2023-06-14 17:31:25 +00:00
{
"type" : "bundle" ,
"id" : "bundle--59a0220c-51e8-48f3-8812-8192950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:12.000Z" ,
"modified" : "2017-08-25T13:27:12.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "grouping" ,
"spec_version" : "2.1" ,
"id" : "grouping--59a0220c-51e8-48f3-8812-8192950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:12.000Z" ,
"modified" : "2017-08-25T13:27:12.000Z" ,
"name" : "OSINT - \u201cTick\u201d Group Continues Attacks" ,
"context" : "suspicious-activity" ,
"object_refs" : [
"observed-data--59a0221a-ef98-492f-a41f-7fe0950d210f" ,
"url--59a0221a-ef98-492f-a41f-7fe0950d210f" ,
"x-misp-attribute--59a02236-ddb0-47c8-95b4-db90950d210f" ,
"indicator--59a02292-f024-4763-a91a-d9c4950d210f" ,
"indicator--59a02292-44e8-4d6f-8ffb-d9c4950d210f" ,
"indicator--59a02292-db5c-46a6-8d0d-d9c4950d210f" ,
"indicator--59a02292-3e08-487c-bf2e-d9c4950d210f" ,
"indicator--59a02292-c580-4a84-83a2-d9c4950d210f" ,
"indicator--59a02292-9a34-4d31-a50a-d9c4950d210f" ,
"indicator--59a02342-c370-4577-a8ec-d9c2950d210f" ,
"indicator--59a02342-35b0-4722-8936-d9c2950d210f" ,
"indicator--59a02342-7000-46ab-b384-d9c2950d210f" ,
"indicator--59a02342-55a4-4df9-b078-d9c2950d210f" ,
"indicator--59a02342-0520-402f-8750-d9c2950d210f" ,
"indicator--59a02342-6698-4bcb-8e08-d9c2950d210f" ,
"indicator--59a02342-fab4-489a-95ad-d9c2950d210f" ,
"indicator--59a02342-aa28-4cb7-8520-d9c2950d210f" ,
"indicator--59a02342-e728-40da-ab8e-d9c2950d210f" ,
"indicator--59a02342-baf0-4747-85a6-d9c2950d210f" ,
"indicator--59a02342-22cc-4ea0-93c1-d9c2950d210f" ,
"indicator--59a02342-41e4-4077-8f36-d9c2950d210f" ,
"indicator--59a02342-7dac-4b2b-a355-d9c2950d210f" ,
"indicator--59a02342-f680-47a4-8497-d9c2950d210f" ,
"indicator--59a02342-cd3c-4920-a97c-d9c2950d210f" ,
"indicator--59a02393-ec70-4b26-927e-4d01950d210f" ,
"indicator--59a02393-7574-4cf5-9e2c-47d3950d210f" ,
"indicator--59a023ab-cc18-4bbc-9627-d9c1950d210f" ,
"indicator--59a023ab-3fdc-44c0-b218-d9c1950d210f" ,
"indicator--59a023ab-238c-4e0d-9e77-d9c1950d210f" ,
"indicator--59a023b8-74e0-4df6-8c52-43b7950d210f" ,
"indicator--59a023b9-fdf0-45e4-94dc-4ccc950d210f" ,
"indicator--59a023b9-977c-4501-9392-4376950d210f" ,
"indicator--59a023b9-d44c-46c6-b391-44bd950d210f" ,
"indicator--59a023b9-2698-494f-b7f0-4272950d210f" ,
"indicator--59a023b9-8650-42f4-9d9e-4302950d210f" ,
"indicator--59a023b9-68a4-4742-bcc0-44b9950d210f" ,
"indicator--59a023b9-2190-4dfc-bcd1-46ed950d210f" ,
"indicator--59a025a9-5dcc-4e07-aa39-dd3702de0b81" ,
"indicator--59a025a9-de30-4f19-ac6e-dd3702de0b81" ,
"observed-data--59a025a9-b4a8-4acb-9dd5-dd3702de0b81" ,
"url--59a025a9-b4a8-4acb-9dd5-dd3702de0b81" ,
"indicator--59a025a9-1840-4efe-ae94-dd3702de0b81" ,
"indicator--59a025a9-ebd8-4b34-8849-dd3702de0b81" ,
"observed-data--59a025a9-8b7c-4219-aca3-dd3702de0b81" ,
"url--59a025a9-8b7c-4219-aca3-dd3702de0b81" ,
"indicator--59a025a9-d124-4f1f-b965-dd3702de0b81" ,
"indicator--59a025a9-a518-4cd3-865b-dd3702de0b81" ,
"observed-data--59a025a9-6be0-40fc-a248-dd3702de0b81" ,
"url--59a025a9-6be0-40fc-a248-dd3702de0b81" ,
"indicator--59a025a9-3104-4434-ba22-dd3702de0b81" ,
"indicator--59a025a9-9548-4dcd-9ebe-dd3702de0b81" ,
"observed-data--59a025a9-d108-46f6-808d-dd3702de0b81" ,
"url--59a025a9-d108-46f6-808d-dd3702de0b81" ,
"indicator--59a025a9-bc40-4922-8375-dd3702de0b81" ,
"indicator--59a025a9-6128-4527-b4f0-dd3702de0b81" ,
"observed-data--59a025a9-4e30-4986-b6ac-dd3702de0b81" ,
"url--59a025a9-4e30-4986-b6ac-dd3702de0b81" ,
"indicator--59a025a9-ed3c-4635-8ded-dd3702de0b81" ,
"indicator--59a025a9-9fa0-4eac-ae0e-dd3702de0b81" ,
"observed-data--59a025a9-ba74-4d1c-be4e-dd3702de0b81" ,
"url--59a025a9-ba74-4d1c-be4e-dd3702de0b81" ,
"indicator--59a025a9-3240-4992-a4ce-dd3702de0b81" ,
"indicator--59a025a9-fc9c-4f10-b5e7-dd3702de0b81" ,
"observed-data--59a025a9-d184-4b9d-9f4d-dd3702de0b81" ,
"url--59a025a9-d184-4b9d-9f4d-dd3702de0b81" ,
"indicator--59a025a9-1818-491c-b754-dd3702de0b81" ,
"indicator--59a025a9-0150-4332-b565-dd3702de0b81" ,
"observed-data--59a025a9-cd18-48a2-8471-dd3702de0b81" ,
"url--59a025a9-cd18-48a2-8471-dd3702de0b81" ,
"indicator--59a025a9-b650-476f-b889-dd3702de0b81" ,
"indicator--59a025a9-c5d0-4153-a989-dd3702de0b81" ,
"observed-data--59a025a9-023c-43d6-9177-dd3702de0b81" ,
"url--59a025a9-023c-43d6-9177-dd3702de0b81" ,
"indicator--59a025a9-6848-4e61-8f53-dd3702de0b81" ,
"indicator--59a025a9-dd24-4ade-9898-dd3702de0b81" ,
"observed-data--59a025a9-a488-410d-b2fb-dd3702de0b81" ,
"url--59a025a9-a488-410d-b2fb-dd3702de0b81" ,
"indicator--59a025a9-8384-49d9-9b0b-dd3702de0b81" ,
"indicator--59a025a9-ef34-4242-9eb4-dd3702de0b81" ,
"observed-data--59a025a9-f37c-447c-b49c-dd3702de0b81" ,
