2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--593a99c5-79cc-411c-ac6d-3089950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:08:32.000Z" ,
"modified" : "2017-06-09T13:08:32.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--593a99c5-79cc-411c-ac6d-3089950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:08:32.000Z" ,
"modified" : "2017-06-09T13:08:32.000Z" ,
"name" : "OSINT - FIREBALL \u00e2\u20ac\u201c The Chinese Malware of 250 Million Computers Infected" ,
"published" : "2017-06-09T13:08:53Z" ,
"object_refs" : [
"x-misp-attribute--593a99e3-6910-4bbb-b74f-4f14950d210f" ,
"observed-data--593a99f0-a2f0-4152-877d-597e950d210f" ,
"url--593a99f0-a2f0-4152-877d-597e950d210f" ,
"indicator--593a9a1b-c56c-467d-9f20-4f14950d210f" ,
"indicator--593a9a1c-e410-4d58-a926-4f14950d210f" ,
"indicator--593a9a1c-4020-40a5-b086-4f14950d210f" ,
"indicator--593a9a1d-4244-41c5-a610-4f14950d210f" ,
"indicator--593a9a1d-a358-44e3-a4ff-4f14950d210f" ,
"indicator--593a9a1e-091c-4f20-8bf9-4f14950d210f" ,
"indicator--593a9a1e-b6e4-4c2a-b979-4f14950d210f" ,
"indicator--593a9a1e-c744-4cb2-9fb2-4f14950d210f" ,
"indicator--593a9a1f-cd2c-4825-a604-4f14950d210f" ,
"indicator--593a9a1f-da50-4eca-ba8e-4f14950d210f" ,
"indicator--593a9a20-2264-4e78-a381-4f14950d210f" ,
"indicator--593a9a20-16d8-4e7f-94aa-4f14950d210f" ,
"indicator--593a9a21-6900-4070-8ff7-4f14950d210f" ,
"indicator--593a9a21-8810-45d8-9832-4f14950d210f" ,
"indicator--593a9a22-e894-483c-95fb-4f14950d210f" ,
"indicator--593a9a22-6c10-4227-9615-4f14950d210f" ,
"indicator--593a9a22-6a64-4342-9a5a-4f14950d210f" ,
"indicator--593a9a23-a6c4-4709-990e-4f14950d210f" ,
"indicator--593a9a23-a970-463a-8278-4f14950d210f" ,
"indicator--593a9a24-a83c-4f0d-b380-4f14950d210f" ,
"indicator--593a9a24-9ac4-4c5d-adcf-4f14950d210f" ,
"indicator--593a9a25-891c-4b6e-829c-4f14950d210f" ,
"indicator--593a9a25-2518-43ba-8caa-4f14950d210f" ,
"indicator--593a9a25-bdd8-4c5b-bd83-4f14950d210f" ,
"indicator--593a9a26-2cc4-412c-bd55-4f14950d210f" ,
"indicator--593a9a26-d1b4-46b7-af14-4f14950d210f" ,
"indicator--593a9a27-69b4-4894-9d5c-4f14950d210f" ,
"indicator--593a9a27-63f0-40be-ae57-4f14950d210f" ,
"indicator--593a9a28-2494-400b-86f4-4f14950d210f" ,
"indicator--593a9a28-2fcc-4aa1-8c8c-4f14950d210f" ,
"indicator--593a9a50-78b8-4c74-85f6-0359950d210f" ,
"indicator--593a9d11-4cdc-494f-9114-9624950d210f" ,
"indicator--593a9d12-8e24-4c6f-9def-9624950d210f" ,
"indicator--593a9d12-7d80-4ec9-9400-9624950d210f" ,
"indicator--593a9d12-d488-4ca7-8c2c-9624950d210f" ,
"indicator--593a9d13-8924-427b-827a-9624950d210f" ,
"indicator--593a9d13-1e48-4d4c-b4c5-9624950d210f" ,
"indicator--593a9da9-1880-4599-bdbd-4ebd02de0b81" ,
"indicator--593a9da9-9870-477c-adf7-4b6a02de0b81" ,
"observed-data--593a9daa-c17c-4188-ae4f-48e702de0b81" ,
"url--593a9daa-c17c-4188-ae4f-48e702de0b81" ,
"indicator--593a9daa-7ae8-4ab8-bf77-4c2502de0b81" ,
"indicator--593a9dab-eff4-4522-8ec8-4ee902de0b81" ,
"observed-data--593a9dab-389c-47e3-895e-41a002de0b81" ,
"url--593a9dab-389c-47e3-895e-41a002de0b81" ,
"indicator--593a9dab-a0dc-416e-a4f0-4b7402de0b81" ,
"indicator--593a9dac-6998-4642-bbd1-468702de0b81" ,
"observed-data--593a9dac-72d0-4754-aa32-480002de0b81" ,
"url--593a9dac-72d0-4754-aa32-480002de0b81" ,
"indicator--593a9dac-102c-43c3-8b27-4e2e02de0b81" ,
"indicator--593a9dad-78dc-4c7f-8feb-46d102de0b81" ,
"observed-data--593a9dad-2538-4934-823d-4c4602de0b81" ,
"url--593a9dad-2538-4934-823d-4c4602de0b81" ,
"indicator--593a9dad-3fa0-4af2-b973-443f02de0b81" ,
"indicator--593a9dae-268c-415b-9f65-4aed02de0b81" ,
"observed-data--593a9dae-b794-4840-b539-4e0302de0b81" ,
"url--593a9dae-b794-4840-b539-4e0302de0b81" ,
"indicator--593a9daf-307c-4d9d-826d-44d502de0b81" ,
"indicator--593a9daf-69f8-4635-8694-488602de0b81" ,
"observed-data--593a9daf-1c44-42ce-8440-483b02de0b81" ,
"url--593a9daf-1c44-42ce-8440-483b02de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--593a99e3-6910-4bbb-b74f-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:08:32.000Z" ,
"modified" : "2017-06-09T13:08:32.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\"" ,
