": "https://www.virustotal.com/file/904df5d6b900fcdac44c002f03ab1fbc698b8d421a22639819b3b208aaa6ea2c/analysis/1481552575/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504038-7214-4a85-a564-4ee102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:48.000Z",
"modified": "2016-12-13T18:38:48.000Z",
"description": "VBS backdoors - Xchecked via VT: f22cea7bc080e712e85549848d35e7d5908d9b49",
"pattern": "[file:hashes.SHA256 = '1b2a5922b58c8060844b43e14dfa5b0c8b119f281f54a46f0f1c34accde71ddb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504038-e2c4-4186-96bf-4f3b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:48.000Z",
"modified": "2016-12-13T18:38:48.000Z",
"description": "VBS backdoors - Xchecked via VT: f22cea7bc080e712e85549848d35e7d5908d9b49",
"pattern": "[file:hashes.MD5 = 'c404b959b51ad0425f1789f03e2c6ecf']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504039-f2d8-419a-936a-4f4602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:49.000Z",
"modified": "2016-12-13T18:38:49.000Z",
"first_observed": "2016-12-13T18:38:49Z",
"last_observed": "2016-12-13T18:38:49Z",
"number_observed": 1,
"object_refs": [
"url--58504039-f2d8-419a-936a-4f4602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504039-f2d8-419a-936a-4f4602de0b81",
"value": "https://www.virustotal.com/file/1b2a5922b58c8060844b43e14dfa5b0c8b119f281f54a46f0f1c34accde71ddb/analysis/1481552577/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504039-15bc-45d6-b60f-4dc602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:49.000Z",
"modified": "2016-12-13T18:38:49.000Z",
"description": "VBS backdoors - Xchecked via VT: 35d71de3e665cf9d6a685ae02c3876b7d56b1687",
"pattern": "[file:hashes.SHA256 = 'eb31a918ccc1643d069cf08b7958e2760e8551ba3b88ea9e5d496e07437273b2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403a-eec4-4723-a1e0-4ff902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:50.000Z",
"modified": "2016-12-13T18:38:50.000Z",
"description": "VBS backdoors - Xchecked via VT: 35d71de3e665cf9d6a685ae02c3876b7d56b1687",
"pattern": "[file:hashes.MD5 = '2d7866989d659c1f8ae795e5cab40bf3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5850403a-fdf0-46d5-abcc-4bf802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:50.000Z",
"modified": "2016-12-13T18:38:50.000Z",
"first_observed": "2016-12-13T18:38:50Z",
"last_observed": "2016-12-13T18:38:50Z",
"number_observed": 1,
"object_refs": [
"url--5850403a-fdf0-46d5-abcc-4bf802de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5850403a-fdf0-46d5-abcc-4bf802de0b81",
"value": "https://www.virustotal.com/file/eb31a918ccc1643d069cf08b7958e2760e8551ba3b88ea9e5d496e07437273b2/analysis/1481552576/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403b-0c30-4fe4-b6f1-482e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:51.000Z",
"modified": "2016-12-13T18:38:51.000Z",
"description": "Modified Mimikatz - Xchecked via VT: d8614bc1d428ebabccbfae76a81037ff908a8f79",
"pattern": "[file:hashes.SHA256 = 'b2edc9351b389f1cbcdf0ac52b9d0b3bd982a077e5a3df8cebebc32c450ffeec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403b-2be0-4103-8f8f-4ceb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:51.000Z",
"modified": "2016-12-13T18:38:51.000Z",
"description": "Modified Mimikatz - Xchecked via VT: d8614bc1d428ebabccbfae76a81037ff908a8f79",
"pattern": "[file:hashes.MD5 = 'bde6c0dac3e594a4a859b490aaaf1217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5850403c-4150-43c1-be39-482502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:52.000Z",
"modified": "2016-12-13T18:38:52.000Z",
"first_observed": "2016-12-13T18:38:52Z",
"last_observed": "2016-12-13T18:38:52Z",
"number_observed": 1,
"object_refs": [
"url--5850403c-4150-43c1-be39-482502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5850403c-4150-43c1-be39-482502de0b81",
"value": "https://www.virustotal.com/file/b2edc9351b389f1cbcdf0ac52b9d0b3bd982a077e5a3df8cebebc32c450ffeec/analysis/1471587292/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403c-e308-48a9-b780-415702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:52.000Z",
