2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--58fdc3f2-69b4-4aba-a5ec-4a2f950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:39.000Z" ,
"modified" : "2017-04-24T10:17:39.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--58fdc3f2-69b4-4aba-a5ec-4a2f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:39.000Z" ,
"modified" : "2017-04-24T10:17:39.000Z" ,
"name" : "OSINT - Cardinal RAT Active for Over Two Years" ,
"published" : "2017-04-24T10:18:10Z" ,
"object_refs" : [
"indicator--58fdc7ea-ad84-4e32-9d3b-4a96950d210f" ,
"indicator--58fdc7eb-c650-458e-bea9-455a950d210f" ,
"indicator--58fdc7ed-5588-4e51-aa4b-43ed950d210f" ,
"indicator--58fdc7ee-b690-4ba3-84bf-4cc4950d210f" ,
"indicator--58fdc7ef-5114-4f90-9e84-43f1950d210f" ,
"indicator--58fdc7f0-5dc0-4dc4-bec6-4c80950d210f" ,
"indicator--58fdc7f1-11e0-4889-997e-41d1950d210f" ,
"indicator--58fdc7f2-f53c-4e3e-a999-4d88950d210f" ,
"indicator--58fdc7f2-884c-4dee-8b39-4335950d210f" ,
"indicator--58fdc7f3-cb90-4060-9407-4d0d950d210f" ,
"indicator--58fdc7f4-0b84-4962-b0cb-4409950d210f" ,
"indicator--58fdc8a7-f4d8-432c-b88f-4be1950d210f" ,
"indicator--58fdc8a8-3f54-4062-9150-4b5c950d210f" ,
"indicator--58fdc8a9-7c2c-407a-b756-4bdd950d210f" ,
"indicator--58fdc8aa-8c40-48d8-be13-4943950d210f" ,
"indicator--58fdc8ab-c1e0-4948-89fc-408e950d210f" ,
"indicator--58fdc8ad-ac08-496c-9973-493c950d210f" ,
"indicator--58fdc8ae-b7e4-4128-9344-44e3950d210f" ,
"indicator--58fdc8af-1a98-4e1d-8027-419e950d210f" ,
"indicator--58fdc8b0-4fc0-47af-be94-47c8950d210f" ,
"indicator--58fdc8b1-a530-46ca-af5a-4a35950d210f" ,
"indicator--58fdc8b2-72a8-4110-9c99-4d8b950d210f" ,
"indicator--58fdc8b2-a40c-47d5-8048-44b0950d210f" ,
"indicator--58fdc8b3-ce20-4858-83c7-4108950d210f" ,
"indicator--58fdc8b4-28c4-4c1d-a764-473b950d210f" ,
"indicator--58fdc8b5-91bc-4dd9-9f7a-403d950d210f" ,
"indicator--58fdc8b6-257c-4bf8-934c-419a950d210f" ,
"indicator--58fdc8b7-f064-4a44-99da-4764950d210f" ,
"indicator--58fdc8b8-a4dc-43ca-a46c-4fc1950d210f" ,
"indicator--58fdc8b9-2180-4d60-a795-4059950d210f" ,
"indicator--58fdc8ba-35ac-4fb4-8399-41d5950d210f" ,
"indicator--58fdc8bb-82a0-4ec9-901c-453d950d210f" ,
"indicator--58fdc8bc-c7c4-468e-bc8d-4cd4950d210f" ,
"indicator--58fdc8bc-f430-4f6e-96c6-448d950d210f" ,
"indicator--58fdc8bd-c448-4638-8e85-4ec9950d210f" ,
"indicator--58fdc8be-eef8-43c8-999f-4712950d210f" ,
"indicator--58fdc8bf-fa3c-4f52-b373-4f5d950d210f" ,
"indicator--58fdc8c1-6f10-46e5-b165-455b950d210f" ,
"indicator--58fdc913-2874-42a7-aeba-49e2950d210f" ,
"indicator--58fdc914-ef64-45ee-9b26-464d950d210f" ,
"indicator--58fdc915-ceb0-4634-821e-4644950d210f" ,
"indicator--58fdc916-3d20-47f8-98d4-49e5950d210f" ,
"indicator--58fdc917-6dac-4b46-a99f-4075950d210f" ,
"indicator--58fdc919-f94c-48b9-9137-486b950d210f" ,
"indicator--58fdc91a-3f54-4f55-a2c6-46be950d210f" ,
"indicator--58fdc91b-7574-4c11-ac24-4199950d210f" ,
"indicator--58fdc91c-54c8-472d-a926-4399950d210f" ,
"indicator--58fdc91d-8170-4043-b49c-438e950d210f" ,
"indicator--58fdc91e-5994-45a6-8e26-47bc950d210f" ,
"indicator--58fdc91f-1858-4551-9778-4952950d210f" ,
"indicator--58fdc920-a388-41e2-8098-4add950d210f" ,
"indicator--58fdc921-d444-4d1f-892c-4bc7950d210f" ,
"indicator--58fdc922-fc18-49c7-a2d5-4bdf950d210f" ,
"indicator--58fdc923-beb0-4fb6-9239-4ba5950d210f" ,
"indicator--58fdc923-76fc-4d9d-aea4-4f8b950d210f" ,
"indicator--58fdc924-d610-4be7-98c1-43ac950d210f" ,
"indicator--58fdc925-d9f4-4dde-a8f5-41bc950d210f" ,
"indicator--58fdc926-043c-4849-9f53-4ac9950d210f" ,
"indicator--58fdc927-2a98-47a5-8cf9-44b7950d210f" ,
"indicator--58fdc928-4ba8-4d27-bb59-4d44950d210f" ,
"indicator--58fdc929-4698-49ac-aa28-45f5950d210f" ,
"indicator--58fdc92a-ba04-42e1-a1e5-4d5d950d210f" ,
"indicator--58fdc92b-7644-472d-81df-4ca4950d210f" ,
"indicator--58fdc92c-bac8-44e5-b27b-4bf7950d210f" ,
"indicator--58fdc92d-0498-4174-93b6-4f30950d210f" ,
"indicator--58fdc92e-cf9c-4c7a-a03a-4e89950d210f" ,
"indicator--58fdc92f-1458-43aa-a57e-4a7f950d210f" ,
"indicator--58fdc930-05d0-4b36-ae92-4070950d210f" ,
"observed-data--58fdcb91-bce0-4c0b-9a88-4175950d210f" ,
"url--58fdcb91-bce0-4c0b-9a88-4175950d210f" ,
"x-misp-attribute--58fdcba5-89bc-45f9-bf57-4ad4950d210f" ,
"indicator--58fdd058-2310-4557-a69a-4e3e02de0b81" ,
"indicator--58fdd058-510c-4b14-a683-4d4202de0b81" ,
"observed-data--58fdd059-2358-4657-a1cc-457c02de0b81" ,
"url--58fdd059-2358-4657-a1cc-457c02de0b81" ,
"indicator--58fdd05a-ec2c-4208-9cc6-4e2a02de0b81" ,
"indicator--58fdd05b-3e08-4547-a530-49a702de0b81" ,
"observed-data--58fdd05c-db44-4b60-a899-411402de0b81" ,
"url--58fdd05c-db44-4b60-a899-411402de0b81" ,
"indicator--58fdd05d-e68c-46a8-8c41-45a102de0b81" ,
"indicator--58fdd05e-182c-4bec-88ae-4e4702de0b81" ,
"observed-data--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81" ,
"url--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81" ,
"indicator--58fdd060-59d0-484e-92ff-470302de0b81" ,
"indicator--58fdd061-0ffc-4317-b922-4a6602de0b81" ,
"observed-data--58fdd062-dff4-4b08-bf3b-4a1102de0b81" ,
"url--58fdd062-dff4-4b08-bf3b-4a1102de0b81" ,
"indicator--58fdd063-d5dc-4428-850f-4d5702de0b81" ,
"indicator--58fdd064-e688-439d-83f6-435302de0b81" ,
"observed-data--58fdd065-a9a8-4e3c-9d6e-472e02de0b81" ,
"url--58fdd065-a9a8-4e3c-9d6e-472e02de0b81" ,
"indicator--58fdd066-f094-4569-a560-4e2102de0b81" ,
"indicator--58fdd067-3c1c-4fc4-a41f-471d02de0b81" ,
"observed-data--58fdd068-52f8-444a-bb9f-4a5802de0b81" ,
"url--58fdd068-52f8-444a-bb9f-4a5802de0b81" ,
"indicator--58fdd069-a714-4f96-8744-484602de0b81" ,
"indicator--58fdd06a-e194-4729-baf1-4c3802de0b81" ,
"observed-data--58fdd06b-b1b8-49fe-a08e-48b802de0b81" ,
"url--58fdd06b-b1b8-49fe-a08e-48b802de0b81" ,
"indicator--58fdd06d-9694-4e26-80fc-454802de0b81" ,
"indicator--58fdd06e-5b6c-4dff-b8a5-425a02de0b81" ,
"observed-data--58fdd06f-59fc-4269-9229-4eb502de0b81" ,
"url--58fdd06f-59fc-4269-9229-4eb502de0b81" ,
"indicator--58fdd070-b75c-44a3-b21e-4c9702de0b81" ,
"indicator--58fdd071-045c-4af9-9915-44eb02de0b81" ,
"observed-data--58fdd072-d718-40e1-8d27-4f3802de0b81" ,
"url--58fdd072-d718-40e1-8d27-4f3802de0b81" ,
"indicator--58fdd073-e664-4fa2-a1d6-445902de0b81" ,
"indicator--58fdd074-536c-4d6b-80ad-454402de0b81" ,
"observed-data--58fdd075-8e9c-4209-99b6-406f02de0b81" ,
"url--58fdd075-8e9c-4209-99b6-406f02de0b81" ,
"indicator--58fdd076-a808-42a4-8fe3-44a902de0b81" ,
"indicator--58fdd077-128c-4f57-8075-44e702de0b81" ,
"observed-data--58fdd078-9f78-4ff1-b2cb-446f02de0b81" ,
"url--58fdd078-9f78-4ff1-b2cb-446f02de0b81" ,
"indicator--58fdd079-8a40-4333-bcdb-46e002de0b81" ,
"indicator--58fdd07a-d130-4085-8d8a-423202de0b81" ,
"observed-data--58fdd07b-5a08-4738-97b4-48ac02de0b81" ,
"url--58fdd07b-5a08-4738-97b4-48ac02de0b81" ,
"indicator--58fdd07c-46e0-4002-9dc9-458802de0b81" ,
"indicator--58fdd07d-a538-458f-8508-4e2102de0b81" ,
"observed-data--58fdd07e-cbc0-4a61-bc00-423602de0b81" ,
"url--58fdd07e-cbc0-4a61-bc00-423602de0b81" ,
"indicator--58fdd07f-4b48-45e7-98f1-498302de0b81" ,
"indicator--58fdd080-4094-45fb-9dc6-4c2802de0b81" ,
"observed-data--58fdd081-2aac-4773-bc9c-49a902de0b81" ,
"url--58fdd081-2aac-4773-bc9c-49a902de0b81" ,
"indicator--58fdd082-bbe0-4750-b3e5-4edb02de0b81" ,
