2023-04-21 14:44:17 +00:00
{
"type" : "bundle" ,
"id" : "bundle--55cc400a-ee68-4aaa-b144-4d73950d210b" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2017-06-22T20:18:42.000Z" ,
"modified" : "2017-06-22T20:18:42.000Z" ,
"name" : "CthulhuSPRL.be" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--55cc400a-ee68-4aaa-b144-4d73950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2017-06-22T20:18:42.000Z" ,
"modified" : "2017-06-22T20:18:42.000Z" ,
"name" : "OSINT Potao Express samples from contagiodump" ,
"published" : "2017-06-22T20:19:30Z" ,
"object_refs" : [
"observed-data--55cc401b-9f9c-42d9-a155-4878950d210b" ,
"url--55cc401b-9f9c-42d9-a155-4878950d210b" ,
"x-misp-attribute--55cc4047-6cc0-4d42-96e1-34af950d210b" ,
"x-misp-attribute--55cc4048-b494-420a-b02b-34af950d210b" ,
"x-misp-attribute--55cc4048-5808-451d-afea-34af950d210b" ,
"indicator--55cc4380-ecf8-4902-a121-4e70950d210b" ,
"indicator--55cc4381-f09c-4e0c-853c-4dbb950d210b" ,
"indicator--55cc4381-9e48-479f-bb2f-4839950d210b" ,
"indicator--55cc4381-2ea0-4f9d-acf0-4630950d210b" ,
"indicator--55cc4381-10ec-4b85-9df2-4319950d210b" ,
"indicator--55cc4381-0b00-4892-a1a5-4c5f950d210b" ,
"indicator--55cc4382-ae8c-4990-9735-4a7b950d210b" ,
"indicator--55cc4382-a56c-4101-9456-49bb950d210b" ,
"indicator--55cc4382-e4ec-4fcf-8be6-4778950d210b" ,
"indicator--55cc4382-5e8c-4ef5-9ea9-43c0950d210b" ,
"indicator--55cc4382-ca24-4c60-9da7-4df6950d210b" ,
"indicator--55cc4383-9648-40fe-add0-4169950d210b" ,
"indicator--55cc4383-a6ec-4de4-8eb8-4e6a950d210b" ,
"indicator--55cc4383-7c94-4236-9b45-4387950d210b" ,
"indicator--55cc4383-0da8-421f-87d4-4a97950d210b" ,
"indicator--55cc4383-da48-43fa-b6c1-4838950d210b" ,
"indicator--55cc4383-4bbc-46ba-b3ee-4389950d210b" ,
"indicator--55cc4384-3004-4378-9b88-417c950d210b" ,
"indicator--55cc4384-c2ac-4b2e-b928-4f44950d210b" ,
"indicator--55cc4384-6af8-41f9-a7ef-4b57950d210b" ,
"indicator--55cc439a-beb4-4229-8fb7-4eb1950d210b" ,
"indicator--55cc439a-a728-44a5-95f5-4a08950d210b" ,
"indicator--55cc439a-5360-4ba5-a0c9-43ac950d210b" ,
"indicator--55cc439a-48b0-4e83-a687-4861950d210b" ,
"indicator--55cc439b-7588-4cfe-9cd4-4b2e950d210b" ,
"indicator--55cc439b-f48c-43ca-904c-4c17950d210b" ,
"indicator--55cc43ab-7174-47ab-9e9d-444e950d210b" ,
"indicator--55cc43ab-9804-47c4-91c2-40ab950d210b" ,
"indicator--55cc43ab-bb8c-4ea1-9165-415e950d210b" ,
"indicator--55cc43ab-a04c-4055-9562-4eeb950d210b" ,
"indicator--55cc43ab-6440-4db5-b619-41b0950d210b" ,
"indicator--55cc43ac-2624-4157-a4fe-45ff950d210b" ,
"indicator--55cc43ac-1fd4-4376-8a4d-427e950d210b" ,
"indicator--55cc43ac-13bc-42e8-b578-4284950d210b" ,
"indicator--55cc43ac-7e1c-4cd2-9322-41a5950d210b" ,
"indicator--55cc43ac-0c84-4ecd-ad39-4195950d210b" ,
"indicator--55cc43ac-d5d8-494d-8ccc-4a09950d210b" ,
"indicator--55cc43ad-2754-451e-9138-490a950d210b" ,
"indicator--55cc43b9-8fa0-4819-9847-43f9950d210b" ,
"indicator--55cc43b9-bb30-4e01-b7ed-4f46950d210b" ,
"indicator--55cc43b9-02b4-4b39-b592-4df7950d210b" ,
"indicator--55cc43ba-c268-4f57-8b30-4989950d210b" ,
"indicator--55cc43ba-3be0-49f8-a97f-4c3a950d210b" ,
"indicator--55cc43ba-9510-4e9e-8ffd-4350950d210b" ,
"indicator--55cc43ba-4dec-4821-afef-488b950d210b" ,
"indicator--55cc43ba-5118-49d2-b472-49fb950d210b" ,
"indicator--55cc43bb-b570-4cd4-85e5-4310950d210b" ,
"indicator--55cc43bb-f224-44a1-9e10-48b2950d210b" ,
"indicator--55cc43bb-9db4-40b3-b2cb-42c2950d210b" ,
"indicator--55cc43bb-932c-4bdc-8b64-4ddf950d210b" ,
"indicator--55cc43c7-33f0-4d8d-bd4e-4e8d950d210b" ,
"indicator--55cc43c7-aecc-4bfe-b3dc-47bf950d210b" ,
"indicator--55cc43c7-e810-41e2-a535-4475950d210b" ,
"indicator--55cc43c7-4824-40f8-9cd5-4226950d210b" ,
"indicator--55cc43c7-57f4-46fd-90f0-4622950d210b" ,
"indicator--55cc43c7-9920-4f2c-b1db-442b950d210b" ,
"indicator--55cc43c8-8138-4d1c-8c9b-4990950d210b" ,
"indicator--55cc43c8-85fc-4e29-a529-4b99950d210b" ,
"indicator--55cc443a-6fb8-48bc-bce3-4323950d210b" ,
"indicator--55cc443b-7ec4-4260-8f3a-4d4d950d210b" ,
"indicator--55cc443b-7f34-4021-bd73-4e75950d210b" ,
"indicator--55cc443b-20b0-4ced-9599-4119950d210b" ,
"indicator--55cc443b-5d94-4fbb-a65e-4422950d210b" ,
"indicator--55cc443b-c8a8-4b72-ab03-46b1950d210b" ,
"indicator--55cc443c-cc0c-4efa-844d-4424950d210b" ,
"indicator--55cc443c-c0b4-485c-83a1-49af950d210b" ,
"indicator--55cc4448-0d00-4f5c-93b7-4853950d210b" ,
"indicator--55cc4448-3910-421f-b657-44e0950d210b" ,
"indicator--55cc4448-d268-4a20-ac25-448f950d210b" ,
"indicator--55cc4448-4c9c-4693-82a6-4955950d210b" ,
"indicator--55cc4449-822c-4231-89e2-447c950d210b" ,
"indicator--55cc4449-1d04-463a-a7e9-438e950d210b" ,
"indicator--55cc4449-0084-4e73-ad0c-4315950d210b" ,
"indicator--55cc4449-b0c8-42b2-818a-43a8950d210b" ,
"indicator--55cc4449-acb8-4f3b-8f7e-48b1950d210b" ,
"indicator--55cc444a-ab1c-4133-9777-484e950d210b" ,
"indicator--55cc444a-1144-4208-a45a-4972950d210b" ,
"indicator--55cc444a-727c-4601-be66-4e67950d210b" ,
"indicator--55cc444a-cf04-4328-a0e7-42a8950d210b" ,
"indicator--55cc444a-d570-4e02-952d-4a80950d210b" ,
"indicator--55cc444b-6954-4fe0-88c1-4207950d210b" ,
"indicator--55cc444b-e9d4-47b5-8a95-4f10950d210b" ,
"indicator--55cc444b-abe4-498c-881a-4e43950d210b" ,
"indicator--55cc444b-6338-4ded-99a6-4f54950d210b" ,
"indicator--55cc445b-3d2c-4d88-bdb8-41ad950d210b" ,
"indicator--55cc445b-4798-45f7-82fc-4c7d950d210b" ,
"indicator--55cc445b-dc5c-4515-84a6-4a59950d210b" ,
"indicator--55cc445b-1548-4fe1-9997-49c0950d210b" ,
"indicator--55cc445c-c2dc-4bce-8dc3-46f5950d210b" ,
"indicator--55cc445c-e6f8-4f9e-813a-4587950d210b" ,
"indicator--55cc445c-9d00-4fa7-93c8-422d950d210b" ,
"indicator--55cc445c-0a7c-4ff7-85c9-4807950d210b" ,
"indicator--55cc445c-57b8-4f00-b278-4046950d210b" ,
"indicator--55cc445d-9608-47f5-aef9-47ed950d210b" ,
"indicator--55cc445d-85f4-4e02-b8d4-4777950d210b" ,
"indicator--55cc445d-d78c-449b-accb-4f0f950d210b" ,
"indicator--55cc445d-166c-439e-90af-4b19950d210b" ,
"indicator--55cc445d-e864-45cf-b346-4ad3950d210b" ,
"indicator--55cc445e-151c-4505-ae5f-4b85950d210b" ,
"indicator--55cc445e-900c-408f-b84f-426c950d210b" ,
"indicator--55cc445e-ac3c-49c6-a91b-4af9950d210b" ,
"indicator--55cc445e-96d8-4d60-b4d5-49c5950d210b" ,
"indicator--55cc445e-0e88-4c2e-bec9-468c950d210b" ,
"indicator--55cc445f-5158-49a0-b7c5-4e5c950d210b" ,
"indicator--55cc445f-dab0-4866-8658-4a32950d210b" ,
"indicator--55cc445f-dd48-44c8-9a6b-4512950d210b" ,
"indicator--55cc445f-facc-493c-8330-4b00950d210b" ,
"indicator--55cc445f-484c-4d3f-a776-4745950d210b" ,
"indicator--55cc445f-7bfc-450d-ab81-488d950d210b" ,
"indicator--55cc4460-2d84-45f2-9b79-4057950d210b" ,
"indicator--55cc4460-1c18-4cd8-9ca7-4984950d210b" ,
"indicator--55cc4460-2778-43fd-b47f-43d7950d210b" ,
"indicator--55cc4460-6cb0-4c1f-9d57-4c0b950d210b" ,
"indicator--55cc4460-4270-4f04-b3ab-434b950d210b" ,
"indicator--55cc4461-2e20-49c2-b5ac-4e44950d210b" ,
"indicator--55cc4461-a388-464c-926a-428e950d210b" ,
"indicator--55cc4461-1800-46f6-abf7-4a7d950d210b" ,
"indicator--55cc4461-9bf4-4aef-b26a-4026950d210b" ,
"indicator--55cc4461-694c-4061-bc26-47a9950d210b" ,
"indicator--55cc4462-9588-464d-ac91-49a3950d210b" ,
"indicator--55cc4462-7df0-4c13-8c81-424d950d210b" ,
"indicator--55cc4462-7100-49c1-8e23-416b950d210b" ,
"indicator--55cc4462-c640-4e8e-b471-4641950d210b" ,
"indicator--55cc4462-7794-4fdb-82b1-472e950d210b" ,
"indicator--55e200f3-9ea8-4758-a9b4-4f4a950d210b" ,
"indicator--56c69e90-fc44-4264-9e4e-45ab950d210f" ,
"indicator--56c69e92-852c-45eb-928d-4322950d210f" ,
"indicator--56c69e93-42b8-4267-9c06-c650950d210f" ,
"indicator--56c69e94-0ec4-454d-ba48-4c0d950d210f" ,
"indicator--56c69e95-1d38-4d6b-b371-5ca1950d210f" ,
"indicator--56c69e96-41d8-47da-b2fc-59a4950d210f" ,
"indicator--56c69e97-db3c-4443-a8a4-599e950d210f" ,
"indicator--56c69e98-9db8-4d50-ab6f-59a1950d210f" ,
"indicator--56c69e99-0660-470d-be5c-4372950d210f" ,
"indicator--56c69e9a-8834-4dc1-be46-59a0950d210f" ,
"indicator--56c69e9b-09f4-4de3-8a0c-599d950d210f" ,
"indicator--56c69e9c-0474-4ba3-880d-c653950d210f" ,
"indicator--56c69e9e-2a04-420a-b94d-59a3950d210f" ,
"indicator--56c69e9f-23a4-4342-9ac1-445c950d210f" ,
"indicator--56c69ea0-eb30-4319-8242-c654950d210f" ,
"indicator--56c69ea2-6bb8-461d-a4e4-599d950d210f" ,
"indicator--56c69ea3-5468-48a7-a99d-5ca1950d210f" ,
"indicator--56c69ea4-c028-4060-bf72-59a4950d210f" ,
"indicator--56c69ea5-58cc-47f2-918d-59a1950d210f" ,
"indicator--56c69ea6-85f0-47b6-ada2-5ca1950d210f" ,
"indicator--56c69ea8-2418-4718-9ec1-5f51950d210f" ,
"indicator--56c69ea9-ea30-48e3-aa1d-c654950d210f" ,
"indicator--56c69eaa-784c-4120-9335-4781950d210f" ,
"indicator--56c69eab-cbc4-4482-b2bb-4cfb950d210f" ,
"indicator--56c69eac-b2f8-4b51-9102-59a0950d210f" ,
"indicator--56c69eaf-3998-4378-a183-4a58950d210f" ,
"indicator--56c69eb0-ed34-4b9a-84cf-c652950d210f" ,
"indicator--56c69eb1-82ac-4194-a49b-599c950d210f" ,
"indicator--56c69eb2-1c80-42c7-a8a9-4dfa950d210f" ,