"url--59a025a9-f37c-447c-b49c-dd3702de0b81" ,
"indicator--59a025a9-6088-4ae8-858f-dd3702de0b81" ,
"indicator--59a025a9-f674-4823-a4c4-dd3702de0b81" ,
"observed-data--59a025a9-d78c-458d-b0ae-dd3702de0b81" ,
"url--59a025a9-d78c-458d-b0ae-dd3702de0b81" ,
"indicator--59a025a9-f150-425a-9f96-dd3702de0b81" ,
"indicator--59a025a9-9dc0-4492-90a5-dd3702de0b81" ,
"observed-data--59a025a9-edc8-47cd-999d-dd3702de0b81" ,
"url--59a025a9-edc8-47cd-999d-dd3702de0b81" ,
"indicator--59a025a9-efa8-4a2d-872d-dd3702de0b81" ,
"indicator--59a025a9-4b84-4680-b393-dd3702de0b81" ,
"observed-data--59a025a9-399c-4616-aecf-dd3702de0b81" ,
"url--59a025a9-399c-4616-aecf-dd3702de0b81" ,
"indicator--59a025a9-e5cc-45e4-af56-dd3702de0b81" ,
"indicator--59a025a9-ddc4-4358-9c8f-dd3702de0b81" ,
"observed-data--59a025a9-b5e0-4e34-9b8a-dd3702de0b81" ,
"url--59a025a9-b5e0-4e34-9b8a-dd3702de0b81" ,
"indicator--59a025a9-7dc0-4bd6-9b64-dd3702de0b81" ,
"indicator--59a025a9-9c7c-4fd6-8363-dd3702de0b81" ,
"observed-data--59a025a9-b4f8-40df-8638-dd3702de0b81" ,
"url--59a025a9-b4f8-40df-8638-dd3702de0b81" ,
"indicator--59a025a9-809c-4b65-ac7b-dd3702de0b81" ,
"indicator--59a025a9-96f0-47eb-ac81-dd3702de0b81" ,
"observed-data--59a025a9-0e88-4de3-adae-dd3702de0b81" ,
"url--59a025a9-0e88-4de3-adae-dd3702de0b81" ,
"indicator--59a025a9-75b8-4d2f-b685-dd3702de0b81" ,
"indicator--59a025a9-5904-4561-bd14-dd3702de0b81" ,
"observed-data--59a025a9-75b4-4d3d-8c19-dd3702de0b81" ,
"url--59a025a9-75b4-4d3d-8c19-dd3702de0b81" ,
"indicator--59a025a9-0138-493b-9fd8-dd3702de0b81" ,
"indicator--59a025a9-8ef0-4341-a183-dd3702de0b81" ,
"observed-data--59a025a9-2d10-43f9-8529-dd3702de0b81" ,
"url--59a025a9-2d10-43f9-8529-dd3702de0b81" ,
"indicator--59a025a9-e0ac-48fa-9844-dd3702de0b81" ,
"indicator--59a025a9-29a4-4994-a328-dd3702de0b81" ,
"observed-data--59a025a9-d468-4905-8b79-dd3702de0b81" ,
"url--59a025a9-d468-4905-8b79-dd3702de0b81" ,
"indicator--59a025a9-9c88-4724-913c-dd3702de0b81" ,
"indicator--59a025a9-fe50-46cf-acde-dd3702de0b81" ,
"observed-data--59a025a9-77ec-4843-9820-dd3702de0b81" ,
"url--59a025a9-77ec-4843-9820-dd3702de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"osint:source-type=\"blog-post\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a0221a-ef98-492f-a41f-7fe0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"first_observed" : "2017-08-25T13:27:04Z" ,
"last_observed" : "2017-08-25T13:27:04Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a0221a-ef98-492f-a41f-7fe0950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a0221a-ef98-492f-a41f-7fe0950d210f" ,
"value" : "https://researchcenter.paloaltonetworks.com/2017/07/unit42-tick-group-continues-attacks/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--59a02236-ddb0-47c8-95b4-db90950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "The \u201cTick\u201d group has conducted cyber espionage attacks against organizations in the Republic of Korea and Japan for several years. The group focuses on companies that have intellectual property or sensitive information like those in the Defense and High-Tech industries. The group is known to use custom malware called Daserf, but also employs multiple commodity and custom tools, exploit vulnerabilities, and use social engineering techniques.\r\n\r\nRegarding the command and control (C2) infrastructure, Tick previously used domains registered through privacy protection services to keep their anonymity, but have moved to compromised websites in recent attacks. With multiple tools and anonymous infrastructure, they are running longstanding and persistent attack campaigns. We have observed that the adversary has repeatedly attacked a high-profile target in Japan using multiple malware families for the last three years."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02292-f024-4763-a91a-d9c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Daserf" ,
"pattern" : "[file:hashes.SHA256 = '04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02292-44e8-4d6f-8ffb-d9c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Daserf" ,
"pattern" : "[file:hashes.SHA256 = 'f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02292-db5c-46a6-8d0d-d9c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Daserf" ,
"pattern" : "[file:hashes.SHA256 = 'e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02292-3e08-487c-bf2e-d9c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Daserf" ,
"pattern" : "[file:hashes.SHA256 = '21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02292-c580-4a84-83a2-d9c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Daserf" ,
"pattern" : "[file:hashes.SHA256 = '9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02292-9a34-4d31-a50a-d9c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Daserf" ,
"pattern" : "[file:hashes.SHA256 = '01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-c370-4577-a8ec-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Invader" ,
"pattern" : "[file:hashes.SHA256 = '0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-35b0-4722-8936-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Invader" ,
"pattern" : "[file:hashes.SHA256 = 'e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-7000-46ab-b384-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Invader" ,
"pattern" : "[file:hashes.SHA256 = '57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-55a4-4df9-b078-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "9002" ,
"pattern" : "[file:hashes.SHA256 = '933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-0520-402f-8750-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "9002" ,
"pattern" : "[file:hashes.SHA256 = '2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-6698-4bcb-8e08-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "9002" ,
"pattern" : "[file:hashes.SHA256 = '055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-fab4-489a-95ad-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Minzen" ,
"pattern" : "[file:hashes.SHA256 = '797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-aa28-4cb7-8520-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Minzen" ,
"pattern" : "[file:hashes.SHA256 = '9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-e728-40da-ab8e-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Minzen" ,
"pattern" : "[file:hashes.SHA256 = '26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-baf0-4747-85a6-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "NamelessHdoor" ,
"pattern" : "[file:hashes.SHA256 = 'dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-22cc-4ea0-93c1-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Gh0stRAt Downloader" ,
"pattern" : "[file:hashes.SHA256 = 'ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-41e4-4077-8f36-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Gh0stRAt Downloader" ,
"pattern" : "[file:hashes.SHA256 = 'e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-7dac-4b2b-a355-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Custom Gh0st" ,
"pattern" : "[file:hashes.SHA256 = '8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-f680-47a4-8497-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "Datper" ,
"pattern" : "[file:hashes.SHA256 = '7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02342-cd3c-4920-a97c-d9c2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "HomamDownloader" ,
"pattern" : "[file:hashes.SHA256 = 'a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02393-ec70-4b26-927e-4d01950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"pattern" : "[domain-name:value = 'softfix.co.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a02393-7574-4cf5-9e2c-47d3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"pattern" : "[domain-name:value = 'bbs.softfix.co.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023ab-cc18-4bbc-9627-d9c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2 server of Daserf" ,
"pattern" : "[domain-name:value = 'news.softfix.co.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023ab-3fdc-44c0-b218-d9c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2 server of Invader" ,
"pattern" : "[domain-name:value = 'bbs.gokickes.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023ab-238c-4e0d-9e77-d9c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2 server of Invader" ,
"pattern" : "[domain-name:value = 'www.gokickes.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b8-74e0-4df6-8c52-43b7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'lywjrea.gmarketshop.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b9-fdf0-45e4-94dc-4ccc950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'krjregh.sacreeflame.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b9-977c-4501-9392-4376950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'psfir.sacreeflame.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b9-d44c-46c6-b391-44bd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'lywja.healthsvsolu.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b9-2698-494f-b7f0-4272950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'phot.healthsvsolu.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b9-8650-42f4-9d9e-4302950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'blog.softfix.co.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b9-68a4-4742-bcc0-44b9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'log.gokickes.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a023b9-2190-4dfc-bcd1-46ed950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:04.000Z" ,