"modified": "2016-12-13T18:38:52.000Z",
"description": "LDAP query tool - Xchecked via VT: 81f73c76fbf4ab3487d5e6e8629e83c0568de713",
"pattern": "[file:hashes.SHA256 = 'a35951855503188a66c94019bd419cd97208291f05e382151fd3c2a9d1848857']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403d-ac3c-4442-a474-4b2f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:52.000Z",
"modified": "2016-12-13T18:38:52.000Z",
"description": "LDAP query tool - Xchecked via VT: 81f73c76fbf4ab3487d5e6e8629e83c0568de713",
"pattern": "[file:hashes.MD5 = '76691c58103431624d26f2b8384a57b0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5850403d-507c-4196-b7e7-461702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:53.000Z",
"modified": "2016-12-13T18:38:53.000Z",
"first_observed": "2016-12-13T18:38:53Z",
"last_observed": "2016-12-13T18:38:53Z",
"number_observed": 1,
"object_refs": [
"url--5850403d-507c-4196-b7e7-461702de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5850403d-507c-4196-b7e7-461702de0b81",
"value": "https://www.virustotal.com/file/a35951855503188a66c94019bd419cd97208291f05e382151fd3c2a9d1848857/analysis/1471530894/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403d-6128-4f26-bf07-4fa102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:53.000Z",
"modified": "2016-12-13T18:38:53.000Z",
"description": "CredRaptor password stealer - Xchecked via VT: 58a45ef055b287bad7b81033e17446ee6b682e2d",
"pattern": "[file:hashes.SHA256 = '50b990f6555055a265fde98324759dbc74619d6a7c49b9fd786775299bf77d26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403e-5358-4e0c-be49-485202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:54.000Z",
"modified": "2016-12-13T18:38:54.000Z",
"description": "CredRaptor password stealer - Xchecked via VT: 58a45ef055b287bad7b81033e17446ee6b682e2d",
"pattern": "[file:hashes.MD5 = '389ae3a4589e355e173e9b077d6f1a0a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5850403e-6d80-44e0-8c42-4b7102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:54.000Z",
"modified": "2016-12-13T18:38:54.000Z",
"first_observed": "2016-12-13T18:38:54Z",
"last_observed": "2016-12-13T18:38:54Z",
"number_observed": 1,
"object_refs": [
"url--5850403e-6d80-44e0-8c42-4b7102de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5850403e-6d80-44e0-8c42-4b7102de0b81",
"value": "https://www.virustotal.com/file/50b990f6555055a265fde98324759dbc74619d6a7c49b9fd786775299bf77d26/analysis/1481650988/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403f-49bc-4edb-9e43-451502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:55.000Z",
"modified": "2016-12-13T18:38:55.000Z",
"description": "Win64/Spy.KeyLogger.G trojan - Xchecked via VT: 7582de9e93e2f35f9a63b59317eba48846eea4c7",
"pattern": "[file:hashes.SHA256 = 'e3f134ae88f05463c4707a80f956a689fba7066bb5357f6d45cba312ad0db68e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5850403f-b088-4448-b8aa-4f4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:55.000Z",
"modified": "2016-12-13T18:38:55.000Z",
"description": "Win64/Spy.KeyLogger.G trojan - Xchecked via VT: 7582de9e93e2f35f9a63b59317eba48846eea4c7",
"pattern": "[file:hashes.MD5 = '4919569cd19164c1f123f97c5b44b03b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504040-8818-4b41-b6f3-421502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:56.000Z",
"modified": "2016-12-13T18:38:56.000Z",
"first_observed": "2016-12-13T18:38:56Z",
"last_observed": "2016-12-13T18:38:56Z",
"number_observed": 1,
"object_refs": [
"url--58504040-8818-4b41-b6f3-421502de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504040-8818-4b41-b6f3-421502de0b81",
"value": "https://www.virustotal.com/file/e3f134ae88f05463c4707a80f956a689fba7066bb5357f6d45cba312ad0db68e/analysis/1469022930/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504040-f9a4-4380-87a4-405a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:56.000Z",