"indicator--56c69eb3-077c-425e-bf78-4705950d210f" ,
"indicator--56c69eb5-9820-46c4-a661-599d950d210f" ,
"indicator--56c69eb6-77ec-4a20-ad16-599e950d210f" ,
"indicator--56c69eb7-545c-40e5-a4e0-59a4950d210f" ,
"indicator--56c69eb8-4aa0-42d9-8f21-59a2950d210f" ,
"indicator--56c69eb9-7318-4f8e-98b5-c650950d210f" ,
"indicator--56c69eba-554c-40da-9557-5ca1950d210f" ,
"indicator--56c69ebc-2c7c-4a5a-8b59-c652950d210f" ,
"indicator--56c69ebd-a430-4383-8415-599e950d210f" ,
"indicator--56c69ebe-03bc-495c-9ad1-42e5950d210f" ,
"indicator--56c69ebf-43a0-44d4-b602-c650950d210f" ,
"indicator--56c69ec1-b4cc-4e8b-8f28-5ca1950d210f" ,
"indicator--56c69ec2-f910-4ddd-89c0-599d950d210f" ,
"indicator--56c69ec3-7914-4ed4-a57f-c653950d210f" ,
"indicator--56c69ec4-a450-4c2d-80fd-c652950d210f" ,
"indicator--56c69ec5-4490-4841-91bd-5f51950d210f" ,
"indicator--56c69ec6-7d6c-4de6-bf3e-59a1950d210f" ,
"indicator--56c69ec7-5b6c-48fe-bb28-59a4950d210f" ,
"indicator--56c69ec8-fd0c-4669-8f1e-491e950d210f" ,
"indicator--56c69ec9-a8ac-406a-ac42-c653950d210f" ,
"indicator--56c69eca-a14c-40f4-8fd9-59a3950d210f" ,
"indicator--56c69ecb-c15c-49ba-8a25-5ca1950d210f" ,
"indicator--56c69ecc-f068-4acb-854e-c654950d210f" ,
"indicator--56c69ece-cbac-43d8-9827-599c950d210f" ,
"indicator--56c69ecf-f6d0-416b-bdca-c650950d210f"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"misp-galaxy:ransomware=\"Potato Ransomware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--55cc401b-9f9c-42d9-a155-4878950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T06:58:35.000Z" ,
"modified" : "2015-08-13T06:58:35.000Z" ,
"first_observed" : "2015-08-13T06:58:35Z" ,
"last_observed" : "2015-08-13T06:58:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--55cc401b-9f9c-42d9-a155-4878950d210b"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--55cc401b-9f9c-42d9-a155-4878950d210b" ,
"value" : "http://contagiodump.blogspot.be/2015/08/potao-express-samples.html"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--55cc4047-6cc0-4d42-96e1-34af950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T06:59:19.000Z" ,
"modified" : "2015-08-13T06:59:19.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Operation Potao Express"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--55cc4048-b494-420a-b02b-34af950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T06:59:20.000Z" ,
"modified" : "2015-08-13T06:59:20.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Potao Express"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--55cc4048-5808-451d-afea-34af950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T06:59:20.000Z" ,
"modified" : "2015-08-13T06:59:20.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Potao"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4380-ecf8-4902-a121-4e70950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:04.000Z" ,
"modified" : "2015-08-13T07:13:04.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = '1fe6af3d704d2fc0c7acd58b069a31eec866668ec6e25f52354e6e61266db8db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4381-f09c-4e0c-853c-4dbb950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:05.000Z" ,
"modified" : "2015-08-13T07:13:05.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = '85b0e3264820008a30f17ca19332fa19']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4381-9e48-479f-bb2f-4839950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:05.000Z" ,
"modified" : "2015-08-13T07:13:05.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = '2ff0941fe3514abc12484ad2853d22fd7cb36469a313b5ecb6ef0c6391cf78ab']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4381-2ea0-4f9d-acf0-4630950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:05.000Z" ,
"modified" : "2015-08-13T07:13:05.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = 'ac854a3c91d52bfc09605506e76975ae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4381-10ec-4b85-9df2-4319950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:05.000Z" ,
"modified" : "2015-08-13T07:13:05.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = '54a76f5cd5a32ed7d5fa78e5d8311bafc0de57a475bc2fddc23ee4b3510b9d44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4381-0b00-4892-a1a5-4c5f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:05.000Z" ,
"modified" : "2015-08-13T07:13:05.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = '3b7d88a069631111d5585b1b10cccc86']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4382-ae8c-4990-9735-4a7b950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:06.000Z" ,
"modified" : "2015-08-13T07:13:06.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = '76c7c67274cf5384615a120e69be3af64cc31d9c4f05ff2031120612443c8360']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4382-a56c-4101-9456-49bb950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:06.000Z" ,
"modified" : "2015-08-13T07:13:06.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = 'd1658b792dd1569abc27966083f59d44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4382-e4ec-4fcf-8be6-4778950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:06.000Z" ,
"modified" : "2015-08-13T07:13:06.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = '244c181eb442fefcf1e1daf900896bee6569481c0e885e3c63efeef86cd64c55']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4382-5e8c-4ef5-9ea9-43c0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:06.000Z" ,
"modified" : "2015-08-13T07:13:06.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = '0c7183d761f15772b7e9c788be601d29']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4382-ca24-4c60-9da7-4df6950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:06.000Z" ,
"modified" : "2015-08-13T07:13:06.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = '887a721254486263f1f3f25f3c677da62ef5c062c3afa7ef70c895bc8b17b424']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4383-9648-40fe-add0-4169950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:07.000Z" ,
"modified" : "2015-08-13T07:13:07.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = 'a35e48909a49334a7ebb5448a78dcff9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4383-a6ec-4de4-8eb8-4e6a950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:07.000Z" ,
"modified" : "2015-08-13T07:13:07.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = '945c594aee1b5bd0f3a72abe8f5a3df74fc6ca686887db5e40fe859e3fc90bb1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4383-7c94-4236-9b45-4387950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:07.000Z" ,
"modified" : "2015-08-13T07:13:07.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = '502f35002b1a95f1ae135baff6cff836']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4383-0da8-421f-87d4-4a97950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:07.000Z" ,
"modified" : "2015-08-13T07:13:07.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = 'ab8d308fd59a8db8a130fcfdb6db56c4f7717877c465be98f71284bdfccdfa25']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4383-da48-43fa-b6c1-4838950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:07.000Z" ,
"modified" : "2015-08-13T07:13:07.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = 'a446ced5db1de877cf78f77741e2a804']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4383-4bbc-46ba-b3ee-4389950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:07.000Z" ,
"modified" : "2015-08-13T07:13:07.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = 'b22a614a291111398657cf8d1fa64fa50ed9c66c66a0b09d08c53972c6536766']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4384-3004-4378-9b88-417c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:08.000Z" ,
"modified" : "2015-08-13T07:13:08.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = 'd939a05e1e3c9d7b6127d503c025dbc4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4384-c2ac-4b2e-b928-4f44950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:08.000Z" ,
"modified" : "2015-08-13T07:13:08.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.SHA256 = 'fcfdcbdd60f105af1362cfeb3decbbbbe09d5fc82bde6ee8dfd846b2b844f972']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4384-6af8-41f9-a7ef-4b57950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:08.000Z" ,
"modified" : "2015-08-13T07:13:08.000Z" ,
"description" : "1stVersion" ,
"pattern" : "[file:hashes.MD5 = '14634d446471b9e2f55158d9ac09d0b2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc439a-beb4-4229-8fb7-4eb1950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:30.000Z" ,
"modified" : "2015-08-13T07:13:30.000Z" ,
"description" : "DebugVersion" ,
"pattern" : "[file:hashes.SHA256 = '910f55e1c4e75696405e158e40b55238d767730c60119539b644ef3e6bc32a5d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc439a-a728-44a5-95f5-4a08950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:30.000Z" ,