"modified" : "2017-08-25T13:27:04.000Z" ,
"description" : "C2" ,
"pattern" : "[domain-name:value = 'sansei.jpn.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-5dcc-4e07-aa39-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "HomamDownloader - Xchecked via VT: a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7" ,
"pattern" : "[file:hashes.SHA1 = '632b8eb977f61d8ce693d9de2b4d712f1d5cf95c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-de30-4f19-ac6e-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "HomamDownloader - Xchecked via VT: a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7" ,
"pattern" : "[file:hashes.MD5 = 'ea50237e4947cefd204aebe89e7055f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-b4a8-4acb-9dd5-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-b4a8-4acb-9dd5-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-b4a8-4acb-9dd5-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/a624d2cd6dee3b6150df3ca61ee0f992e2d6b08b3107f5b00f8bf8bcfe07ebe7/analysis/1500964953/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-1840-4efe-ae94-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Datper - Xchecked via VT: 7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849" ,
"pattern" : "[file:hashes.SHA1 = 'f400b4d0008390314d663b8aa9ce9b525691a5e9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-ebd8-4b34-8849-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Datper - Xchecked via VT: 7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849" ,
"pattern" : "[file:hashes.MD5 = 'c7323e635841980e38129b3a5a90b0da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-8b7c-4219-aca3-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-8b7c-4219-aca3-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-8b7c-4219-aca3-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/7d70d659c421b50604ce3e0a1bf423ab7e54b9df361360933bac3bb852a31849/analysis/1503338749/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-d124-4f1f-b965-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Custom Gh0st - Xchecked via VT: 8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40" ,
"pattern" : "[file:hashes.SHA1 = '1262b97f8f16b1c436b28b25383a20c067e69a9f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-a518-4cd3-865b-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Custom Gh0st - Xchecked via VT: 8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40" ,
"pattern" : "[file:hashes.MD5 = '49ce81d7975e732a3a3191b32d93a254']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-6be0-40fc-a248-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-6be0-40fc-a248-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-6be0-40fc-a248-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/8e5a0a5f733f62712b840e7f5051a2bd68508ea207e582a190c8947a06e26f40/analysis/1501706788/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-3104-4434-ba22-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Gh0stRAt Downloader - Xchecked via VT: e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c" ,
"pattern" : "[file:hashes.SHA1 = '03b43106d58645b3e58217d6f0dafdbe8c88f5fb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-9548-4dcd-9ebe-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Gh0stRAt Downloader - Xchecked via VT: e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c" ,
"pattern" : "[file:hashes.MD5 = '6540714dd32c62f3664cd02153c5780b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-d108-46f6-808d-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-d108-46f6-808d-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-d108-46f6-808d-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/e34f4a9c598ad3bb243cb39969fb9509427ff9c08e63e8811ad26b72af046f0c/analysis/1430158030/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-bc40-4922-8375-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Gh0stRAt Downloader - Xchecked via VT: ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974" ,
"pattern" : "[file:hashes.SHA1 = '0e40d5ef368803c26244da5d5be57a4850e1cdb6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-6128-4527-b4f0-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Gh0stRAt Downloader - Xchecked via VT: ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974" ,