"modified": "2016-12-13T18:38:56.000Z",
"description": "Intercepter-NG and silent WinPCAP installer - Xchecked via VT: 64cb897acc37e12e4f49c4da4dfad606b3976225",
"pattern": "[file:hashes.SHA256 = '5f9fef7974d37922ac91365588fbe7b544e13abbbde7c262fe30bade7026e118']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504041-d378-4427-aafb-415d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:57.000Z",
"modified": "2016-12-13T18:38:57.000Z",
"description": "Intercepter-NG and silent WinPCAP installer - Xchecked via VT: 64cb897acc37e12e4f49c4da4dfad606b3976225",
"pattern": "[file:hashes.MD5 = '5bd6b79a4443afd27f7ed1fbf66060ea']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504041-6110-4ca7-be7a-4fd602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:57.000Z",
"modified": "2016-12-13T18:38:57.000Z",
"first_observed": "2016-12-13T18:38:57Z",
"last_observed": "2016-12-13T18:38:57Z",
"number_observed": 1,
"object_refs": [
"url--58504041-6110-4ca7-be7a-4fd602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504041-6110-4ca7-be7a-4fd602de0b81",
"value": "https://www.virustotal.com/file/5f9fef7974d37922ac91365588fbe7b544e13abbbde7c262fe30bade7026e118/analysis/1471786034/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504042-c64c-4694-a0ff-47b902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:58.000Z",
"modified": "2016-12-13T18:38:58.000Z",
"description": "Win32/KillDisk - Xchecked via VT: 8eb8527562dda552fc6b8827c0ebf50968848f1a",
"pattern": "[file:hashes.SHA256 = '8246f709efa922a485e1ca32d8b0d10dc752618e8b3fce4d3dd58d10e4a6a16d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504042-1fa8-423e-87d2-40ee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:58.000Z",
"modified": "2016-12-13T18:38:58.000Z",
"description": "Win32/KillDisk - Xchecked via VT: 8eb8527562dda552fc6b8827c0ebf50968848f1a",
"pattern": "[file:hashes.MD5 = 'b75c869561e014f4d384773427c879a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504043-2dc4-43c6-9623-423f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:59.000Z",
"modified": "2016-12-13T18:38:59.000Z",
"first_observed": "2016-12-13T18:38:59Z",
"last_observed": "2016-12-13T18:38:59Z",
"number_observed": 1,
"object_refs": [
"url--58504043-2dc4-43c6-9623-423f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504043-2dc4-43c6-9623-423f02de0b81",
"value": "https://www.virustotal.com/file/8246f709efa922a485e1ca32d8b0d10dc752618e8b3fce4d3dd58d10e4a6a16d/analysis/1481528958/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504043-2408-4775-944a-4c1202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:38:59.000Z",
"modified": "2016-12-13T18:38:59.000Z",
"description": "Win32/KillDisk - Xchecked via VT: 71a2b3f48828e4552637fa9753f0324b7146f3af",
"pattern": "[file:hashes.SHA256 = '26173c9ec8fd1c4f9f18f89683b23267f6f9d116196ed15655e9cb453af2890e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:38:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58504044-c16c-46f8-87e9-48bb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:39:00.000Z",
"modified": "2016-12-13T18:39:00.000Z",
"description": "Win32/KillDisk - Xchecked via VT: 71a2b3f48828e4552637fa9753f0324b7146f3af",
"pattern": "[file:hashes.MD5 = 'ffb1e8babaecc4a8cb3d763412294469']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-13T18:39:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--58504044-2238-4999-9bd4-471902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-12-13T18:39:00.000Z",
"modified": "2016-12-13T18:39:00.000Z",
"first_observed": "2016-12-13T18:39:00Z",
"last_observed": "2016-12-13T18:39:00Z",
"number_observed": 1,
"object_refs": [
"url--58504044-2238-4999-9bd4-471902de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--58504044-2238-4999-9bd4-471902de0b81",
"value": "https://www.virustotal.com/file/26173c9ec8fd1c4f9f18f89683b23267f6f9d116196ed15655e9cb453af2890e/analysis/1481554993/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink