2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--5718c835-f58c-4f8e-8da4-452a950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:40.000Z" ,
"modified" : "2016-04-21T15:04:40.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--5718c835-f58c-4f8e-8da4-452a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:40.000Z" ,
"modified" : "2016-04-21T15:04:40.000Z" ,
"name" : "CryptXXX: New Ransomware From the Actors Behind Reveton, Dropping Via Angler" ,
"published" : "2016-04-21T15:05:28Z" ,
"object_refs" : [
"observed-data--5718c848-2c34-4d55-a27f-47a7950d210f" ,
"url--5718c848-2c34-4d55-a27f-47a7950d210f" ,
"x-misp-attribute--5718c862-de50-4d77-9195-450c950d210f" ,
"indicator--5718c9b2-98dc-4310-8a5d-4dff950d210f" ,
"indicator--5718c9b2-a384-45fa-ba7f-4e32950d210f" ,
"indicator--5718c9b3-b180-4c09-b026-4010950d210f" ,
"indicator--5718c9b3-b1ec-4bde-9de2-4eaa950d210f" ,
"indicator--5718ca39-5404-495b-a24b-45a6950d210f" ,
"indicator--5718ca39-4744-4e5b-afa4-4449950d210f" ,
"indicator--5718ca39-d1d0-4775-b006-4e70950d210f" ,
"indicator--5718ca3a-9598-449b-8fb9-4e4e950d210f" ,
"indicator--5718ca3a-e5a0-4afb-954f-4e39950d210f" ,
"indicator--5718cb52-4df8-47fb-aaaa-4367950d210f" ,
"indicator--5718cb52-77ec-495e-87da-4831950d210f" ,
"indicator--5718cb68-e624-45fd-aa89-4a29950d210f" ,
"indicator--5718cb68-0760-46b9-9987-4596950d210f" ,
"indicator--5718cbde-58c0-40b2-be07-4b82950d210f" ,
"indicator--5718cbde-0fc4-4c28-85a1-46ee950d210f" ,
"indicator--5718cbde-9158-4737-8278-4d3b950d210f" ,
"indicator--5718cbdf-cd08-4ec1-9cc1-4fe5950d210f" ,
"indicator--5718cbdf-bcd0-4e91-8ba0-424f950d210f" ,
"indicator--5718cbfd-0d9c-4f42-ba85-454f950d210f" ,
"indicator--5718cbfe-c5e4-4c77-bfdf-4ec3950d210f" ,
"indicator--5718cbfe-760c-4f40-9ca2-49b8950d210f" ,
"indicator--5718cbfe-5b80-4d79-8a87-479f950d210f" ,
"indicator--5718cbff-9790-406a-aca4-4b5a950d210f" ,
"indicator--5718cbff-bfd4-4f0b-9704-46c0950d210f" ,
"indicator--5718cc81-eda0-46c5-9008-45d6950d210f" ,
"indicator--5718cc82-b3f0-4c5a-b661-4461950d210f" ,
"indicator--5718cc82-8504-4d59-8540-47a1950d210f" ,
"indicator--5718cc82-b7ac-4b18-abfe-4746950d210f" ,
"indicator--5718cc83-2e60-41aa-ba90-43ec950d210f" ,
"indicator--5718cc83-bcbc-4afa-a0b0-47e3950d210f" ,
"indicator--5718cc84-0dc4-4f65-bbaa-4c79950d210f" ,
"indicator--5718cc84-6a50-40aa-853e-465a950d210f" ,
"indicator--5718cc84-3584-49c1-8236-4601950d210f" ,
"indicator--5718cc84-2eac-4ccf-a8c7-4c04950d210f" ,
"indicator--5718ec08-17e8-4e4f-bc91-4dc002de0b81" ,
"observed-data--5718ec09-0a94-4850-95dd-42e402de0b81" ,
"url--5718ec09-0a94-4850-95dd-42e402de0b81" ,
"indicator--5718ec09-9708-4e77-b8e1-444c02de0b81" ,
"observed-data--5718ec09-a8b8-47fa-b41a-481102de0b81" ,
"url--5718ec09-a8b8-47fa-b41a-481102de0b81" ,
"indicator--5718ec0a-a808-4a5b-8dd6-4de802de0b81" ,
"observed-data--5718ec0a-e65c-4944-ba24-415f02de0b81" ,
"url--5718ec0a-e65c-4944-ba24-415f02de0b81" ,
"indicator--5718ec0b-1cfc-449d-8b92-439602de0b81" ,
"observed-data--5718ec0b-2f3c-4ce3-a20e-489e02de0b81" ,
"url--5718ec0b-2f3c-4ce3-a20e-489e02de0b81" ,
"indicator--5718ec0b-991c-4adf-83ad-4f5402de0b81" ,
"observed-data--5718ec0c-9290-4654-8052-441e02de0b81" ,
"url--5718ec0c-9290-4654-8052-441e02de0b81" ,
"indicator--5718ec0c-f468-49fb-9ba3-472f02de0b81" ,
"observed-data--5718ec0c-bff4-422c-ab48-403202de0b81" ,
"url--5718ec0c-bff4-422c-ab48-403202de0b81" ,
"indicator--5718ec0d-4f74-4871-b896-43a102de0b81" ,
"observed-data--5718ec0d-2b70-41f4-87f7-445902de0b81" ,
"url--5718ec0d-2b70-41f4-87f7-445902de0b81" ,
"indicator--5718ec0e-d908-428b-bba4-4c4802de0b81" ,
"observed-data--5718ec0e-22f0-48d2-b7bb-499102de0b81" ,
"url--5718ec0e-22f0-48d2-b7bb-499102de0b81" ,
"indicator--5718ec0e-5244-4e01-814e-401c02de0b81" ,
"observed-data--5718ec0f-30f8-402c-bda5-4aba02de0b81" ,
"url--5718ec0f-30f8-402c-bda5-4aba02de0b81" ,
"indicator--5718ec0f-a46c-4586-9ce8-484902de0b81" ,
"observed-data--5718ec0f-b980-4e86-bc98-468602de0b81" ,
"url--5718ec0f-b980-4e86-bc98-468602de0b81" ,
"indicator--5718ec10-4cf4-44af-9f1d-4e9f02de0b81" ,
"observed-data--5718ec10-c750-4490-958d-427902de0b81" ,
"url--5718ec10-c750-4490-958d-427902de0b81" ,
"indicator--5718ec11-7160-45ce-aa3c-4f8f02de0b81" ,
"observed-data--5718ec11-c674-4178-8bb7-48bb02de0b81" ,
"url--5718ec11-c674-4178-8bb7-48bb02de0b81" ,
"indicator--5718ec11-4c84-4afb-818a-43a402de0b81" ,
"indicator--5718ec12-bb6c-4b99-b685-470b02de0b81" ,
"observed-data--5718ec12-fd54-4b04-8e9f-4e0f02de0b81" ,
"url--5718ec12-fd54-4b04-8e9f-4e0f02de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"type:OSINT" ,