"pattern" : "[file:hashes.MD5 = 'd05b9d77ee59deaebaaa02084d6f8507']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-4e30-4986-b6ac-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-4e30-4986-b6ac-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-4e30-4986-b6ac-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/ce47e7827da145823a6f2b755975d1d2f5eda045b4c542c9b9d05544f3a9b974/analysis/1501160072/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-ed3c-4635-8ded-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "NamelessHdoor - Xchecked via VT: dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f" ,
"pattern" : "[file:hashes.SHA1 = 'ccd527b7b66374c93fb01101eb7b86c22981492d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-9fa0-4eac-ae0e-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "NamelessHdoor - Xchecked via VT: dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f" ,
"pattern" : "[file:hashes.MD5 = '044e2e7c4813accdbe030c49cef3326b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-ba74-4d1c-be4e-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-ba74-4d1c-be4e-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-ba74-4d1c-be4e-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/dfc8a6da93481e9dab767c8b42e2ffbcd08fb813123c91b723a6e6d70196636f/analysis/1501706644/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-3240-4992-a4ce-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Minzen - Xchecked via VT: 26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82" ,
"pattern" : "[file:hashes.SHA1 = 'ff05e0f60aeabd2497bb70182c0641f19c5af269']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-fc9c-4f10-b5e7-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Minzen - Xchecked via VT: 26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82" ,
"pattern" : "[file:hashes.MD5 = 'c5d1626ca67376532af253c9673b1101']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-d184-4b9d-9f4d-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-d184-4b9d-9f4d-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-d184-4b9d-9f4d-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/26727d139b593486237b975e7bdf93a8148c52d5fb48d5fe540a634a16a6ba82/analysis/1501899010/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-1818-491c-b754-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Minzen - Xchecked via VT: 9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2" ,
"pattern" : "[file:hashes.SHA1 = 'db7d62ef93fb16768a421ad17568b044a1af8825']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-0150-4332-b565-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Minzen - Xchecked via VT: 9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2" ,
"pattern" : "[file:hashes.MD5 = '73c79f84361fc8d74ec53c36e07b39e6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-cd18-48a2-8471-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-cd18-48a2-8471-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-cd18-48a2-8471-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/9374040a9e2f47f7037edaac19f21ff1ef6a999ff98c306504f89a37196074a2/analysis/1503058545/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-b650-476f-b889-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Minzen - Xchecked via VT: 797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1" ,
"pattern" : "[file:hashes.SHA1 = '116878319499c594e29f1af6ead46cffd73efcc8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-c5d0-4153-a989-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Minzen - Xchecked via VT: 797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1" ,
"pattern" : "[file:hashes.MD5 = '6ef5cdca1fe65f88a7213d6cc62abb79']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-023c-43d6-9177-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-023c-43d6-9177-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-023c-43d6-9177-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/797d9c00022eaa2f86ddc9374f60d7ad92128ca07204b3e2fe791c08da9ce2b1/analysis/1501159875/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-6848-4e61-8f53-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "9002 - Xchecked via VT: 055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831" ,
"pattern" : "[file:hashes.SHA1 = 'c044f8b39653c72c6861da43475ff9f094e0edb6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-dd24-4ade-9898-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "9002 - Xchecked via VT: 055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831" ,
"pattern" : "[file:hashes.MD5 = '7246a7528649333dc64b03e46d84c9f0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-a488-410d-b2fb-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-a488-410d-b2fb-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-a488-410d-b2fb-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/055fe8002de293401852310ae76cb730c570f2037c3c832a52a79b70e2cb7831/analysis/1497242017/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-8384-49d9-9b0b-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "9002 - Xchecked via VT: 2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe" ,