"modified" : "2015-08-13T07:13:30.000Z" ,
"description" : "DebugVersion" ,
"pattern" : "[file:hashes.MD5 = '7263a328f0d47c76b4e103546b648484']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc439a-5360-4ba5-a0c9-43ac950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:30.000Z" ,
"modified" : "2015-08-13T07:13:30.000Z" ,
"description" : "DebugVersion" ,
"pattern" : "[file:hashes.SHA256 = 'c821cb34c86ec259af37c389a8f6cd635d98753576c675882c9896025a1abc53']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc439a-48b0-4e83-a687-4861950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:30.000Z" ,
"modified" : "2015-08-13T07:13:30.000Z" ,
"description" : "DebugVersion" ,
"pattern" : "[file:hashes.MD5 = 'bdc9255df5385f534fea83b497c371c8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc439b-7588-4cfe-9cd4-4b2e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:31.000Z" ,
"modified" : "2015-08-13T07:13:31.000Z" ,
"description" : "DebugVersion" ,
"pattern" : "[file:hashes.SHA256 = 'f845778c3f2e3272145621776a90f662ee9344e3ae550c76f65fd954e7277d19']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc439b-f48c-43ca-904c-4c17950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:31.000Z" ,
"modified" : "2015-08-13T07:13:31.000Z" ,
"description" : "DebugVersion" ,
"pattern" : "[file:hashes.MD5 = '5199fcd031987834ed3121fb316f4970']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ab-7174-47ab-9e9d-444e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:47.000Z" ,
"modified" : "2015-08-13T07:13:47.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.SHA256 = '4dcf14c41b31f8accf9683917bfc9159b9178d6fe36227195fabc232909452af']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ab-9804-47c4-91c2-40ab950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:47.000Z" ,
"modified" : "2015-08-13T07:13:47.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.MD5 = '65f494580c95e10541d1f377c0a7bd49']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ab-bb8c-4ea1-9165-415e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:47.000Z" ,
"modified" : "2015-08-13T07:13:47.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.SHA256 = '8bc189dee0a71b3a8a1767e95cc726e13808ed7d2e9546a9d6b6843cea5eb3bd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ab-a04c-4055-9562-4eeb950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:47.000Z" ,
"modified" : "2015-08-13T07:13:47.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.MD5 = 'a4b0615cb639607e6905437dd900c059']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ab-6440-4db5-b619-41b0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:47.000Z" ,
"modified" : "2015-08-13T07:13:47.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.SHA256 = '048621ecf8f25133b2b09d512bb0fe15fc274ec7cb2ccc966aeb44d7a88beb5b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ac-2624-4157-a4fe-45ff950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:48.000Z" ,
"modified" : "2015-08-13T07:13:48.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.MD5 = '07e99b2f572b84af5c4504c23f1653bb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ac-1fd4-4376-8a4d-427e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:48.000Z" ,
"modified" : "2015-08-13T07:13:48.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.SHA256 = 'aa23a93d2fed81daacb93ea7ad633426e04fcd063ff2ea6c0af5649c6cfa0385']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ac-13bc-42e8-b578-4284950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:48.000Z" ,
"modified" : "2015-08-13T07:13:48.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.MD5 = '1927a80cd45f0d27b1ae034c11ddedb0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ac-7e1c-4cd2-9322-41a5950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:48.000Z" ,
"modified" : "2015-08-13T07:13:48.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.SHA256 = 'c66955f667e9045ea5591ebf9b59246ad86227f174ea817d1398815a292b8c88']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ac-0c84-4ecd-ad39-4195950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:48.000Z" ,
"modified" : "2015-08-13T07:13:48.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.MD5 = '579ad4a596602a10b7cf4659b6b6909d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ac-d5d8-494d-8ccc-4a09950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:48.000Z" ,
"modified" : "2015-08-13T07:13:48.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.SHA256 = 'd6f126ab387f1d856672c730991573385c5746c7c84738ab97b13c897063ff4a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ad-2754-451e-9138-490a950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:13:49.000Z" ,
"modified" : "2015-08-13T07:13:49.000Z" ,
"description" : "Droppersfrompostalsites" ,
"pattern" : "[file:hashes.MD5 = 'e64eb8b571f655b744c9154d8032caef']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:13:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43b9-8fa0-4819-9847-43f9950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:01.000Z" ,
"modified" : "2015-08-13T07:14:01.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.SHA256 = '61dd8b60ac35e91771d9ed4f337cd63e0aa6d0a0c5a17bb28cac59b3c21c24a9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43b9-bb30-4e01-b7ed-4f46950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:01.000Z" ,
"modified" : "2015-08-13T07:14:01.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.MD5 = 'd755e52ba5658a639c778c22d1a906a3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43b9-02b4-4b39-b592-4df7950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:01.000Z" ,
"modified" : "2015-08-13T07:14:01.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.SHA256 = '4328b06093a4ad01f828dc837053cb058fe00f3a7fd5cfb9d1ff7feb7ebb8e32']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ba-c268-4f57-8b30-4989950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:02.000Z" ,
"modified" : "2015-08-13T07:14:02.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.MD5 = 'b4d909077aa25f31386722e716a5305c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ba-3be0-49f8-a97f-4c3a950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:02.000Z" ,
"modified" : "2015-08-13T07:14:02.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.SHA256 = '15760f0979f2ba1b4d991f19e8b59fc1e61632fcc88755a4d147c0f5d47965c5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ba-9510-4e9e-8ffd-4350950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:02.000Z" ,
"modified" : "2015-08-13T07:14:02.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.MD5 = 'fc4b285088413127b6d827656b9d0481']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ba-4dec-4821-afef-488b950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:02.000Z" ,
"modified" : "2015-08-13T07:14:02.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.SHA256 = 'b9c285f485421177e616a148410ddc5b02e43f0af375d3141b7e829f7d487bfd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43ba-5118-49d2-b472-49fb950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:02.000Z" ,
"modified" : "2015-08-13T07:14:02.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.MD5 = '73e7ee83133a175b815059f1af79ab1b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43bb-b570-4cd4-85e5-4310950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:03.000Z" ,
"modified" : "2015-08-13T07:14:03.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.SHA256 = 'cf3b0d8e9a7d0ad32351ade0c52de583b5ca2f72e5af4adbf638c81f4ad8fbcb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43bb-f224-44a1-9e10-48b2950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:03.000Z" ,
"modified" : "2015-08-13T07:14:03.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.MD5 = 'eebbcb1ed5f5606aec296168dee39166']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43bb-9db4-40b3-b2cb-42c2950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:03.000Z" ,
"modified" : "2015-08-13T07:14:03.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.SHA256 = 'dbc1b98b1df1d9c2dc8a5635682ed44a91df6359264ed63370724afa9f19c7ee']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43bb-932c-4bdc-8b64-4ddf950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:03.000Z" ,
"modified" : "2015-08-13T07:14:03.000Z" ,
"description" : "Dropperswdecoy" ,
"pattern" : "[file:hashes.MD5 = '5a24a7370f35dbdbb81adf52e769a442']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c7-33f0-4d8d-bd4e-4e8d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:15.000Z" ,
"modified" : "2015-08-13T07:14:15.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.SHA256 = '4c01ffcc90e6271374b34b252fefb5d6fffda29f6ad645a879a159f78e095979']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c7-aecc-4bfe-b3dc-47bf950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:15.000Z" ,
"modified" : "2015-08-13T07:14:15.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.MD5 = 'b64dbe5817b24d17a0404e9b2606ad96']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c7-e810-41e2-a535-4475950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:15.000Z" ,
"modified" : "2015-08-13T07:14:15.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.SHA256 = '5de8c04a77e37dc1860da490453085506f8aa378fbc7d811128694d8581b89ba']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c7-4824-40f8-9cd5-4226950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:15.000Z" ,
"modified" : "2015-08-13T07:14:15.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.MD5 = '7ca6101c2ae4838fbbd7ceb0b2354e43']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c7-57f4-46fd-90f0-4622950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:15.000Z" ,
"modified" : "2015-08-13T07:14:15.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.SHA256 = '73aae05fab96290cabbe4b0ec561d2f6d79da71834509c4b1f4b9ae714159b42']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c7-9920-4f2c-b1db-442b950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:15.000Z" ,
"modified" : "2015-08-13T07:14:15.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.MD5 = 'f64704ed25f4c728af996eee3ee85411']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c8-8138-4d1c-8c9b-4990950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:16.000Z" ,
"modified" : "2015-08-13T07:14:16.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.SHA256 = 'c7212d249b5eb7e2cea948a173ce96e1d2b8c44dcc2bb1d101dce64bb3f5becc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc43c8-85fc-4e29-a529-4b99950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:14:16.000Z" ,
"modified" : "2015-08-13T07:14:16.000Z" ,
"description" : "FakeTrueCryptextractedexe" ,
"pattern" : "[file:hashes.MD5 = 'c1f715ff0afc78af81d215d485cc235c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:14:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443a-6fb8-48bc-bce3-4323950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:10.000Z" ,
"modified" : "2015-08-13T07:16:10.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.SHA256 = '42028874fae37ad9dc89eb37149ecb1e6439869918309a07f056924c1b981def']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443b-7ec4-4260-8f3a-4d4d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:11.000Z" ,
"modified" : "2015-08-13T07:16:11.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.MD5 = 'f34b77f7b2233ee6f727d59fb28f438a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443b-7f34-4021-bd73-4e75950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:11.000Z" ,
"modified" : "2015-08-13T07:16:11.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.SHA256 = 'a3a43bbc69e24c0bc3ab06fbf3ccc35cf8687e2862f86fb0d269258b68c710c9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443b-20b0-4ced-9599-4119950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:11.000Z" ,
"modified" : "2015-08-13T07:16:11.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.MD5 = 'babd17701cbe876149dc07e68ec7ca4f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443b-5d94-4fbb-a65e-4422950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:11.000Z" ,
"modified" : "2015-08-13T07:16:11.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.SHA256 = 'b8844e5b72971fe67d2905e77ddaa3366ae1c3bead92be6effd58691bc1ff8ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443b-c8a8-4b72-ab03-46b1950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:11.000Z" ,
"modified" : "2015-08-13T07:16:11.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.MD5 = 'cfc8901fe6a9a8299087bfc73ae8909e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443c-cc0c-4efa-844d-4424950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:12.000Z" ,
"modified" : "2015-08-13T07:16:12.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.SHA256 = 'fe3547f0e052c71f872bf09cdc1654137ee68f878fc6d5a78df16a13e6de1768']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc443c-c0b4-485c-83a1-49af950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:12.000Z" ,
"modified" : "2015-08-13T07:16:12.000Z" ,
"description" : "FakeTrueCryptSetup" ,
"pattern" : "[file:hashes.MD5 = '83f3ec97a95595ebe40a75e94c98a7bd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4448-0d00-4f5c-93b7-4853950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:24.000Z" ,
"modified" : "2015-08-13T07:16:24.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = '2de76a3c07344ce322151dbb42febdff97ade8176466a3af07e5280bd859a186']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4448-3910-421f-b657-44e0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:24.000Z" ,
"modified" : "2015-08-13T07:16:24.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '38e708fea8016520cb25d3cb933f2244']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4448-d268-4a20-ac25-448f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:24.000Z" ,
"modified" : "2015-08-13T07:16:24.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = '4e88b8b121d768c611fe16ae1f008502b2191edc6f2ee84fef7b12b4d86fe000']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4448-4c9c-4693-82a6-4955950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:24.000Z" ,
"modified" : "2015-08-13T07:16:24.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '360df4c2f2b99052c07e08edbe15ab2c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4449-822c-4231-89e2-447c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:25.000Z" ,
"modified" : "2015-08-13T07:16:25.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = '29dfc81b400a1400782623c618cb1d507f5d17bb13de44f123a333093648048f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4449-1d04-463a-a7e9-438e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:25.000Z" ,
"modified" : "2015-08-13T07:16:25.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '89a3ea3967745e04199ebf222494452e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4449-0084-4e73-ad0c-4315950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:25.000Z" ,
"modified" : "2015-08-13T07:16:25.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = '97afe4b12a9fed40ad20ab191ba0a577f5a46cbfb307e118a7ae69d04adc2e2d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4449-b0c8-42b2-818a-43a8950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:25.000Z" ,
"modified" : "2015-08-13T07:16:25.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '6ba88e8e74b12c914483c026ae92eb42']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4449-acb8-4f3b-8f7e-48b1950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:25.000Z" ,
"modified" : "2015-08-13T07:16:25.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = '793a8ce811f423dfde47a5f44ae50e19e7e41ad055e56c7345927eac951e966b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444a-ab1c-4133-9777-484e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:26.000Z" ,
"modified" : "2015-08-13T07:16:26.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '043f99a875424ca0023a21739dba51ef']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444a-1144-4208-a45a-4972950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:26.000Z" ,
"modified" : "2015-08-13T07:16:26.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = '904bb2efe661f654425e691b7748556e558a636d4f25c43af9d2d4dfbe83262e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444a-727c-4601-be66-4e67950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:26.000Z" ,
"modified" : "2015-08-13T07:16:26.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '02d438df779affddaf02ca995c60cecb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444a-cf04-4328-a0e7-42a8950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:26.000Z" ,
"modified" : "2015-08-13T07:16:26.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = 'b62589ee5ba94d15edcf8613e3d57255dd7a12fce6d2dbd660fd7281ce6234f4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444a-d570-4e02-952d-4a80950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:26.000Z" ,
"modified" : "2015-08-13T07:16:26.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '11b4e7ea6bae19a29343ae3ff3fb00ca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444b-6954-4fe0-88c1-4207950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:27.000Z" ,
"modified" : "2015-08-13T07:16:27.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = 'd2c11706736fda2b178ac388206472fd8d050e0f13568c84b37683423acd155d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444b-e9d4-47b5-8a95-4f10950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:27.000Z" ,
"modified" : "2015-08-13T07:16:27.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '27d74523b182ae630c4e5236897e11f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444b-abe4-498c-881a-4e43950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:27.000Z" ,
"modified" : "2015-08-13T07:16:27.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.SHA256 = 'f1f61a0f9488be3925665f8063006f90fab1bf0bd0b6ff5f7799f8995ff8960e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc444b-6338-4ded-99a6-4f54950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:27.000Z" ,
"modified" : "2015-08-13T07:16:27.000Z" ,
"description" : "OtherDroppers" ,
"pattern" : "[file:hashes.MD5 = '1ab8d45656e245aca4e59aa0519f6ba0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445b-3d2c-4d88-bdb8-41ad950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:43.000Z" ,
"modified" : "2015-08-13T07:16:43.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '1acae7c11fb559b81df5fc6d0df0fe502e87f674ca9f4aefc2d7d8f828ba7f5c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445b-4798-45f7-82fc-4c7d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:43.000Z" ,
"modified" : "2015-08-13T07:16:43.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '76dda7ca15323fd658054e0550149b7b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445b-dc5c-4515-84a6-4a59950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:43.000Z" ,
"modified" : "2015-08-13T07:16:43.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '3d78f52fa0c08d8bf3d42074bf76ee56aa233fb9a6bc76119998d085d94368ca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445b-1548-4fe1-9997-49c0950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:43.000Z" ,
"modified" : "2015-08-13T07:16:43.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'ca1a3618088f91b8fb2a30c9a9aa4aca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445c-c2dc-4bce-8dc3-46f5950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:44.000Z" ,
"modified" : "2015-08-13T07:16:44.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '7d15bd854c1dfef847cdd3caabdf4ab81f2410ee5c7f91d377cc72eb81135ff4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445c-e6f8-4f9e-813a-4587950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:44.000Z" ,
"modified" : "2015-08-13T07:16:44.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'a2bb01b764491dd61fa3a7ba5afc709c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445c-9d00-4fa7-93c8-422d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:44.000Z" ,
"modified" : "2015-08-13T07:16:44.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '09c04206b57bb8582faffb37e4ebb6867a02492ffc08268bcbc717708d1a8919']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445c-0a7c-4ff7-85c9-4807950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:44.000Z" ,
"modified" : "2015-08-13T07:16:44.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'a59053cc3f66e72540634eb7895824ac']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445c-57b8-4f00-b278-4046950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:44.000Z" ,
"modified" : "2015-08-13T07:16:44.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '12bb18fa9a12cb89dea3733b342940b80cd453886390079cb4c2ffcd664baeda']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445d-9608-47f5-aef9-47ed950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:45.000Z" ,
"modified" : "2015-08-13T07:16:45.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '2bd0d2b5ee4e93717ea71445b102e38e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445d-85f4-4e02-b8d4-4777950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:45.000Z" ,
"modified" : "2015-08-13T07:16:45.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '34e6fb074284e58ca80961feda4fe651d6d658077914a528a4a6efa91ecc749d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445d-d78c-449b-accb-4f0f950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:45.000Z" ,
"modified" : "2015-08-13T07:16:45.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '057028e46ea797834da401e4db7c860a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445d-166c-439e-90af-4b19950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:45.000Z" ,
"modified" : "2015-08-13T07:16:45.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '90b20b1687909c2f76f750ba3fd4b14731ce736c08c3a8608d28eae3f4cd68f3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445d-e864-45cf-b346-4ad3950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:45.000Z" ,
"modified" : "2015-08-13T07:16:45.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '514423670de210f13092d6cb8916748e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445e-151c-4505-ae5f-4b85950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:46.000Z" ,
"modified" : "2015-08-13T07:16:46.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '93accb71bf4e776955756c76990298decfebe4b1dd9fbf9d368e81dc1cb9532d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445e-900c-408f-b84f-426c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:46.000Z" ,
"modified" : "2015-08-13T07:16:46.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'abb9f4fab64dd7a03574abdd1076b5ea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445e-ac3c-49c6-a91b-4af9950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:46.000Z" ,
"modified" : "2015-08-13T07:16:46.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '99a09ad92cc1a2564f3051057383cb6268893bc4a62903eabf3538c6bfb3aa9c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445e-96d8-4d60-b4d5-49c5950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:46.000Z" ,
"modified" : "2015-08-13T07:16:46.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '542b00f903f945ad3a9291cb0af73446']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445e-0e88-4c2e-bec9-468c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:46.000Z" ,
"modified" : "2015-08-13T07:16:46.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '339a5199e6d0b5f781b08b2ca0ad0495e75e52b8e2fd69e1d970388fbca7a0d6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445f-5158-49a0-b7c5-4e5c950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:47.000Z" ,
"modified" : "2015-08-13T07:16:47.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'a427ff7abb17af6cf5fb70c49e9bf4e1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445f-dab0-4866-8658-4a32950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:47.000Z" ,
"modified" : "2015-08-13T07:16:47.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '340b09d661a6ac45af53c348a5c1846ad6323d34311e66454e46c1d38d53af8b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445f-dd48-44c8-9a6b-4512950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:47.000Z" ,
"modified" : "2015-08-13T07:16:47.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '2646f7159e1723f089d63e08c8bfaffb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445f-facc-493c-8330-4b00950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:47.000Z" ,
"modified" : "2015-08-13T07:16:47.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '461dd5a58ffcad9fffba9181e234f2e0149c8b8ba28c7ea53753c74fdfa0b0d5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445f-484c-4d3f-a776-4745950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:47.000Z" ,
"modified" : "2015-08-13T07:16:47.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '609abb2a86c324bbb9ba1e253595e573']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc445f-7bfc-450d-ab81-488d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:47.000Z" ,
"modified" : "2015-08-13T07:16:47.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '4688afcc161603bfa1c997b6d71b9618be96f9ff980e5486c451b1cc2c5076cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4460-2d84-45f2-9b79-4057950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:48.000Z" ,
"modified" : "2015-08-13T07:16:48.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'ae552fc43f1ba8684655d8bf8c6af869']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4460-1c18-4cd8-9ca7-4984950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:48.000Z" ,
"modified" : "2015-08-13T07:16:48.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '7492e84a30e890ebe3ca5140ad547965cc8c43f0a02f66be153b038a73ee5314']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4460-2778-43fd-b47f-43d7950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:48.000Z" ,
"modified" : "2015-08-13T07:16:48.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '1234bf4f0f5debc800d85c1bd2255671']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4460-6cb0-4c1f-9d57-4c0b950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:48.000Z" ,
"modified" : "2015-08-13T07:16:48.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '61862a55dcf8212ce9dd4a8f0c92447a6c7093681c592eb937a247e38c8109d4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4460-4270-4f04-b3ab-434b950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:48.000Z" ,