"admiralty-scale:source-reliability=\"b\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Check Point Threat Intelligence and research teams recently discovered a high volume Chinese threat operation which has infected over 250 million computers worldwide. The installed malware, Fireball, takes over target browsers and turns them into zombies. Fireball has two main functionalities: the ability of running any code on victim computers\u00e2\u20ac\u201cdownloading any file or malware, and hijacking and manipulating infected users\u00e2\u20ac\u2122 web-traffic to generate ad-revenue. Currently, Fireball installs plug-ins and additional configurations to boost its advertisements, but just as easily it can turn into a prominent distributor for any additional malware.\r\n\r\nThis operation is run by Rafotech, a large digital marketing agency based in Beijing. Rafotech uses Fireball to manipulate the victims\u00e2\u20ac\u2122 browsers and turn their default search engines and home-pages into fake search engines. This redirects the queries to either yahoo.com or Google.com. The fake search engines include tracking pixels used to collect the users\u00e2\u20ac\u2122 private information. Fireball has the ability to spy on victims, perform efficient malware dropping, and execute any malicious code in the infected machines, this creates a massive security flaw in targeted machines and networks.\r\n\r\n \r\n\r\nKEY FINDINGS\r\n\r\n Check Point analysts uncovered a high volume Chinese threat operation which has infected over 250 million computers worldwide, and 20% of corporate networks.\r\n The malware, called Fireball, acts as a browser-hijacker but and can be turned into a full-functioning malware downloader. Fireball is capable of executing any code on the victim machines, resulting in a wide range of actions from stealing credentials to dropping additional malware.\r\n Fireball is spread mostly via bundling i.e. installed on victim machines alongside a wanted program, often without the user\u00e2\u20ac\u2122s consent.\r\n The operation is run by Chinese digital marketing agency.\r\n Top infected countries are India (10.1%) and Brazil (9.6%)"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--593a99f0-a2f0-4152-877d-597e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:08:31.000Z" ,
"modified" : "2017-06-09T13:08:31.000Z" ,
"first_observed" : "2017-06-09T13:08:31Z" ,
"last_observed" : "2017-06-09T13:08:31Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--593a99f0-a2f0-4152-877d-597e950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\"" ,
"admiralty-scale:source-reliability=\"b\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--593a99f0-a2f0-4152-877d-597e950d210f" ,
"value" : "http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1b-c56c-467d-9f20-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'attirerpage.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1c-e410-4d58-a926-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 's2s.rafotech.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1c-4020-40a5-b086-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'trotux.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1d-4244-41c5-a610-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'startpageing123.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1d-a358-44e3-a4ff-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'funcionapage.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1e-091c-4f20-8bf9-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'universalsearches.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1e-b6e4-4c2a-b979-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'thewebanswers.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1e-c744-4cb2-9fb2-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'nicesearches.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1f-cd2c-4825-a604-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'youndoo.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a1f-da50-4eca-ba8e-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'giqepofa.