"indicator--58fdd083-d6e0-4914-b2d8-456902de0b81" ,
"observed-data--58fdd084-f528-4660-87f5-4d1802de0b81" ,
"url--58fdd084-f528-4660-87f5-4d1802de0b81" ,
"indicator--58fdd085-d69c-4f4a-aafd-446902de0b81" ,
"indicator--58fdd086-ba6c-4fee-b65e-43bc02de0b81" ,
"observed-data--58fdd087-f680-4163-85e6-4e7e02de0b81" ,
"url--58fdd087-f680-4163-85e6-4e7e02de0b81" ,
"indicator--58fdd088-2ad8-46d7-a6af-4af702de0b81" ,
"indicator--58fdd089-a9e8-4730-b4f0-46eb02de0b81" ,
"observed-data--58fdd08a-427c-478c-a26d-4fa202de0b81" ,
"url--58fdd08a-427c-478c-a26d-4fa202de0b81" ,
"indicator--58fdd08b-9b20-4d8e-861e-489302de0b81" ,
"indicator--58fdd08c-54ac-49b7-b732-403702de0b81" ,
"observed-data--58fdd08d-07d8-442e-abee-438102de0b81" ,
"url--58fdd08d-07d8-442e-abee-438102de0b81" ,
"indicator--58fdd08e-6aac-403d-8774-42e902de0b81" ,
"indicator--58fdd08f-a9bc-4e25-8d8a-460a02de0b81" ,
"observed-data--58fdd090-00c0-42da-8c76-41ba02de0b81" ,
"url--58fdd090-00c0-42da-8c76-41ba02de0b81" ,
"indicator--58fdd091-da98-4e17-a3d9-4bc202de0b81" ,
"indicator--58fdd092-6e64-4149-a649-45a802de0b81" ,
"observed-data--58fdd093-1b80-474d-b1ce-439b02de0b81" ,
"url--58fdd093-1b80-474d-b1ce-439b02de0b81" ,
"indicator--58fdd095-7988-4255-a2db-439802de0b81" ,
"indicator--58fdd096-a380-4b3c-a73a-4ff002de0b81" ,
"observed-data--58fdd096-049c-4884-9984-4c8f02de0b81" ,
"url--58fdd096-049c-4884-9984-4c8f02de0b81" ,
"indicator--58fdd097-a91c-4647-8a4f-4e2902de0b81" ,
"indicator--58fdd098-ef98-4e5e-83db-47d802de0b81" ,
"observed-data--58fdd099-61d0-42ef-b014-4bf202de0b81" ,
"url--58fdd099-61d0-42ef-b014-4bf202de0b81" ,
"indicator--58fdd09a-f758-47db-9ce1-478902de0b81" ,
"indicator--58fdd09b-6edc-4d29-a076-45ae02de0b81" ,
"observed-data--58fdd09c-d924-48e0-ba0e-44c102de0b81" ,
"url--58fdd09c-d924-48e0-ba0e-44c102de0b81" ,
"indicator--58fdd09d-d004-47a8-8152-463a02de0b81" ,
"indicator--58fdd09e-6218-4e64-862d-4d3002de0b81" ,
"observed-data--58fdd09f-5f44-4fd5-8833-483702de0b81" ,
"url--58fdd09f-5f44-4fd5-8833-483702de0b81" ,
"indicator--58fdd0a0-e414-4d44-896b-40bd02de0b81" ,
"indicator--58fdd0a1-dfa8-4e0c-a203-462502de0b81" ,
"observed-data--58fdd0a2-859c-4429-b9ec-4ddb02de0b81" ,
"url--58fdd0a2-859c-4429-b9ec-4ddb02de0b81" ,
"indicator--58fdd0a3-2b24-4159-b613-4f9a02de0b81" ,
"indicator--58fdd0a4-2be0-446a-9c23-414202de0b81" ,
"observed-data--58fdd0a5-3b8c-47d1-856f-4fb102de0b81" ,
"url--58fdd0a5-3b8c-47d1-856f-4fb102de0b81" ,
"indicator--58fdd0a6-c5c8-490c-a4a8-4f6502de0b81" ,
"indicator--58fdd0a7-b8b8-403d-8daa-404002de0b81" ,
"observed-data--58fdd0a8-1528-4faa-9fca-497702de0b81" ,
"url--58fdd0a8-1528-4faa-9fca-497702de0b81" ,
"indicator--58fdd0a9-acc8-4816-a817-417802de0b81" ,
"indicator--58fdd0aa-33b0-470b-a492-4e0702de0b81" ,
"observed-data--58fdd0ab-8b48-46c2-a143-43ee02de0b81" ,
"url--58fdd0ab-8b48-46c2-a143-43ee02de0b81" ,
"indicator--58fdd0ac-939c-48b6-8a32-4af502de0b81" ,
"indicator--58fdd0ad-65d4-4bbe-af99-4ccb02de0b81" ,
"observed-data--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81" ,
"url--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81" ,
"indicator--58fdd0af-ad98-41d7-ad66-412a02de0b81" ,
"indicator--58fdd0b0-b564-41f8-85bf-40d102de0b81" ,
"observed-data--58fdd0b1-9780-4046-9732-4cb402de0b81" ,
"url--58fdd0b1-9780-4046-9732-4cb402de0b81" ,
"indicator--58fdd0b2-fafc-42f3-892a-426d02de0b81" ,
"indicator--58fdd0b3-720c-441e-af79-4cc802de0b81" ,
"observed-data--58fdd0b4-7044-45b0-b182-46c502de0b81" ,
"url--58fdd0b4-7044-45b0-b182-46c502de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"enisa:nefarious-activity-abuse=\"remote-access-tool\"" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7ea-ad84-4e32-9d3b-4a96950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7eb-c650-458e-bea9-455a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7ed-5588-4e51-aa4b-43ed950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '1181f97071d8f96f9cdfb0f39b697204413cc0a715aa4935fe8964209289b331']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7ee-b690-4ba3-84bf-4cc4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7ef-5114-4f90-9e84-43f1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7f0-5dc0-4dc4-bec6-4c80950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7f1-11e0-4889-997e-41d1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7f2-f53c-4e3e-a999-4d88950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7f2-884c-4dee-8b39-4335950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7f3-cb90-4060-9407-4d0d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc7f4-0b84-4962-b0cb-4409950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Carp Downloader SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '057965e8b6638f0264d89872e80366b23255f1a0a30fd4efb7884c71b4104235']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8a7-f4d8-432c-b88f-4be1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8a8-3f54-4062-9150-4b5c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8a9-7c2c-407a-b756-4bdd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8aa-8c40-48d8-be13-4943950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8ab-c1e0-4948-89fc-408e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8ad-ac08-496c-9973-493c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '9c47b2af8b8c5f3c25f237dcc375b41835904f7cd99221c7489fb3563c34c9ab']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8ae-b7e4-4128-9344-44e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8af-1a98-4e1d-8027-419e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'fd61a5cd1a83f68b75d47c8b6041f8640e47510925caee8176d5d81afac29134']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b0-4fc0-47af-be94-47c8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b1-a530-46ca-af5a-4a35950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b2-72a8-4110-9c99-4d8b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b2-a40c-47d5-8048-44b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b3-ce20-4858-83c7-4108950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b4-28c4-4c1d-a764-473b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b5-91bc-4dd9-9f7a-403d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b6-257c-4bf8-934c-419a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'ebd4f45cbb272bcc4954cf1bd0a5b8802a6e501688f2a1abdb6143ba616aea82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b7-f064-4a44-99da-4764950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b8-a4dc-43ca-a46c-4fc1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8b9-2180-4d60-a795-4059950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8ba-35ac-4fb4-8399-41d5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8bb-82a0-4ec9-901c-453d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'fc5f7a21d953c394968647df6a37e1f61db04968ad1aca65ad8f261b363fa842']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8bc-c7c4-468e-bc8d-4cd4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8bc-f430-4f6e-96c6-448d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8bd-c448-4638-8e85-4ec9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = 'a05805bcec72fb76b997c456e0fd6c4b219fdc51cad70d4a58c16b0b0e2d9ba1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8be-eef8-43c8-999f-4712950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8bf-fa3c-4f52-b373-4f5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc8c1-6f10-46e5-b165-455b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes" ,