"modified" : "2015-08-13T07:16:48.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'e685ea8b37f707f3706d7281b8f6816a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4461-2e20-49c2-b5ac-4e44950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:49.000Z" ,
"modified" : "2015-08-13T07:16:49.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = '95631685006ac92b7eb0755274e2a36a3c9058cf462dd46f9f4f66e8d67b9db2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4461-a388-464c-926a-428e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:49.000Z" ,
"modified" : "2015-08-13T07:16:49.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '9179f4683ece450c1ac7a819b32bdb6d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4461-1800-46f6-abf7-4a7d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:49.000Z" ,
"modified" : "2015-08-13T07:16:49.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = 'b8b02cc57e45bcf500b433806e6a4f8af7f0ac0c5fc9adfd11820eebf4eb5d79']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4461-9bf4-4aef-b26a-4026950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:49.000Z" ,
"modified" : "2015-08-13T07:16:49.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = 'cdc60eb93b594fb5e7e5895e2b441240']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4461-694c-4061-bc26-47a9950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:49.000Z" ,
"modified" : "2015-08-13T07:16:49.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = 'e57eb9f7fdf3f0e90b1755d947f1fe7bb65e67308f1f4a8c25bc2946512934b7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4462-9588-464d-ac91-49a3950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:50.000Z" ,
"modified" : "2015-08-13T07:16:50.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '39b67cc6dae5214328022c44f28ced8b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4462-7df0-4c13-8c81-424d950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:50.000Z" ,
"modified" : "2015-08-13T07:16:50.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = 'e3892d2d9f87ea848477529458d025898b24a6802eb4df13e96b0314334635d0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4462-7100-49c1-8e23-416b950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:50.000Z" ,
"modified" : "2015-08-13T07:16:50.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '3813b848162261cc5982dd64c741b450']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4462-c640-4e8e-b471-4641950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:50.000Z" ,
"modified" : "2015-08-13T07:16:50.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.SHA256 = 'f1d7e36af4c30bf3d680c87bbc4430de282d00323bf8ae9e17b04862af286736']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55cc4462-7794-4fdb-82b1-472e950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-13T07:16:50.000Z" ,
"modified" : "2015-08-13T07:16:50.000Z" ,
"description" : "USBSpreaders" ,
"pattern" : "[file:hashes.MD5 = '35724e234f6258e601257fb219db9079']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2015-08-13T07:16:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--55e200f3-9ea8-4758-a9b4-4f4a950d210b" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2015-08-29T18:58:59.000Z" ,
"modified" : "2015-08-29T18:58:59.000Z" ,
"pattern" : "[// Operation Potao yara rules\r\n// For feedback or questions contact us at: github@eset.com\r\n// https://github.com/eset/malware-ioc/\r\n//\r\n// These yara rules are provided to the community under the two-clause BSD\r\n// license as follows:\r\n//\r\n// Copyright (c) 2015, ESET\r\n// All rights reserved.\r\n//\r\n// Redistribution and use in source and binary forms, with or without\r\n// modification, are permitted provided that the following conditions are met:\r\n//\r\n// 1. Redistributions of source code must retain the above copyright notice, this\r\n// list of conditions and the following disclaimer.\r\n//\r\n// 2. Redistributions in binary form must reproduce the above copyright notice,\r\n// this list of conditions and the following disclaimer in the documentation\r\n// and/or other materials provided with the distribution.\r\n//\r\n// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\r\n// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\r\n// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\r\n// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\r\n// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\r\n// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\r\n// SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\r\n// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\r\n// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\r\n// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\r\n//\r\nprivate rule PotaoDecoy\r\n{\r\n strings:\r\n $mz = { 4d 5a }\r\n $str1 = \"eroqw11\"\r\n $str2 = \"2sfsdf\"\r\n $str3 = \"RtlDecompressBuffer\"\r\n $wiki_str = \"spanned more than 100 years and ruined three consecutive\" wide\r\n\r\n $old_ver1 = {53 68 65 6C 6C 33 32 2E 64 6C 6C 00 64 61 66 73 72 00 00 00 64 61 66 73 72 00 00 00 64 6F 63 (00 | 78)}\r\n $old_ver2 = {6F 70 65 6E 00 00 00 00 64 6F 63 00 64 61 66 73 72 00 00 00 53 68 65 6C 6C 33 32 2E 64 6C 6C 00} \r\n condition:\r\n ($mz at 0) and ( (all of ($str*)) or any of ($old_ver*) or $wiki_str )\r\n}\r\nprivate rule PotaoDll\r\n{\r\n strings:\r\n $mz = { 4d 5a }\r\n \r\n $dllstr1 = \"?AVCncBuffer@@\"\r\n $dllstr2 = \"?AVCncRequest@@\"\r\n $dllstr3 = \"Petrozavodskaya, 11, 9\"\r\n $dllstr4 = \"_Scan@0\"\r\n $dllstr5 = \"\\x00/sync/document/\"\r\n $dllstr6 = \"\\\\temp.temp\"\r\n \r\n $dllname1 = \"node69MainModule.dll\"\r\n $dllname2 = \"node69-main.dll\"\r\n $dllname3 = \"node69MainModuleD.dll\"\r\n $dllname4 = \"task-diskscanner.dll\"\r\n $dllname5 = \"\\x00Screen.dll\"\r\n $dllname6 = \"Poker2.dll\" \r\n $dllname7 = \"PasswordStealer.dll\"\r\n $dllname8 = \"KeyLog2Runner.dll\" \r\n $dllname9 = \"GetAllSystemInfo.dll\" \r\n $dllname10 = \"FilePathStealer.dll\" \ r \ n c o n d i t i o n : \ r \ n ( $ m z a t 0 ) a n d ( a n y o f ( $ d l l s t r * ) a n d a n y o f ( $ d l l n a m e * ) ) \ r \ n } \ r \ n p r i v a t e r u l e P o t a o U S B \ r \ n { \ r \ n s t r i n g s : \ r \ n $ m z = { 4 d 5 a } \ r \ n \ r \ n $ b i n a r y 1 = { 3 3 C 0 8 B C 8 8 3 E 1 0 3 B A ? ? ? ? ? ? 0 0 2 B D 1 8 A 0 A 3 2 8 8 ? ? ? ? ? ? 0 0 2 A C 8 F E C 9 8 8 8 8 ? ? ? ? ? ? 0 0 4 0 3 D ? ? ? ? 0 0 0 0 7 C D A C 3 } \ r \ n $ b i n a r y 2 = { 5 5 8 B E C 5 1 5 6 C 7 4 5 F C 0 0 0 0 0 0 0 0 E B 0 9 8 B 4 5 F C 8 3 C 0 0 1 8 9 4 5 F C 8 1 7 D F C ? ? ? ? 0 0 0 0 7 D 3 D 8 B 4 D F C 0 F B E 8 9 ? ? ? ? ? ? 0 0 8 B 4 5 F C 3 3 D 2 B E 0 4 0 0 0 0 0 0 F 7 F 6 B 8 0 3 0 0 0 0 0 0 2 B C 2 0 F B E 9 0 ? ? ? ? ? ? 0 0 3 3 C A 2 B 4 D F C 8 3 E 9 0 1 8 1 E 1 F F 0 0 0 0 0 0 8 B 4 5 F C 8 8 8 8 ? ? ? ? ? ? 0 0 E B B 1 5 E 8 B E 5 5 D C 3 } \ r \ n c o n d i t i o n : \ r \ n ( $ m z a t 0 ) a n d a n y o f ( $ b i n a r y * ) \ r \ n } \ r \ n p r i v a t e r u l e P o t a o S e c o n d S t a g e \ r \ n { \ r \ n s t r i n g s : \ r \ n $ m z = { 4 d 5 a } \ r \ n // hash of CryptBinaryToStringA and CryptStringToBinaryA\r\n $binary1 = {51 7A BB 85 [10-180] E8 47 D2 A8}\r\n
"pattern_type" : "yara" ,
2023-12-14 14:30:15 +00:00
"pattern_version" : "2.1" ,
2023-04-21 14:44:17 +00:00
"valid_from" : "2015-08-29T18:58:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e90-fc44-4264-9e4e-45ab950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:16.000Z" ,
"modified" : "2016-02-19T04:48:16.000Z" ,
"description" : "Automatically added (via 85b0e3264820008a30f17ca19332fa19)" ,
"pattern" : "[file:hashes.SHA1 = 'ce7f96b400ed51f7fab465dea26147984f2627bd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e92-852c-45eb-928d-4322950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:18.000Z" ,
"modified" : "2016-02-19T04:48:18.000Z" ,
"description" : "Automatically added (via ac854a3c91d52bfc09605506e76975ae)" ,
"pattern" : "[file:hashes.SHA1 = '52e59cd4c864fbfc9902a144ed5e68c9ded45deb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e93-42b8-4267-9c06-c650950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:19.000Z" ,
"modified" : "2016-02-19T04:48:19.000Z" ,
"description" : "Automatically added (via 3b7d88a069631111d5585b1b10cccc86)" ,
"pattern" : "[file:hashes.SHA1 = '642be4b2a87b47e77814744d154094392e413ab1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e94-0ec4-454d-ba48-4c0d950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:20.000Z" ,
"modified" : "2016-02-19T04:48:20.000Z" ,
"description" : "Automatically added (via d1658b792dd1569abc27966083f59d44)" ,
"pattern" : "[file:hashes.SHA1 = '18ddcd41dccfbbd904347ea75bc9413ff6dc8786']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e95-1d38-4d6b-b371-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:21.000Z" ,