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a20-2264-4e78-a381-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'mustang-browser.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a20-16d8-4e7f-94aa-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'forestbrowser.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a21-6900-4070-8ff7-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'luckysearch123.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a21-8810-45d8-9832-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'ooxxsearch.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a22-e894-483c-95fb-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'search2000s.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a22-6c10-4227-9615-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'walasearch.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a22-6a64-4342-9a5a-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'hohosearch.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a23-a6c4-4709-990e-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'yessearches.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a23-a970-463a-8278-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'd3l4qa0kmel7is.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a24-a83c-4f0d-b380-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'd5ou3dytze6uf.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a24-9ac4-4c5d-adcf-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'd1vh0xkmncek4z.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a25-891c-4b6e-829c-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'd26r15y2ken1t9.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a25-2518-43ba-8caa-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'd11eq81k50lwgi.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a25-bdd8-4c5b-bd83-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'ddyv8sl7ewq1w.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a26-2cc4-412c-bd55-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'd3i1asoswufp5k.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a26-d1b4-46b7-af14-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'dc44qjwal3p07.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a27-69b4-4894-9d5c-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'dv2m1uumnsgtu.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a27-63f0-40be-ae57-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'd1mxvenloqrqmu.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a28-2494-400b-86f4-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'dfrs12kz9qye2.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a28-2fcc-4aa1-8c8c-4f14950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "C&C" ,
"pattern" : "[domain-name:value = 'dgkytklfjrqkb.cloudfront.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9a50-78b8-4c74-85f6-0359950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"pattern" : "[url:value = 'dgkytklfjrqkb.cloudfront.net/main/trmz.exe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9d11-4cdc-494f-9114-9624950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "Sample" ,
"pattern" : "[file:hashes.MD5 = 'fab40a7bde5250a6bc8644f4d6b9c28f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9d12-8e24-4c6f-9def-9624950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "Sample" ,
"pattern" : "[file:hashes.MD5 = '69ffdf99149d19be7dc1c52f33aaa651']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9d12-7d80-4ec9-9400-9624950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "Sample" ,
"pattern" : "[file:hashes.MD5 = 'b56d1d35d46630335e03af9add84b488']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9d12-d488-4ca7-8c2c-9624950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "Sample" ,
"pattern" : "[file:hashes.MD5 = '8c61a6937963507dc87d8bf00385c0bc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9d13-8924-427b-827a-9624950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "Sample" ,