"pattern" : "[file:hashes.SHA256 = '440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc913-2874-42a7-aeba-49e2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.squidmilk.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc914-ef64-45ee-9b26-464d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns2.squidmilk.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc915-ceb0-4634-821e-4644950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'z.realnigger.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc916-3d20-47f8-98d4-49e5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.tconvulsit.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc917-6dac-4b46-a99f-4075950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.fresweepy.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc919-f94c-48b9-9137-486b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns2.iexogyrarax.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc91a-3f54-4f55-a2c6-46be950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.xraisermz.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc91b-7574-4c11-ac24-4199950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'secure.affiliatetoday.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc91c-54c8-472d-a926-4399950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'secure.gayporndownload.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc91d-8170-4043-b49c-438e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'secure.gameofthrone.club']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc91e-5994-45a6-8e26-47bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'secure.dropinbox.pw']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc91f-1858-4551-9778-4952950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'secure.mailserver02.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc920-a388-41e2-8098-4add950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'we.niggerporn.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc921-d444-4d1f-892c-4bc7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'z.noplacelikehome.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc922-fc18-49c7-a2d5-4bdf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.stackreports.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc923-beb0-4fb6-9239-4ba5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns2.stackreports.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc923-76fc-4d9d-aea4-4f8b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns.liveupdate1.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc924-d610-4be7-98c1-43ac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns.nortonsecurity.in']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc925-d9f4-4dde-a8f5-41bc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'we.letsdosomefun.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc926-043c-4849-9f53-4ac9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'we.be-smart.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc927-2a98-47a5-8cf9-44b7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'z.newblood.xyz']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc928-4ba8-4d27-bb59-4d44950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns2.ibandagerk.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc929-4698-49ac-aa28-45f5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.rmacutecompw.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc92a-ba04-42e1-a1e5-4d5d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.pholothud.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc92b-7644-472d-81df-4ca4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.athermoforw.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc92c-bac8-44e5-b27b-4bf7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.lclownerymor.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc92d-0498-4174-93b6-4f30950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns2.xunderfeatuv.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc92e-cf9c-4c7a-a03a-4e89950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns3.ssaddlegirv.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc92f-1458-43aa-a57e-4a7f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns1.qcytasicspc.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdc930-05d0-4b36-ae92-4070950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"pattern" : "[domain-name:value = 'ns.7ni7.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:14:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdcb91-bce0-4c0b-9a88-4175950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"first_observed" : "2017-04-24T10:14:45Z" ,
"last_observed" : "2017-04-24T10:14:45Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdcb91-bce0-4c0b-9a88-4175950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdcb91-bce0-4c0b-9a88-4175950d210f" ,
"value" : "http://researchcenter.paloaltonetworks.com/2017/04/unit42-cardinal-rat-active-two-years/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--58fdcba5-89bc-45f9-bf57-4ad4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:14:45.000Z" ,
"modified" : "2017-04-24T10:14:45.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Palo Alto Networks has discovered a previously unknown remote access Trojan (RAT) that has been active for over two years. It has a very low volume in this two-year period, totaling roughly 27 total samples. The malware is delivered via an innovative and unique technique: a downloader we are calling Carp uses malicious macros in Microsoft Excel documents to compile embedded C# (C Sharp) Programming Language source code into an executable that in turn is run to deploy the Cardinal RAT malware family. These malicious Excel files use a number of different lures, providing evidence of what attackers are using to entice victims into executing them."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd058-2310-4557-a69a-4e3e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:52.000Z" ,
"modified" : "2017-04-24T10:15:52.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9" ,
"pattern" : "[file:hashes.SHA1 = 'd245e02922513612d9babad8f50115b94588781b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:15:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd058-510c-4b14-a683-4d4202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:52.000Z" ,
"modified" : "2017-04-24T10:15:52.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9" ,
"pattern" : "[file:hashes.MD5 = '180fe86db301b9ad3f2ad6b6a12b3411']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:15:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd059-2358-4657-a1cc-457c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:53.000Z" ,
"modified" : "2017-04-24T10:15:53.000Z" ,
"first_observed" : "2017-04-24T10:15:53Z" ,