"modified" : "2016-02-19T04:48:21.000Z" ,
"description" : "Automatically added (via 0c7183d761f15772b7e9c788be601d29)" ,
"pattern" : "[file:hashes.SHA1 = 'd88c7c1e465bea7bf7377c08fba3aaf77cbf485f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:21Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e96-41d8-47da-b2fc-59a4950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:22.000Z" ,
"modified" : "2016-02-19T04:48:22.000Z" ,
"description" : "Automatically added (via a35e48909a49334a7ebb5448a78dcff9)" ,
"pattern" : "[file:hashes.SHA1 = '81efb422ed2631c739cc690d0a9a5eaa07897531']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e97-db3c-4443-a8a4-599e950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:23.000Z" ,
"modified" : "2016-02-19T04:48:23.000Z" ,
"description" : "Automatically added (via 502f35002b1a95f1ae135baff6cff836)" ,
"pattern" : "[file:hashes.SHA1 = '5c52996d9f68ba6fd0da4982f238ec1d279a7f9d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:23Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e98-9db8-4d50-ab6f-59a1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:24.000Z" ,
"modified" : "2016-02-19T04:48:24.000Z" ,
"description" : "Automatically added (via a446ced5db1de877cf78f77741e2a804)" ,
"pattern" : "[file:hashes.SHA1 = '8839d3e213717b88a06ffc48827929891a10059e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e99-0660-470d-be5c-4372950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:25.000Z" ,
"modified" : "2016-02-19T04:48:25.000Z" ,
"description" : "Automatically added (via d939a05e1e3c9d7b6127d503c025dbc4)" ,
"pattern" : "[file:hashes.SHA1 = 'eb86615f539e35a8d3e4838949382d09743502bf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e9a-8834-4dc1-be46-59a0950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:26.000Z" ,
"modified" : "2016-02-19T04:48:26.000Z" ,
"description" : "Automatically added (via 14634d446471b9e2f55158d9ac09d0b2)" ,
"pattern" : "[file:hashes.SHA1 = 'e400e1dd983fd94e29345aabc77fadeb3f43c219']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e9b-09f4-4de3-8a0c-599d950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:27.000Z" ,
"modified" : "2016-02-19T04:48:27.000Z" ,
"description" : "Automatically added (via 7263a328f0d47c76b4e103546b648484)" ,
"pattern" : "[file:hashes.SHA1 = 'ba35edc3143ad021bb2490a3eb7b50c06f2ea40b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e9c-0474-4ba3-880d-c653950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:28.000Z" ,
"modified" : "2016-02-19T04:48:28.000Z" ,
"description" : "Automatically added (via bdc9255df5385f534fea83b497c371c8)" ,
"pattern" : "[file:hashes.SHA1 = '73a4a6864ef68c810c7c699ed51b759cf1c4adfb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e9e-2a04-420a-b94d-59a3950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:30.000Z" ,
"modified" : "2016-02-19T04:48:30.000Z" ,
"description" : "Automatically added (via 5199fcd031987834ed3121fb316f4970)" ,
"pattern" : "[file:hashes.SHA1 = '9d584de2cce6b654e62573938c2c824d7cc7d0eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:30Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69e9f-23a4-4342-9ac1-445c950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:31.000Z" ,
"modified" : "2016-02-19T04:48:31.000Z" ,
"description" : "Automatically added (via 65f494580c95e10541d1f377c0a7bd49)" ,
"pattern" : "[file:hashes.SHA1 = 'cc9bdbe37cbaf0cc634076950fd32d9a377de650']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea0-eb30-4319-8242-c654950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:32.000Z" ,
"modified" : "2016-02-19T04:48:32.000Z" ,
"description" : "Automatically added (via a4b0615cb639607e6905437dd900c059)" ,
"pattern" : "[file:hashes.SHA1 = 'a4d685fca8afe9885db75282516006f5bc56c098']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea2-6bb8-461d-a4e4-599d950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:34.000Z" ,
"modified" : "2016-02-19T04:48:34.000Z" ,
"description" : "Automatically added (via 07e99b2f572b84af5c4504c23f1653bb)" ,
"pattern" : "[file:hashes.SHA1 = '0ae4e6e6fa1b1f8161a74525d4cb5a1808abfaf4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea3-5468-48a7-a99d-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:35.000Z" ,
"modified" : "2016-02-19T04:48:35.000Z" ,
"description" : "Automatically added (via 1927a80cd45f0d27b1ae034c11ddedb0)" ,
"pattern" : "[file:hashes.SHA1 = '94bbf39fff09b3a62a583c7d45a00b2492102dd7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:35Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea4-c028-4060-bf72-59a4950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:36.000Z" ,
"modified" : "2016-02-19T04:48:36.000Z" ,
"description" : "Automatically added (via 579ad4a596602a10b7cf4659b6b6909d)" ,
"pattern" : "[file:hashes.SHA1 = 'ec0563cde3ffaff424b97d7eb692847132344127']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea5-58cc-47f2-918d-59a1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:37.000Z" ,
"modified" : "2016-02-19T04:48:37.000Z" ,
"description" : "Automatically added (via e64eb8b571f655b744c9154d8032caef)" ,
"pattern" : "[file:hashes.SHA1 = 'f347da9aad52b717641ad3dd96925ab634ceb572']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea6-85f0-47b6-ada2-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:38.000Z" ,
"modified" : "2016-02-19T04:48:38.000Z" ,
"description" : "Automatically added (via d755e52ba5658a639c778c22d1a906a3)" ,
"pattern" : "[file:hashes.SHA1 = '9be3800b49e84e0c014852977557f21bcde2a775']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:38Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea8-2418-4718-9ec1-5f51950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:40.000Z" ,
"modified" : "2016-02-19T04:48:40.000Z" ,
"description" : "Automatically added (via b4d909077aa25f31386722e716a5305c)" ,
"pattern" : "[file:hashes.SHA1 = 'f8bcdad02da2e0223f45f15da4fbab053e73cf6e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ea9-ea30-48e3-aa1d-c654950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:41.000Z" ,
"modified" : "2016-02-19T04:48:41.000Z" ,
"description" : "Automatically added (via fc4b285088413127b6d827656b9d0481)" ,
"pattern" : "[file:hashes.SHA1 = 'fbb399568e0a3b2e461a4eb3268abdf07f3d5764']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eaa-784c-4120-9335-4781950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:42.000Z" ,
"modified" : "2016-02-19T04:48:42.000Z" ,
"description" : "Automatically added (via 73e7ee83133a175b815059f1af79ab1b)" ,
"pattern" : "[file:hashes.SHA1 = '2cdd6aabb71fdb244baa313ebba13f06bcad2612']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eab-cbc4-4482-b2bb-4cfb950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:43.000Z" ,
"modified" : "2016-02-19T04:48:43.000Z" ,
"description" : "Automatically added (via eebbcb1ed5f5606aec296168dee39166)" ,
"pattern" : "[file:hashes.SHA1 = 'bcc5a0ce0bcdfea2fd1d64b5529eac7309488273']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eac-b2f8-4b51-9102-59a0950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:44.000Z" ,
"modified" : "2016-02-19T04:48:44.000Z" ,
"description" : "Automatically added (via 5a24a7370f35dbdbb81adf52e769a442)" ,
"pattern" : "[file:hashes.SHA1 = '4d5e0808a03a75bfe8202e3a6d2920eddbfc7774']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eaf-3998-4378-a183-4a58950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:47.000Z" ,
"modified" : "2016-02-19T04:48:47.000Z" ,
"description" : "Automatically added (via 38e708fea8016520cb25d3cb933f2244)" ,
"pattern" : "[file:hashes.SHA1 = '1b278a1a5e109f32b526660087aea99fb8d89403']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb0-ed34-4b9a-84cf-c652950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:48.000Z" ,
"modified" : "2016-02-19T04:48:48.000Z" ,
"description" : "Automatically added (via 360df4c2f2b99052c07e08edbe15ab2c)" ,
"pattern" : "[file:hashes.SHA1 = '855ca024afba0dc09d336a0896318d5cc47f03a6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb1-82ac-4194-a49b-599c950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:49.000Z" ,
"modified" : "2016-02-19T04:48:49.000Z" ,
"description" : "Automatically added (via 89a3ea3967745e04199ebf222494452e)" ,
"pattern" : "[file:hashes.SHA1 = 'd8837002a04f4c93cc3b857f6a42ced6c9f3b882']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb2-1c80-42c7-a8a9-4dfa950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:50.000Z" ,
"modified" : "2016-02-19T04:48:50.000Z" ,
"description" : "Automatically added (via 6ba88e8e74b12c914483c026ae92eb42)" ,
"pattern" : "[file:hashes.SHA1 = '4332a5ad314616d9319c248d41c7d1a709124db2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb3-077c-425e-bf78-4705950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:51.000Z" ,
"modified" : "2016-02-19T04:48:51.000Z" ,