"pattern" : "[file:hashes.MD5 = '7adb7f56e81456f3b421c01ab19b1900']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9d13-1e48-4d4c-b4c5-9624950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:38.000Z" ,
"modified" : "2017-06-09T13:07:38.000Z" ,
"description" : "Sample" ,
"pattern" : "[file:hashes.MD5 = '2b307e28ce531157611825eb0854c15f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9da9-1880-4599-bdbd-4ebd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:53.000Z" ,
"modified" : "2017-06-09T13:07:53.000Z" ,
"description" : "Sample - Xchecked via VT: fab40a7bde5250a6bc8644f4d6b9c28f" ,
"pattern" : "[file:hashes.SHA256 = '9b4971349ae85aa09c0a69852ed3e626c954954a3927b3d1b6646f139b930022']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9da9-9870-477c-adf7-4b6a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:53.000Z" ,
"modified" : "2017-06-09T13:07:53.000Z" ,
"description" : "Sample - Xchecked via VT: fab40a7bde5250a6bc8644f4d6b9c28f" ,
"pattern" : "[file:hashes.SHA1 = '8b6388810047db449d3699333eca9091568a094c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--593a9daa-c17c-4188-ae4f-48e702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:54.000Z" ,
"modified" : "2017-06-09T13:07:54.000Z" ,
"first_observed" : "2017-06-09T13:07:54Z" ,
"last_observed" : "2017-06-09T13:07:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--593a9daa-c17c-4188-ae4f-48e702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--593a9daa-c17c-4188-ae4f-48e702de0b81" ,
"value" : "https://www.virustotal.com/file/9b4971349ae85aa09c0a69852ed3e626c954954a3927b3d1b6646f139b930022/analysis/1497008302/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9daa-7ae8-4ab8-bf77-4c2502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:54.000Z" ,
"modified" : "2017-06-09T13:07:54.000Z" ,
"description" : "Sample - Xchecked via VT: 69ffdf99149d19be7dc1c52f33aaa651" ,
"pattern" : "[file:hashes.SHA256 = 'e3f69a1fb6fcaf9fd93386b6ba1d86731cd9e5648f7cff5242763188129cd158']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9dab-eff4-4522-8ec8-4ee902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:55.000Z" ,
"modified" : "2017-06-09T13:07:55.000Z" ,
"description" : "Sample - Xchecked via VT: 69ffdf99149d19be7dc1c52f33aaa651" ,
"pattern" : "[file:hashes.SHA1 = 'b6bbe04238834126043610115c253788f0cb8a39']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--593a9dab-389c-47e3-895e-41a002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:55.000Z" ,
"modified" : "2017-06-09T13:07:55.000Z" ,
"first_observed" : "2017-06-09T13:07:55Z" ,
"last_observed" : "2017-06-09T13:07:55Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--593a9dab-389c-47e3-895e-41a002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--593a9dab-389c-47e3-895e-41a002de0b81" ,
"value" : "https://www.virustotal.com/file/e3f69a1fb6fcaf9fd93386b6ba1d86731cd9e5648f7cff5242763188129cd158/analysis/1497008303/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9dab-a0dc-416e-a4f0-4b7402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:55.000Z" ,
"modified" : "2017-06-09T13:07:55.000Z" ,
"description" : "Sample - Xchecked via VT: b56d1d35d46630335e03af9add84b488" ,
"pattern" : "[file:hashes.SHA256 = 'c7244d139ef9ea431a5b9cc6a2176a6a9908710892c74e215431b99cd5228359']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9dac-6998-4642-bbd1-468702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:56.000Z" ,
"modified" : "2017-06-09T13:07:56.000Z" ,
"description" : "Sample - Xchecked via VT: b56d1d35d46630335e03af9add84b488" ,
"pattern" : "[file:hashes.SHA1 = 'cc725869679e5c8c4b7fcdffe98bcd4d612a909a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--593a9dac-72d0-4754-aa32-480002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:56.000Z" ,
"modified" : "2017-06-09T13:07:56.000Z" ,
"first_observed" : "2017-06-09T13:07:56Z" ,
"last_observed" : "2017-06-09T13:07:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--593a9dac-72d0-4754-aa32-480002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--593a9dac-72d0-4754-aa32-480002de0b81" ,