"pattern" : "[file:hashes.SHA1 = 'c30361a20f1c42a6cdb33376d3d80e15610afd5d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-ef34-4242-9eb4-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "9002 - Xchecked via VT: 2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe" ,
"pattern" : "[file:hashes.MD5 = '181d4f01c8d6d1abae0847ce74e24268']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-f37c-447c-b49c-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-f37c-447c-b49c-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-f37c-447c-b49c-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/2bec20540d200758a223a7e8f7b2f98cd4949e106c1907d3f194216208c5b2fe/analysis/1501215779/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-6088-4ae8-858f-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "9002 - Xchecked via VT: 933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e" ,
"pattern" : "[file:hashes.SHA1 = 'd18b4ca7472a0a7fe31e88a0e0f6889dd45454b0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-f674-4823-a4c4-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "9002 - Xchecked via VT: 933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e" ,
"pattern" : "[file:hashes.MD5 = '955a2287fb560b1b9f98ae131a13558b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-d78c-458d-b0ae-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-d78c-458d-b0ae-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-d78c-458d-b0ae-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/933d66b43b3ce9a572ee3127b255b4baf69d6fdd7cb24da609b52ee277baa76e/analysis/1501898610/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-f150-425a-9f96-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Invader - Xchecked via VT: 57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb" ,
"pattern" : "[file:hashes.SHA1 = 'f0ea963a86d0ef8e1ecf72b58d3f75e0ea8f18e0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-9dc0-4492-90a5-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Invader - Xchecked via VT: 57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb" ,
"pattern" : "[file:hashes.MD5 = 'b44722b197ec495cee00bff373b2a3f7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-edc8-47cd-999d-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-edc8-47cd-999d-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-edc8-47cd-999d-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/57e1d3122e6dc88d9eb2989f081de88a0e6864e767281d509ff58834928895fb/analysis/1501707143/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-efa8-4a2d-872d-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Invader - Xchecked via VT: e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e" ,
"pattern" : "[file:hashes.SHA1 = '8ca2085c68f802d6efdadf6f7c174582d6f480a5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-4b84-4680-b393-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Invader - Xchecked via VT: e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e" ,
"pattern" : "[file:hashes.MD5 = 'e9a1d96a1b1b2bfe41ae1b6327d44f21']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-399c-4616-aecf-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-399c-4616-aecf-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-399c-4616-aecf-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/e9574627349aeb7dd7f5b9f9c5ede7faa06511d7fdf98804526ca1b2e7ce127e/analysis/1501025628/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-e5cc-45e4-af56-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Invader - Xchecked via VT: 0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287" ,
"pattern" : "[file:hashes.SHA1 = '4ce27f07dbf0c20bbc9d567664da73188dbdf444']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-ddc4-4358-9c8f-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Invader - Xchecked via VT: 0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287" ,
"pattern" : "[file:hashes.MD5 = '848a087df1a6cbbe68760df603cc4323']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-b5e0-4e34-9b8a-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-b5e0-4e34-9b8a-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-b5e0-4e34-9b8a-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/0df20ccd074b722d5fe1358b329c7bdebcd7e3902a1ca4ca8d5a98cc5ce4c287/analysis/1501025628/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-7dc0-4bd6-9b64-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46" ,