"last_observed" : "2017-04-24T10:15:53Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd059-2358-4657-a1cc-457c02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd059-2358-4657-a1cc-457c02de0b81" ,
"value" : "https://www.virustotal.com/file/a52ba498d304906d6c060e8c56ad7db50e1af0a781616c0aa35447c50c28bae9/analysis/1492716225/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd05a-ec2c-4208-9cc6-4e2a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:54.000Z" ,
"modified" : "2017-04-24T10:15:54.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61" ,
"pattern" : "[file:hashes.SHA1 = '31ad570cb2003b6cf4fe4ecd464e6385585c9b94']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:15:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd05b-3e08-4547-a530-49a702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:55.000Z" ,
"modified" : "2017-04-24T10:15:55.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61" ,
"pattern" : "[file:hashes.MD5 = 'b3e93233bfc939f853257f4f24981dc7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:15:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd05c-db44-4b60-a899-411402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:56.000Z" ,
"modified" : "2017-04-24T10:15:56.000Z" ,
"first_observed" : "2017-04-24T10:15:56Z" ,
"last_observed" : "2017-04-24T10:15:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd05c-db44-4b60-a899-411402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd05c-db44-4b60-a899-411402de0b81" ,
"value" : "https://www.virustotal.com/file/5025aa0fc6d4ac6daa2d9a6452263dcc20d6906149fc0995d458ed38e7e57b61/analysis/1489336266/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd05d-e68c-46a8-8c41-45a102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:57.000Z" ,
"modified" : "2017-04-24T10:15:57.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52" ,
"pattern" : "[file:hashes.SHA1 = '8a1bf0838d9f088ffaf188b681ef33419b68c6e1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:15:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd05e-182c-4bec-88ae-4e4702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:58.000Z" ,
"modified" : "2017-04-24T10:15:58.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52" ,
"pattern" : "[file:hashes.MD5 = '2793a3eee38fc7f058072c9e08fd9082']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:15:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:15:59.000Z" ,
"modified" : "2017-04-24T10:15:59.000Z" ,
"first_observed" : "2017-04-24T10:15:59Z" ,
"last_observed" : "2017-04-24T10:15:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd05f-1bac-4fc7-b3d8-4b0302de0b81" ,
"value" : "https://www.virustotal.com/file/84e705341a48c8c6552a7d3dd97b7cd968d2a9bc281a70c287df70813f5dca52/analysis/1475054366/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd060-59d0-484e-92ff-470302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:00.000Z" ,
"modified" : "2017-04-24T10:16:00.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031" ,
"pattern" : "[file:hashes.SHA1 = '7a44fab38a5cb408f4a5ed59f6a49d54d03345d0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd061-0ffc-4317-b922-4a6602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:01.000Z" ,
"modified" : "2017-04-24T10:16:01.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031" ,
"pattern" : "[file:hashes.MD5 = '23245b49aa528d7538afb30402e6c1b0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd062-dff4-4b08-bf3b-4a1102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:02.000Z" ,
"modified" : "2017-04-24T10:16:02.000Z" ,
"first_observed" : "2017-04-24T10:16:02Z" ,
"last_observed" : "2017-04-24T10:16:02Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd062-dff4-4b08-bf3b-4a1102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd062-dff4-4b08-bf3b-4a1102de0b81" ,
"value" : "https://www.virustotal.com/file/ae1a6c4f917772100e3a5dc1fab7de4a277876a6e626da114baf8179b13b0031/analysis/1467106688/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd063-d5dc-4428-850f-4d5702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:03.000Z" ,
"modified" : "2017-04-24T10:16:03.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450" ,
"pattern" : "[file:hashes.SHA1 = 'daec9e0a13b9dc714c3d1da83da0888cdf2b3052']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd064-e688-439d-83f6-435302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:04.000Z" ,
"modified" : "2017-04-24T10:16:04.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450" ,
"pattern" : "[file:hashes.MD5 = 'a08d4825688bd31ca99150e500d06cfe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd065-a9a8-4e3c-9d6e-472e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:05.000Z" ,
"modified" : "2017-04-24T10:16:05.000Z" ,
"first_observed" : "2017-04-24T10:16:05Z" ,
"last_observed" : "2017-04-24T10:16:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd065-a9a8-4e3c-9d6e-472e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd065-a9a8-4e3c-9d6e-472e02de0b81" ,
"value" : "https://www.virustotal.com/file/e49e61da52430011f1a22084a601cc08005865fe9a76abf503a4a9d2e11a5450/analysis/1465808568/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd066-f094-4569-a560-4e2102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:06.000Z" ,
"modified" : "2017-04-24T10:16:06.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91" ,
"pattern" : "[file:hashes.SHA1 = '51d74d894f1e58d5f58e9ec339dd9e9f41e01042']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd067-3c1c-4fc4-a41f-471d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:07.000Z" ,
"modified" : "2017-04-24T10:16:07.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91" ,
"pattern" : "[file:hashes.MD5 = '68c64333264171274d154cb328bcdef4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd068-52f8-444a-bb9f-4a5802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:08.000Z" ,
"modified" : "2017-04-24T10:16:08.000Z" ,
"first_observed" : "2017-04-24T10:16:08Z" ,
"last_observed" : "2017-04-24T10:16:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd068-52f8-444a-bb9f-4a5802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd068-52f8-444a-bb9f-4a5802de0b81" ,
"value" : "https://www.virustotal.com/file/192b204dbc702d3762c953544975b61db8347a7739c6d8884bb4594bd816bf91/analysis/1462362941/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd069-a714-4f96-8744-484602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:09.000Z" ,
"modified" : "2017-04-24T10:16:09.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4" ,
"pattern" : "[file:hashes.SHA1 = '957d33cdbe82715259d1329d5d048c9cbf4d8b43']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd06a-e194-4729-baf1-4c3802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:10.000Z" ,
"modified" : "2017-04-24T10:16:10.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4" ,
"pattern" : "[file:hashes.MD5 = '9d14aac9c78d3be9182d000a4915f0a6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd06b-b1b8-49fe-a08e-48b802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:11.000Z" ,
"modified" : "2017-04-24T10:16:11.000Z" ,
"first_observed" : "2017-04-24T10:16:11Z" ,