"malware_classification:malware-category=\"Ransomware\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718c848-2c34-4d55-a27f-47a7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:32:08.000Z" ,
"modified" : "2016-04-21T12:32:08.000Z" ,
"first_observed" : "2016-04-21T12:32:08Z" ,
"last_observed" : "2016-04-21T12:32:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718c848-2c34-4d55-a27f-47a7950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718c848-2c34-4d55-a27f-47a7950d210f" ,
"value" : "https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--5718c862-de50-4d77-9195-450c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:32:34.000Z" ,
"modified" : "2016-04-21T12:32:34.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Proofpoint researchers recently found a previously undocumented ransomware spreading since the end of March through Bedep after infection via the Angler Exploit Kit (EK). Combining our findings with intelligence shared by Frank Ruiz (Fox IT InTELL) lead us to the same conclusion: this project is conducted by the same group that was driving Reveton ransomware operations and is closely tied to Angler/Bedep. Dubbed \"CryptXXX\", this new ransomware is currently asking a relatively high $500 per computer to unlock encrypted files. Angler is the number one exploit kit by volume, making the potential impact of new ransomware in the hands of experienced actors with access to this vector quite significant."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718c9b2-98dc-4310-8a5d-4dff950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:38:10.000Z" ,
"modified" : "2016-04-21T12:38:10.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:name = '\\\\%TEMP\\\\%\\\\{C3F31E62-344D-4056-BF01-BF77B94E0254}\\\\api-ms-win-system-softpub-l1-1-0.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:38:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718c9b2-a384-45fa-ba7f-4e32950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:38:10.000Z" ,
"modified" : "2016-04-21T12:38:10.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:name = '\\\\%TEMP\\\\%\\\\{D075E5D0-4442-4108-850E-3AD2874B270C}\\\\api-ms-win-system-provsvc-l1-1-0.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:38:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718c9b3-b180-4c09-b026-4010950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:38:11.000Z" ,
"modified" : "2016-04-21T12:38:11.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:name = '\\\\%TEMP\\\\%\\\\{D4A2C643-5399-4F4F-B9BF-ECB1A25644A6}\\\\api-ms-win-system-wer-l1-1-0.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:38:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718c9b3-b1ec-4bde-9de2-4eaa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:38:11.000Z" ,
"modified" : "2016-04-21T12:38:11.000Z" ,
"description" : "Imported via the freetext import." ,
"pattern" : "[file:name = '\\\\%TEMP\\\\%\\\\{FD68402A-8F8F-4B3D-9808-174323767296}\\\\api-ms-win-system-advpack-l1-1-0.dll']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:38:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload installation"
}
] ,
"labels" : [
"misp:type=\"filename\"" ,
"misp:category=\"Payload installation\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ca39-5404-495b-a24b-45a6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:40:25.000Z" ,
"modified" : "2016-04-21T12:40:25.000Z" ,
"description" : "CryptXXX checkin server" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.0.42.68']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:40:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ca39-4744-4e5b-afa4-4449950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:40:25.000Z" ,
"modified" : "2016-04-21T12:40:25.000Z" ,
"description" : "CryptXXX payment site" ,
"pattern" : "[url:value = 'rp4roxeuhcf2vgft.onion.to']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:40:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ca39-d1d0-4775-b006-4e70950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:40:25.000Z" ,
"modified" : "2016-04-21T12:40:25.000Z" ,
"description" : "CryptXXX payment site" ,
"pattern" : "[url:value = 'rp4roxeuhcf2vgft.onion.cab']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:40:25Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ca3a-9598-449b-8fb9-4e4e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:40:26.000Z" ,
"modified" : "2016-04-21T12:40:26.000Z" ,
"description" : "CryptXXX payment site" ,