"pattern" : "[file:hashes.SHA1 = '3fa7215e2377df23a088f53a81efcb0562f4b142']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-9c7c-4fd6-8363-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46" ,
"pattern" : "[file:hashes.MD5 = 'd8be46cc4642faac37d8167fed433950']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-b4f8-40df-8638-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-b4f8-40df-8638-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-b4f8-40df-8638-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/01d681c51ad0c7c3d4b320973c61c28a353624ac665fd390553b364d17911f46/analysis/1501985025/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-809c-4b65-ac7b-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423" ,
"pattern" : "[file:hashes.SHA1 = 'ba932ba5d07f153498d274117a96feacb21c074c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-96f0-47eb-ac81-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423" ,
"pattern" : "[file:hashes.MD5 = '5f938ec8dc3ae7f19c8a970c6b95059b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-0e88-4de3-adae-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-0e88-4de3-adae-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-0e88-4de3-adae-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/9c7a34390e92d4551c26a3feb5b181757b3309995acd1f92e0f63f888aa89423/analysis/1501706838/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-75b8-4d2f-b685-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd" ,
"pattern" : "[file:hashes.SHA1 = 'e5c9d7b498021f33e6930b7419e1298a360df3d7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-5904-4561-bd14-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd" ,
"pattern" : "[file:hashes.MD5 = 'caafc4b6154022e7d50869d50d67148a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-75b4-4d3d-8c19-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-75b4-4d3d-8c19-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-75b4-4d3d-8c19-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/21111136d523970e27833dd2db15d7c50803d8f6f4f377d4d9602ba9fbd355cd/analysis/1500965130/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-0138-493b-9fd8-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51" ,
"pattern" : "[file:hashes.SHA1 = 'cb515cfa0a9887fdeffe80e4c41ccb3dcefe992c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-8ef0-4341-a183-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51" ,
"pattern" : "[file:hashes.MD5 = '3ba5d5690ca63ca16a444557f1411c85']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-2d10-43f9-8529-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-2d10-43f9-8529-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-2d10-43f9-8529-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/e8edde4519763bb6669ba99e33b4803a7655805b8c3475b49af0a49913577e51/analysis/1501691519/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-e0ac-48fa-9844-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06" ,
"pattern" : "[file:hashes.SHA1 = '15c88b16850479dec1366be33683a60aebd8d453']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-29a4-4994-a328-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06" ,
"pattern" : "[file:hashes.MD5 = '22b3dda332fcc5362bfa91518a511e3e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-d468-4905-8b79-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-d468-4905-8b79-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-d468-4905-8b79-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/f8458a0711653071bf59a3153293771a6fb5d1de9af7ea814de58f473cba9d06/analysis/1501706715/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-9c88-4724-913c-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a" ,
"pattern" : "[file:hashes.SHA1 = '518857ae1c884b750c16142dbeddc76f2add08c5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--59a025a9-fe50-46cf-acde-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"description" : "Daserf - Xchecked via VT: 04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a" ,
"pattern" : "[file:hashes.MD5 = 'f4d02c412d465893497b91f3ce0e1ad7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-08-25T13:27:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--59a025a9-77ec-4843-9820-dd3702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-08-25T13:27:05.000Z" ,
"modified" : "2017-08-25T13:27:05.000Z" ,
"first_observed" : "2017-08-25T13:27:05Z" ,
"last_observed" : "2017-08-25T13:27:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--59a025a9-77ec-4843-9820-dd3702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--59a025a9-77ec-4843-9820-dd3702de0b81" ,
"value" : "https://www.virustotal.com/file/04080fbab754dbf0c7529f8bbe661afef9c2cba74e3797428538ed5c243d705a/analysis/1501756421/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}