"last_observed" : "2017-04-24T10:16:11Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd06b-b1b8-49fe-a08e-48b802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd06b-b1b8-49fe-a08e-48b802de0b81" ,
"value" : "https://www.virustotal.com/file/571b58ba655463705f45d2541f0fde049c83389a69552f98e41ece734a59f8d4/analysis/1463562345/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd06d-9694-4e26-80fc-454802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:13.000Z" ,
"modified" : "2017-04-24T10:16:13.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f" ,
"pattern" : "[file:hashes.SHA1 = '06234a8c38c15cd88bf2bc89bf6b350bb926c207']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd06e-5b6c-4dff-b8a5-425a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:14.000Z" ,
"modified" : "2017-04-24T10:16:14.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f" ,
"pattern" : "[file:hashes.MD5 = '76844d8d1c1ec4b1373d071df1f291ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd06f-59fc-4269-9229-4eb502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:15.000Z" ,
"modified" : "2017-04-24T10:16:15.000Z" ,
"first_observed" : "2017-04-24T10:16:15Z" ,
"last_observed" : "2017-04-24T10:16:15Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd06f-59fc-4269-9229-4eb502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd06f-59fc-4269-9229-4eb502de0b81" ,
"value" : "https://www.virustotal.com/file/10f53502922bf837900935892fb1da28fc712848471bf4afcdd08440d3bd037f/analysis/1458983487/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd070-b75c-44a3-b21e-4c9702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:16.000Z" ,
"modified" : "2017-04-24T10:16:16.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5" ,
"pattern" : "[file:hashes.SHA1 = '8b2aac813674c5354e08e52b2ead38d92ad13983']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd071-045c-4af9-9915-44eb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:17.000Z" ,
"modified" : "2017-04-24T10:16:17.000Z" ,
"description" : "Carp Downloader SHA256 Hashes - Xchecked via VT: 8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5" ,
"pattern" : "[file:hashes.MD5 = '872af30afc6665a73c4eb4229565d7df']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd072-d718-40e1-8d27-4f3802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:18.000Z" ,
"modified" : "2017-04-24T10:16:18.000Z" ,
"first_observed" : "2017-04-24T10:16:18Z" ,
"last_observed" : "2017-04-24T10:16:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd072-d718-40e1-8d27-4f3802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd072-d718-40e1-8d27-4f3802de0b81" ,
"value" : "https://www.virustotal.com/file/8bea55d2e35a2281ed71a59f1feb4c1cf6af1c053a94781c033a94d8e4c853e5/analysis/1456071252/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd073-e664-4fa2-a1d6-445902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:19.000Z" ,
"modified" : "2017-04-24T10:16:19.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd" ,
"pattern" : "[file:hashes.SHA1 = 'fef6fe25416637f507b8787ed8fca9ec718a1adf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd074-536c-4d6b-80ad-454402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:20.000Z" ,
"modified" : "2017-04-24T10:16:20.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd" ,
"pattern" : "[file:hashes.MD5 = 'c2a1a284ccef4486976d6d7b24c462c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd075-8e9c-4209-99b6-406f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:21.000Z" ,
"modified" : "2017-04-24T10:16:21.000Z" ,
"first_observed" : "2017-04-24T10:16:21Z" ,
"last_observed" : "2017-04-24T10:16:21Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd075-8e9c-4209-99b6-406f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd075-8e9c-4209-99b6-406f02de0b81" ,
"value" : "https://www.virustotal.com/file/e017651dd9e9419a7f1714f8f2cdc3d8e75aebbe6d3cfbb2de3f042f39aec3bd/analysis/1492716220/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd076-a808-42a4-8fe3-44a902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:22.000Z" ,
"modified" : "2017-04-24T10:16:22.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df" ,
"pattern" : "[file:hashes.SHA1 = '3f18ce547cab90069e37bb7a8aa05e9a1fd8b1ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd077-128c-4f57-8075-44e702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:23.000Z" ,
"modified" : "2017-04-24T10:16:23.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df" ,
"pattern" : "[file:hashes.MD5 = 'cafd44c104f5c263bf44389c7f4e4d76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd078-9f78-4ff1-b2cb-446f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:24.000Z" ,
"modified" : "2017-04-24T10:16:24.000Z" ,
"first_observed" : "2017-04-24T10:16:24Z" ,
"last_observed" : "2017-04-24T10:16:24Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd078-9f78-4ff1-b2cb-446f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd078-9f78-4ff1-b2cb-446f02de0b81" ,
"value" : "https://www.virustotal.com/file/778090182a10fde1b4c1571d1e853e123f6ab1682e17dabe2e83468b518c01df/analysis/1492716221/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd079-8a40-4333-bcdb-46e002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:25.000Z" ,
"modified" : "2017-04-24T10:16:25.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e" ,
"pattern" : "[file:hashes.SHA1 = 'd777d7f401c58ce1a44a219f834affca6d251eea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd07a-d130-4085-8d8a-423202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:26.000Z" ,
"modified" : "2017-04-24T10:16:26.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e" ,
"pattern" : "[file:hashes.MD5 = 'd7bf5000a2f8ef85532a983edc827ad5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd07b-5a08-4738-97b4-48ac02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:27.000Z" ,
"modified" : "2017-04-24T10:16:27.000Z" ,
"first_observed" : "2017-04-24T10:16:27Z" ,
"last_observed" : "2017-04-24T10:16:27Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd07b-5a08-4738-97b4-48ac02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd07b-5a08-4738-97b4-48ac02de0b81" ,
"value" : "https://www.virustotal.com/file/8fababb509ad8230e4d6fa1e6403602a97e60dc8ef517016f86195143cf50f4e/analysis/1492716221/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd07c-46e0-4002-9dc9-458802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:28.000Z" ,
"modified" : "2017-04-24T10:16:28.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2" ,
"pattern" : "[file:hashes.SHA1 = 'bcf4bf278bc98e87ac21a8cd09a63b07d9dc8871']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd07d-a538-458f-8508-4e2102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:29.000Z" ,
"modified" : "2017-04-24T10:16:29.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2" ,
"pattern" : "[file:hashes.MD5 = 'cf40adde3b2fe5c792c19b55aa7db6aa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd07e-cbc0-4a61-bc00-423602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:30.000Z" ,
"modified" : "2017-04-24T10:16:30.000Z" ,
"first_observed" : "2017-04-24T10:16:30Z" ,