"pattern" : "[url:value = 'rp4roxeuhcf2vgft.onion.city']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:40:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"url\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ca3a-e5a0-4afb-954f-4e39950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:40:26.000Z" ,
"modified" : "2016-04-21T12:40:26.000Z" ,
"description" : "Bedep C&C IP" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.193.252.245']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:40:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cb52-4df8-47fb-aaaa-4367950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:45:06.000Z" ,
"modified" : "2016-04-21T12:45:06.000Z" ,
"description" : "Zip archive with most of the mentioned content" ,
"pattern" : "[file:hashes.MD5 = '3776ec795ef3aa649ff48fcf83c87713']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:45:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cb52-77ec-495e-87da-4831950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:45:06.000Z" ,
"modified" : "2016-04-21T12:45:06.000Z" ,
"description" : "Zip archive with most of the mentioned content" ,
"pattern" : "[file:hashes.SHA256 = '41dbbc60b8921709c5eb187cf03e60701e3b172e6deebdb67dd66c8cb3666b90']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:45:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cb68-e624-45fd-aa89-4a29950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:45:28.000Z" ,
"modified" : "2016-04-21T12:45:28.000Z" ,
"description" : "Bedep 1809 first stream dll CryptXXX" ,
"pattern" : "[file:hashes.MD5 = '17697e1829f0d18d2051a67bc2bca134']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:45:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cb68-0760-46b9-9987-4596950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:45:28.000Z" ,
"modified" : "2016-04-21T12:45:28.000Z" ,
"description" : "Bedep 1809 first stream dll CryptXXX" ,
"pattern" : "[file:hashes.SHA256 = 'ab7a58b6e50be6b9bcb926c550ff26669601bbd8bfd922a5b32756e663b25a67']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:45:28Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbde-58c0-40b2-be07-4b82950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:26.000Z" ,
"modified" : "2016-04-21T12:47:26.000Z" ,
"description" : "Bedep 1809 update stream dll1" ,
"pattern" : "[file:hashes.MD5 = 'd4439055d2d63e52ffc23c6d24d89194']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbde-0fc4-4c28-85a1-46ee950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:26.000Z" ,
"modified" : "2016-04-21T12:47:26.000Z" ,
"description" : "Bedep 1809 update stream dll1 || Bedep 1809 update stream exe2 - Dridex 222" ,
"pattern" : "[file:hashes.SHA256 = '1036c84a003378907560356642bb065caef961f9dbc5c3b2a4954d5cbe7100df']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbde-9158-4737-8278-4d3b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:26.000Z" ,
"modified" : "2016-04-21T12:47:26.000Z" ,
"description" : "Bedep 1809 update stream exe2 - Dridex 222" ,
"pattern" : "[file:hashes.MD5 = '3e75e8238a6bbd8817164658696198af']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbdf-cd08-4ec1-9cc1-4fe5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:27.000Z" ,
"modified" : "2016-04-21T12:47:27.000Z" ,
"description" : "Bedep 1809 update stream dll3" ,
"pattern" : "[file:hashes.MD5 = 'de882c049be133a950b6917562bb2313']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbdf-bcd0-4e91-8ba0-424f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:27.000Z" ,
"modified" : "2016-04-21T12:47:27.000Z" ,
"description" : "Bedep 1809 update stream dll3" ,
"pattern" : "[file:hashes.SHA256 = 'e53610a977b65c01b275e37aefad7884368dfe00b50750e35b6c8c87556a2c06']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbfd-0d9c-4f42-ba85-454f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:57.000Z" ,
"modified" : "2016-04-21T12:47:57.000Z" ,
"description" : "CryptXXX" ,
"pattern" : "[file:hashes.MD5 = 'bfb8f7f6cbe24330a310e5c7cbe99ed4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbfe-c5e4-4c77-bfdf-4ec3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:58.000Z" ,
"modified" : "2016-04-21T12:47:58.000Z" ,
"description" : "CryptXXX" ,
"pattern" : "[file:hashes.SHA256 = 'a4e9c151a50595b59e787dd3b361ac53d02dd7f212d6b22639dc01776c886d05']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbfe-760c-4f40-9ca2-49b8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:58.000Z" ,
"modified" : "2016-04-21T12:47:58.000Z" ,