"value" : "https://www.virustotal.com/file/c7244d139ef9ea431a5b9cc6a2176a6a9908710892c74e215431b99cd5228359/analysis/1497008303/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9dac-102c-43c3-8b27-4e2e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:56.000Z" ,
"modified" : "2017-06-09T13:07:56.000Z" ,
"description" : "Sample - Xchecked via VT: 8c61a6937963507dc87d8bf00385c0bc" ,
"pattern" : "[file:hashes.SHA256 = '14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9dad-78dc-4c7f-8feb-46d102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:57.000Z" ,
"modified" : "2017-06-09T13:07:57.000Z" ,
"description" : "Sample - Xchecked via VT: 8c61a6937963507dc87d8bf00385c0bc" ,
"pattern" : "[file:hashes.SHA1 = '0312325d31072afaac87f3aafff58261b549db5d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--593a9dad-2538-4934-823d-4c4602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:57.000Z" ,
"modified" : "2017-06-09T13:07:57.000Z" ,
"first_observed" : "2017-06-09T13:07:57Z" ,
"last_observed" : "2017-06-09T13:07:57Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--593a9dad-2538-4934-823d-4c4602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--593a9dad-2538-4934-823d-4c4602de0b81" ,
"value" : "https://www.virustotal.com/file/14093ce6d0fe8ab60963771f48937c669103842a0400b8d97f829b33c420f7e3/analysis/1497008304/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9dad-3fa0-4af2-b973-443f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:57.000Z" ,
"modified" : "2017-06-09T13:07:57.000Z" ,
"description" : "Sample - Xchecked via VT: 7adb7f56e81456f3b421c01ab19b1900" ,
"pattern" : "[file:hashes.SHA256 = 'fff2818caa9040486a634896f329b8aebaec9121bdf9982841f0646763a1686b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9dae-268c-415b-9f65-4aed02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:58.000Z" ,
"modified" : "2017-06-09T13:07:58.000Z" ,
"description" : "Sample - Xchecked via VT: 7adb7f56e81456f3b421c01ab19b1900" ,
"pattern" : "[file:hashes.SHA1 = '30a176dde7aff87ee73c967d4f70d1b834a62dd4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--593a9dae-b794-4840-b539-4e0302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:58.000Z" ,
"modified" : "2017-06-09T13:07:58.000Z" ,
"first_observed" : "2017-06-09T13:07:58Z" ,
"last_observed" : "2017-06-09T13:07:58Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--593a9dae-b794-4840-b539-4e0302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--593a9dae-b794-4840-b539-4e0302de0b81" ,
"value" : "https://www.virustotal.com/file/fff2818caa9040486a634896f329b8aebaec9121bdf9982841f0646763a1686b/analysis/1497008304/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9daf-307c-4d9d-826d-44d502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:59.000Z" ,
"modified" : "2017-06-09T13:07:59.000Z" ,
"description" : "Sample - Xchecked via VT: 2b307e28ce531157611825eb0854c15f" ,
"pattern" : "[file:hashes.SHA256 = '7d68386554e514f38f98f24e8056c11c0a227602ed179d54ed08f2251dc9ea93']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--593a9daf-69f8-4635-8694-488602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:59.000Z" ,
"modified" : "2017-06-09T13:07:59.000Z" ,
"description" : "Sample - Xchecked via VT: 2b307e28ce531157611825eb0854c15f" ,
"pattern" : "[file:hashes.SHA1 = 'f7df2b019b5640c66e40b1cecbb327d1c9192560']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-06-09T13:07:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--593a9daf-1c44-42ce-8440-483b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-06-09T13:07:59.000Z" ,
"modified" : "2017-06-09T13:07:59.000Z" ,
"first_observed" : "2017-06-09T13:07:59Z" ,
"last_observed" : "2017-06-09T13:07:59Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--593a9daf-1c44-42ce-8440-483b02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--593a9daf-1c44-42ce-8440-483b02de0b81" ,
"value" : "https://www.virustotal.com/file/7d68386554e514f38f98f24e8056c11c0a227602ed179d54ed08f2251dc9ea93/analysis/1497008376/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}