"last_observed" : "2017-04-24T10:16:30Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd07e-cbc0-4a61-bc00-423602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd07e-cbc0-4a61-bc00-423602de0b81" ,
"value" : "https://www.virustotal.com/file/1977cedcfb8726dea5e915b47e1479256674551bc0fe0b55ddd3fa3b15eb82b2/analysis/1492716220/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd07f-4b48-45e7-98f1-498302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:31.000Z" ,
"modified" : "2017-04-24T10:16:31.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6" ,
"pattern" : "[file:hashes.SHA1 = '680a74c46221dc2c1c06968471339b01cff366c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd080-4094-45fb-9dc6-4c2802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:32.000Z" ,
"modified" : "2017-04-24T10:16:32.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6" ,
"pattern" : "[file:hashes.MD5 = 'b156c25d54b4b42c412f3ef6830f2d02']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd081-2aac-4773-bc9c-49a902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:33.000Z" ,
"modified" : "2017-04-24T10:16:33.000Z" ,
"first_observed" : "2017-04-24T10:16:33Z" ,
"last_observed" : "2017-04-24T10:16:33Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd081-2aac-4773-bc9c-49a902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd081-2aac-4773-bc9c-49a902de0b81" ,
"value" : "https://www.virustotal.com/file/16aab89d74c1eaaf1e94028c8ccceef442eb2cd5b052cba3562d2b1b1a3a4ba6/analysis/1492716220/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd082-bbe0-4750-b3e5-4edb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:34.000Z" ,
"modified" : "2017-04-24T10:16:34.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2" ,
"pattern" : "[file:hashes.SHA1 = '482ac6e037458babad69c30175e9c0a1d1d7c9c5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd083-d6e0-4914-b2d8-456902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:35.000Z" ,
"modified" : "2017-04-24T10:16:35.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2" ,
"pattern" : "[file:hashes.MD5 = '867ceb45d536ee997efb302798140863']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd084-f528-4660-87f5-4d1802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:36.000Z" ,
"modified" : "2017-04-24T10:16:36.000Z" ,
"first_observed" : "2017-04-24T10:16:36Z" ,
"last_observed" : "2017-04-24T10:16:36Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd084-f528-4660-87f5-4d1802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd084-f528-4660-87f5-4d1802de0b81" ,
"value" : "https://www.virustotal.com/file/211b7b7a4c4a07b9c65fae361570dbb94666e26f0cc0fa0b32df4b09fcee6de2/analysis/1471808183/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd085-d69c-4f4a-aafd-446902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:37.000Z" ,
"modified" : "2017-04-24T10:16:37.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537" ,
"pattern" : "[file:hashes.SHA1 = 'd28c37375dc8d2f057145f43abb00f2f5aff8323']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd086-ba6c-4fee-b65e-43bc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:38.000Z" ,
"modified" : "2017-04-24T10:16:38.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537" ,
"pattern" : "[file:hashes.MD5 = 'f92c7ce71131d98d2a08618737b9b600']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd087-f680-4163-85e6-4e7e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:39.000Z" ,
"modified" : "2017-04-24T10:16:39.000Z" ,
"first_observed" : "2017-04-24T10:16:39Z" ,
"last_observed" : "2017-04-24T10:16:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd087-f680-4163-85e6-4e7e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd087-f680-4163-85e6-4e7e02de0b81" ,
"value" : "https://www.virustotal.com/file/84f822d9cf575aeea867e9b73f88ad4d9244293e52208644e12ff2cf13b6b537/analysis/1471199923/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd088-2ad8-46d7-a6af-4af702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:40.000Z" ,
"modified" : "2017-04-24T10:16:40.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa" ,
"pattern" : "[file:hashes.SHA1 = 'd225660943ebc34beddfceb7c4141a5a5fa90a1e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd089-a9e8-4730-b4f0-46eb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:41.000Z" ,
"modified" : "2017-04-24T10:16:41.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa" ,
"pattern" : "[file:hashes.MD5 = 'c18d73507bf272e079af6c27dfd4682a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd08a-427c-478c-a26d-4fa202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:42.000Z" ,
"modified" : "2017-04-24T10:16:42.000Z" ,
"first_observed" : "2017-04-24T10:16:42Z" ,
"last_observed" : "2017-04-24T10:16:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd08a-427c-478c-a26d-4fa202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd08a-427c-478c-a26d-4fa202de0b81" ,
"value" : "https://www.virustotal.com/file/855cf3a6422b0bf680d505720fd07c396508f67518670b493dba902c3c2e5dfa/analysis/1492716222/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd08b-9b20-4d8e-861e-489302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:43.000Z" ,
"modified" : "2017-04-24T10:16:43.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772" ,
"pattern" : "[file:hashes.SHA1 = '7af6968ea03f23ef3d02120922c0aa8b267b8585']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd08c-54ac-49b7-b732-403702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:44.000Z" ,
"modified" : "2017-04-24T10:16:44.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772" ,
"pattern" : "[file:hashes.MD5 = '29e3de04017af76502a730b134b1f2d3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd08d-07d8-442e-abee-438102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:45.000Z" ,
"modified" : "2017-04-24T10:16:45.000Z" ,
"first_observed" : "2017-04-24T10:16:45Z" ,
"last_observed" : "2017-04-24T10:16:45Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd08d-07d8-442e-abee-438102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd08d-07d8-442e-abee-438102de0b81" ,
"value" : "https://www.virustotal.com/file/4b4c6b36938c3de0623feb92c0e1cb399d2dc338d2095b8ba84e862ef6d11772/analysis/1492716222/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd08e-6aac-403d-8774-42e902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:46.000Z" ,
"modified" : "2017-04-24T10:16:46.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3" ,
"pattern" : "[file:hashes.SHA1 = '0e954284a439ed6dc62b9795e21ed86a9a1b1f64']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd08f-a9bc-4e25-8d8a-460a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:47.000Z" ,
"modified" : "2017-04-24T10:16:47.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3" ,
"pattern" : "[file:hashes.MD5 = '20f883527a5e80d231779a76cbf7b269']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd090-00c0-42da-8c76-41ba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:48.000Z" ,
"modified" : "2017-04-24T10:16:48.000Z" ,
"first_observed" : "2017-04-24T10:16:48Z" ,
"last_observed" : "2017-04-24T10:16:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd090-00c0-42da-8c76-41ba02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd090-00c0-42da-8c76-41ba02de0b81" ,