"description" : "Automatically added (via 043f99a875424ca0023a21739dba51ef)" ,
"pattern" : "[file:hashes.SHA1 = 'ba5ad566a28d7712e0a64899d4675c06139f3ff0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb5-9820-46c4-a661-599d950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:53.000Z" ,
"modified" : "2016-02-19T04:48:53.000Z" ,
"description" : "Automatically added (via 02d438df779affddaf02ca995c60cecb)" ,
"pattern" : "[file:hashes.SHA1 = 'ff6f6dcbedc24d22541013d2273c63b5f0f19fe9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb6-77ec-4a20-ad16-599e950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:54.000Z" ,
"modified" : "2016-02-19T04:48:54.000Z" ,
"description" : "Automatically added (via 11b4e7ea6bae19a29343ae3ff3fb00ca)" ,
"pattern" : "[file:hashes.SHA1 = '12240271e928979ab2347c29b5599d6ac7cd6b8e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb7-545c-40e5-a4e0-59a4950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:55.000Z" ,
"modified" : "2016-02-19T04:48:55.000Z" ,
"description" : "Automatically added (via 27d74523b182ae630c4e5236897e11f3)" ,
"pattern" : "[file:hashes.SHA1 = '76da7b4abc9b711ab1ef87b97c61dd895e508232']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb8-4aa0-42d9-8f21-59a2950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:56.000Z" ,
"modified" : "2016-02-19T04:48:56.000Z" ,
"description" : "Automatically added (via 1ab8d45656e245aca4e59aa0519f6ba0)" ,
"pattern" : "[file:hashes.SHA1 = '5bea9423db6d0500920578c12cb127cbafdd125e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:56Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eb9-7318-4f8e-98b5-c650950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:57.000Z" ,
"modified" : "2016-02-19T04:48:57.000Z" ,
"description" : "Automatically added (via 76dda7ca15323fd658054e0550149b7b)" ,
"pattern" : "[file:hashes.SHA1 = 'bb0500a24853e404ad6ca708813f926b90b38468']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eba-554c-40da-9557-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:48:58.000Z" ,
"modified" : "2016-02-19T04:48:58.000Z" ,
"description" : "Automatically added (via ca1a3618088f91b8fb2a30c9a9aa4aca)" ,
"pattern" : "[file:hashes.SHA1 = 'db966220463db87c2c51c19303b3a20f4577d632']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:48:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ebc-2c7c-4a5a-8b59-c652950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:00.000Z" ,
"modified" : "2016-02-19T04:49:00.000Z" ,
"description" : "Automatically added (via a2bb01b764491dd61fa3a7ba5afc709c)" ,
"pattern" : "[file:hashes.SHA1 = '224a07f002e8dfb3f2b615b3fa71166cf1a61b6d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:00Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ebd-a430-4383-8415-599e950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:01.000Z" ,
"modified" : "2016-02-19T04:49:01.000Z" ,
"description" : "Automatically added (via a59053cc3f66e72540634eb7895824ac)" ,
"pattern" : "[file:hashes.SHA1 = '971a69547c5bc9b711a3bb6f6f2c5e3a46bf7b29']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ebe-03bc-495c-9ad1-42e5950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:02.000Z" ,
"modified" : "2016-02-19T04:49:02.000Z" ,
"description" : "Automatically added (via 2bd0d2b5ee4e93717ea71445b102e38e)" ,
"pattern" : "[file:hashes.SHA1 = '5be1ac1515da2397a7c52a8b1df384dd938fa714']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ebf-43a0-44d4-b602-c650950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:03.000Z" ,
"modified" : "2016-02-19T04:49:03.000Z" ,
"description" : "Automatically added (via 057028e46ea797834da401e4db7c860a)" ,
"pattern" : "[file:hashes.SHA1 = 'bb7a089bae3a4af44fb9b053bb703239e03c036e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec1-b4cc-4e8b-8f28-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:05.000Z" ,
"modified" : "2016-02-19T04:49:05.000Z" ,
"description" : "Automatically added (via 514423670de210f13092d6cb8916748e)" ,
"pattern" : "[file:hashes.SHA1 = '5d4724fba02965916a15a50a6937cdb6ab609fdd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:05Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec2-f910-4ddd-89c0-599d950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:06.000Z" ,
"modified" : "2016-02-19T04:49:06.000Z" ,
"description" : "Automatically added (via abb9f4fab64dd7a03574abdd1076b5ea)" ,
"pattern" : "[file:hashes.SHA1 = 'c1d8be765adcf76e5ccb2cf094191c0fec4bf085']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec3-7914-4ed4-a57f-c653950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:07.000Z" ,
"modified" : "2016-02-19T04:49:07.000Z" ,
"description" : "Automatically added (via 542b00f903f945ad3a9291cb0af73446)" ,
"pattern" : "[file:hashes.SHA1 = '7664c490160858ec8cfc8203f88d354aea1cfe43']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec4-a450-4c2d-80fd-c652950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:08.000Z" ,
"modified" : "2016-02-19T04:49:08.000Z" ,
"description" : "Automatically added (via a427ff7abb17af6cf5fb70c49e9bf4e1)" ,
"pattern" : "[file:hashes.SHA1 = '71a5da3ccb4347fe785c6bfff7b741af80b76091']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:08Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec5-4490-4841-91bd-5f51950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:09.000Z" ,
"modified" : "2016-02-19T04:49:09.000Z" ,
"description" : "Automatically added (via 2646f7159e1723f089d63e08c8bfaffb)" ,
"pattern" : "[file:hashes.SHA1 = '48904399f7726b9adf7f28c07b0599717f741b8b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec6-7d6c-4de6-bf3e-59a1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:10.000Z" ,
"modified" : "2016-02-19T04:49:10.000Z" ,
"description" : "Automatically added (via 609abb2a86c324bbb9ba1e253595e573)" ,
"pattern" : "[file:hashes.SHA1 = '5b30ecfd47988a77556fe6c0c0b950510052c91e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec7-5b6c-48fe-bb28-59a4950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:11.000Z" ,
"modified" : "2016-02-19T04:49:11.000Z" ,
"description" : "Automatically added (via ae552fc43f1ba8684655d8bf8c6af869)" ,
"pattern" : "[file:hashes.SHA1 = 'b80a90b39fba705f86676c5cc3e0deca225d57ff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec8-fd0c-4669-8f1e-491e950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:12.000Z" ,
"modified" : "2016-02-19T04:49:12.000Z" ,
"description" : "Automatically added (via 1234bf4f0f5debc800d85c1bd2255671)" ,
"pattern" : "[file:hashes.SHA1 = '2531f40a1d9e50793d04d245fd6185aaebcc54f4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ec9-a8ac-406a-ac42-c653950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:13.000Z" ,
"modified" : "2016-02-19T04:49:13.000Z" ,
"description" : "Automatically added (via e685ea8b37f707f3706d7281b8f6816a)" ,
"pattern" : "[file:hashes.SHA1 = '56f6ac6197ce9cc774f72df948b414eed576b6c3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:13Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69eca-a14c-40f4-8fd9-59a3950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:14.000Z" ,
"modified" : "2016-02-19T04:49:14.000Z" ,
"description" : "Automatically added (via 9179f4683ece450c1ac7a819b32bdb6d)" ,
"pattern" : "[file:hashes.SHA1 = '791ecf11c04470e9ea881549aebd1dded3e4a5ca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ecb-c15c-49ba-8a25-5ca1950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:15.000Z" ,
"modified" : "2016-02-19T04:49:15.000Z" ,
"description" : "Automatically added (via cdc60eb93b594fb5e7e5895e2b441240)" ,
"pattern" : "[file:hashes.SHA1 = '181e9bca23484156cae005f421629da56b5cc6b5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ecc-f068-4acb-854e-c654950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:16.000Z" ,
"modified" : "2016-02-19T04:49:16.000Z" ,
"description" : "Automatically added (via 39b67cc6dae5214328022c44f28ced8b)" ,
"pattern" : "[file:hashes.SHA1 = 'f6f290a95d68373da813782ef4723e39524d048b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:16Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ece-cbac-43d8-9827-599c950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:18.000Z" ,
"modified" : "2016-02-19T04:49:18.000Z" ,
"description" : "Automatically added (via 3813b848162261cc5982dd64c741b450)" ,
"pattern" : "[file:hashes.SHA1 = '37a3e77bfa6ca1afbd0af7661655815fb1d3da83']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--56c69ecf-f6d0-416b-bdca-c650950d210f" ,
"created_by_ref" : "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f" ,
"created" : "2016-02-19T04:49:19.000Z" ,
"modified" : "2016-02-19T04:49:19.000Z" ,
"description" : "Automatically added (via 35724e234f6258e601257fb219db9079)" ,
"pattern" : "[file:hashes.SHA1 = '850c9f3b14f895aaa97a85ae147f07c9770fb4c7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-02-19T04:49:19Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
]
}