"value" : "https://www.virustotal.com/file/5dd162ab66f0c819ee73868c26ecd82408422e2b6366805631eab95ae32516f3/analysis/1492716222/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd091-da98-4e17-a3d9-4bc202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:49.000Z" ,
"modified" : "2017-04-24T10:16:49.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9" ,
"pattern" : "[file:hashes.SHA1 = '70225738e42300d94b2eb48c4d9a85de5431b439']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd092-6e64-4149-a649-45a802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:50.000Z" ,
"modified" : "2017-04-24T10:16:50.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9" ,
"pattern" : "[file:hashes.MD5 = '3ff7da97b57d069f60ff29218a42e08f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd093-1b80-474d-b1ce-439b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:51.000Z" ,
"modified" : "2017-04-24T10:16:51.000Z" ,
"first_observed" : "2017-04-24T10:16:51Z" ,
"last_observed" : "2017-04-24T10:16:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd093-1b80-474d-b1ce-439b02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd093-1b80-474d-b1ce-439b02de0b81" ,
"value" : "https://www.virustotal.com/file/6e2991e02d3cf17d77173d50cdaa766661a89721c3cc4050fba98bea0dbdb1a9/analysis/1470049606/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd095-7988-4255-a2db-439802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:53.000Z" ,
"modified" : "2017-04-24T10:16:53.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc" ,
"pattern" : "[file:hashes.SHA1 = 'a34251985aa263df27b11bacf2199f2fd640cf8d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd096-a380-4b3c-a73a-4ff002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:54.000Z" ,
"modified" : "2017-04-24T10:16:54.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc" ,
"pattern" : "[file:hashes.MD5 = '7cc5c68c26f9aca921d3422b570a43fe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd096-049c-4884-9984-4c8f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:54.000Z" ,
"modified" : "2017-04-24T10:16:54.000Z" ,
"first_observed" : "2017-04-24T10:16:54Z" ,
"last_observed" : "2017-04-24T10:16:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd096-049c-4884-9984-4c8f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd096-049c-4884-9984-4c8f02de0b81" ,
"value" : "https://www.virustotal.com/file/1e8ed6e8d0b6fc47d8176c874ed40fb09644c058042f34d987878fa644f493cc/analysis/1469141841/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd097-a91c-4647-8a4f-4e2902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:55.000Z" ,
"modified" : "2017-04-24T10:16:55.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3" ,
"pattern" : "[file:hashes.SHA1 = '88586a7605c8801c67a0ce61ed41a59ba09f3fc7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd098-ef98-4e5e-83db-47d802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:56.000Z" ,
"modified" : "2017-04-24T10:16:56.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3" ,
"pattern" : "[file:hashes.MD5 = 'df9254ca11f01657713a1a46b01caa30']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd099-61d0-42ef-b014-4bf202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:57.000Z" ,
"modified" : "2017-04-24T10:16:57.000Z" ,
"first_observed" : "2017-04-24T10:16:57Z" ,
"last_observed" : "2017-04-24T10:16:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd099-61d0-42ef-b014-4bf202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd099-61d0-42ef-b014-4bf202de0b81" ,
"value" : "https://www.virustotal.com/file/647e379517fed71682423b0192da453ec1d61a633c154fdd55bab762bcc404f3/analysis/1469155780/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd09a-f758-47db-9ce1-478902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:58.000Z" ,
"modified" : "2017-04-24T10:16:58.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305" ,
"pattern" : "[file:hashes.SHA1 = 'a0ecc918c35750e5f02958d3c3e1be99520cafec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd09b-6edc-4d29-a076-45ae02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:16:59.000Z" ,
"modified" : "2017-04-24T10:16:59.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305" ,
"pattern" : "[file:hashes.MD5 = 'aa3834d70a29c688857aefbd8e9585ba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:16:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd09c-d924-48e0-ba0e-44c102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:00.000Z" ,
"modified" : "2017-04-24T10:17:00.000Z" ,
"first_observed" : "2017-04-24T10:17:00Z" ,
"last_observed" : "2017-04-24T10:17:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd09c-d924-48e0-ba0e-44c102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd09c-d924-48e0-ba0e-44c102de0b81" ,
"value" : "https://www.virustotal.com/file/edc49bf7ec508becb088d5082c78d360f1a7cad520f6de6d8b93759b67aac305/analysis/1492716223/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd09d-d004-47a8-8152-463a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:01.000Z" ,
"modified" : "2017-04-24T10:17:01.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c" ,
"pattern" : "[file:hashes.SHA1 = '49f152db1eca5094d981dd0ec3405148f71f2dc2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd09e-6218-4e64-862d-4d3002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:02.000Z" ,
"modified" : "2017-04-24T10:17:02.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c" ,
"pattern" : "[file:hashes.MD5 = '86ca06048688b2a2f756a84a753628f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd09f-5f44-4fd5-8833-483702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:03.000Z" ,
"modified" : "2017-04-24T10:17:03.000Z" ,
"first_observed" : "2017-04-24T10:17:03Z" ,
"last_observed" : "2017-04-24T10:17:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd09f-5f44-4fd5-8833-483702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd09f-5f44-4fd5-8833-483702de0b81" ,
"value" : "https://www.virustotal.com/file/7482f8c86b63ce53edcb62fc2ff2dd8e584e2164451ae0c6f2b1f4d6d0cb6d9c/analysis/1492716223/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0a0-e414-4d44-896b-40bd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:04.000Z" ,
"modified" : "2017-04-24T10:17:04.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db" ,
"pattern" : "[file:hashes.SHA1 = '4123755d673fe49522575471149634b6cbf29e5e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0a1-dfa8-4e0c-a203-462502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:05.000Z" ,
"modified" : "2017-04-24T10:17:05.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db" ,
"pattern" : "[file:hashes.MD5 = '0a2544097f7c55643be8892c3a383dc3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd0a2-859c-4429-b9ec-4ddb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:06.000Z" ,
"modified" : "2017-04-24T10:17:06.000Z" ,
"first_observed" : "2017-04-24T10:17:06Z" ,
"last_observed" : "2017-04-24T10:17:06Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd0a2-859c-4429-b9ec-4ddb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd0a2-859c-4429-b9ec-4ddb02de0b81" ,
"value" : "https://www.virustotal.com/file/2fbd3d2362acd1c8f0963b48d01f94c7a07aeac52d23415d0498c8c9e23554db/analysis/1492716223/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0a3-2b24-4159-b613-4f9a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:07.000Z" ,
"modified" : "2017-04-24T10:17:07.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db" ,
"pattern" : "[file:hashes.SHA1 = '42315fcd706dbad6eb90d54dadf66de91fd4f9af']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0a4-2be0-446a-9c23-414202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:08.000Z" ,
"modified" : "2017-04-24T10:17:08.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db" ,
"pattern" : "[file:hashes.MD5 = 'a6d2bb2d68329d20ea6f40a064d9f684']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd0a5-3b8c-47d1-856f-4fb102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:09.000Z" ,
"modified" : "2017-04-24T10:17:09.000Z" ,
"first_observed" : "2017-04-24T10:17:09Z" ,
"last_observed" : "2017-04-24T10:17:09Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd0a5-3b8c-47d1-856f-4fb102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd0a5-3b8c-47d1-856f-4fb102de0b81" ,
"value" : "https://www.virustotal.com/file/154e3a12404202fd25e29e754ff78703d4edd7da73cb4c283c9910fd526d47db/analysis/1492716224/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0a6-c5c8-490c-a4a8-4f6502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:10.000Z" ,
"modified" : "2017-04-24T10:17:10.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3" ,
"pattern" : "[file:hashes.SHA1 = '2beb72d9b2c735ffa70f777be07dbe78e3389ca4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0a7-b8b8-403d-8daa-404002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:11.000Z" ,
"modified" : "2017-04-24T10:17:11.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3" ,
"pattern" : "[file:hashes.MD5 = '8ac4d1d278d638483da48604a8a4ec77']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd0a8-1528-4faa-9fca-497702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:12.000Z" ,
"modified" : "2017-04-24T10:17:12.000Z" ,
"first_observed" : "2017-04-24T10:17:12Z" ,
"last_observed" : "2017-04-24T10:17:12Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd0a8-1528-4faa-9fca-497702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd0a8-1528-4faa-9fca-497702de0b81" ,
"value" : "https://www.virustotal.com/file/a1d5b7d69d85b1be31d9e1cb0686094cc7b1213079b2a66ace01be4bfe3fb7c3/analysis/1492716225/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0a9-acc8-4816-a817-417802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:13.000Z" ,
"modified" : "2017-04-24T10:17:13.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3" ,
"pattern" : "[file:hashes.SHA1 = '86fc6492ef03ec0967bd2af941abaedf285b3e35']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0aa-33b0-470b-a492-4e0702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:14.000Z" ,
"modified" : "2017-04-24T10:17:14.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3" ,
"pattern" : "[file:hashes.MD5 = 'e634d08bc2cb881f2c9b179436417fae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd0ab-8b48-46c2-a143-43ee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:15.000Z" ,
"modified" : "2017-04-24T10:17:15.000Z" ,
"first_observed" : "2017-04-24T10:17:15Z" ,
"last_observed" : "2017-04-24T10:17:15Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd0ab-8b48-46c2-a143-43ee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd0ab-8b48-46c2-a143-43ee02de0b81" ,
"value" : "https://www.virustotal.com/file/4b0203492a95257707a86992e84b5085ce9e11810a26920dbb085005081e32d3/analysis/1492716225/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0ac-939c-48b6-8a32-4af502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:16.000Z" ,
"modified" : "2017-04-24T10:17:16.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad" ,
"pattern" : "[file:hashes.SHA1 = 'cd6daf7745dfa300638775ec8478ffe31f931e16']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0ad-65d4-4bbe-af99-4ccb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:17.000Z" ,
"modified" : "2017-04-24T10:17:17.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad" ,
"pattern" : "[file:hashes.MD5 = '2be1ec0c5c1abde12a6d089a10ee5724']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:18.000Z" ,
"modified" : "2017-04-24T10:17:18.000Z" ,
"first_observed" : "2017-04-24T10:17:18Z" ,
"last_observed" : "2017-04-24T10:17:18Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd0ae-a8b0-49f1-8df9-4c3002de0b81" ,
"value" : "https://www.virustotal.com/file/4e953ea82b0406a5b95e31554628ad6821b1d91e9ada0d26179977f227cf01ad/analysis/1492716224/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0af-ad98-41d7-ad66-412a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:19.000Z" ,
"modified" : "2017-04-24T10:17:19.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef" ,
"pattern" : "[file:hashes.SHA1 = '079481fabbcad026b1e1934c16ac5224a21c8d76']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0b0-b564-41f8-85bf-40d102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:20.000Z" ,
"modified" : "2017-04-24T10:17:20.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef" ,
"pattern" : "[file:hashes.MD5 = 'c88ebec4346c2812f9629bf35f69d442']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd0b1-9780-4046-9732-4cb402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:21.000Z" ,
"modified" : "2017-04-24T10:17:21.000Z" ,
"first_observed" : "2017-04-24T10:17:21Z" ,
"last_observed" : "2017-04-24T10:17:21Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd0b1-9780-4046-9732-4cb402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd0b1-9780-4046-9732-4cb402de0b81" ,
"value" : "https://www.virustotal.com/file/6272ed2a9b69509ac16162158729762d30f9ca06146a1828ae17afedd5c243ef/analysis/1492632427/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0b2-fafc-42f3-892a-426d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:22.000Z" ,
"modified" : "2017-04-24T10:17:22.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29" ,
"pattern" : "[file:hashes.SHA1 = 'e2c622f95a0d120c7189e7063bdedf9ee420f204']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58fdd0b3-720c-441e-af79-4cc802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:23.000Z" ,
"modified" : "2017-04-24T10:17:23.000Z" ,
"description" : "Cardinal RAT SHA256 Hashes - Xchecked via VT: 440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29" ,
"pattern" : "[file:hashes.MD5 = '92e648e9aed72620c6caf580d23a4678']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-24T10:17:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58fdd0b4-7044-45b0-b182-46c502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-24T10:17:24.000Z" ,
"modified" : "2017-04-24T10:17:24.000Z" ,
"first_observed" : "2017-04-24T10:17:24Z" ,
"last_observed" : "2017-04-24T10:17:24Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58fdd0b4-7044-45b0-b182-46c502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58fdd0b4-7044-45b0-b182-46c502de0b81" ,
"value" : "https://www.virustotal.com/file/440504899b7af6f352cfaad6cdef1642c66927ecce0cf2f7e65d563a78be1b29/analysis/1492855117/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}