"description" : "CryptXXX" ,
"pattern" : "[file:hashes.MD5 = '0c3431dbb8cd0478250eb4357257880e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbfe-5b80-4d79-8a87-479f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:58.000Z" ,
"modified" : "2016-04-21T12:47:58.000Z" ,
"description" : "CryptXXX" ,
"pattern" : "[file:hashes.SHA256 = '565dadb36e1d8b0c787d0d5e4cd7ec8c24cac1d6b37637427547ae465ab0fff0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbff-9790-406a-aca4-4b5a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:59.000Z" ,
"modified" : "2016-04-21T12:47:59.000Z" ,
"description" : "CryptXXX" ,
"pattern" : "[file:hashes.MD5 = 'cd2d085998a289134ffaf27fbdcbc8cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cbff-bfd4-4f0b-9704-46c0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:47:59.000Z" ,
"modified" : "2016-04-21T12:47:59.000Z" ,
"description" : "CryptXXX" ,
"pattern" : "[file:hashes.SHA256 = '0b12584302a5a72f467a08046814593ea505fa397785f1012ab973dd961a6c0e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:47:59Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc81-eda0-46c5-9008-45d6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:09.000Z" ,
"modified" : "2016-04-21T12:50:09.000Z" ,
"description" : "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d" ,
"pattern" : "[file:hashes.MD5 = 'd65f155381d26f8ddfa304c83b1ad95a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc82-b3f0-4c5a-b661-4461950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:10.000Z" ,
"modified" : "2016-04-21T12:50:10.000Z" ,
"description" : "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d" ,
"pattern" : "[file:hashes.SHA256 = 'eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc82-8504-4d59-8540-47a1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:10.000Z" ,
"modified" : "2016-04-21T12:50:10.000Z" ,
"description" : "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d" ,
"pattern" : "[file:hashes.MD5 = 'b824d94af0f981106ec2a12d0c4cc1c0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc82-b7ac-4b18-abfe-4746950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:10.000Z" ,
"modified" : "2016-04-21T12:50:10.000Z" ,
"description" : "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d" ,
"pattern" : "[file:hashes.SHA256 = '5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc83-2e60-41aa-ba90-43ec950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:11.000Z" ,
"modified" : "2016-04-21T12:50:11.000Z" ,
"description" : "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (May 2015)" ,
"pattern" : "[file:hashes.MD5 = '971c578c9dea43f91bfb44ceac0ee01d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc83-bcbc-4afa-a0b0-47e3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:11.000Z" ,
"modified" : "2016-04-21T12:50:11.000Z" ,
"description" : "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (May 2015)" ,
"pattern" : "[file:hashes.SHA256 = '59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc84-0dc4-4f65-bbaa-4c79950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:12.000Z" ,
"modified" : "2016-04-21T12:50:12.000Z" ,
"description" : "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (December 2015)" ,
"pattern" : "[file:hashes.MD5 = '70a377690917a98e6ee682f7941eb565']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc84-6a50-40aa-853e-465a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:12.000Z" ,
"modified" : "2016-04-21T12:50:12.000Z" ,
"description" : "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (December 2015)" ,
"pattern" : "[file:hashes.SHA256 = 'ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc84-3584-49c1-8236-4601950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:12.000Z" ,
"modified" : "2016-04-21T12:50:12.000Z" ,
"description" : "Reveton - 2015-04-14" ,
"pattern" : "[file:hashes.MD5 = '728733095fe2c66f91a19ebde412dd25']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718cc84-2eac-4ccf-a8c7-4c04950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T12:50:12.000Z" ,
"modified" : "2016-04-21T12:50:12.000Z" ,
"description" : "Reveton - 2015-04-14" ,
"pattern" : "[file:hashes.SHA256 = 'dff7c0aac326f210705e4f53cd78a57cb277e80ecec7bdffd6f68db3bdda39c3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T12:50:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec08-17e8-4e4f-bc91-4dc002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:40.000Z" ,
"modified" : "2016-04-21T15:04:40.000Z" ,
"description" : "Reveton - 2015-04-14 - Xchecked via VT: dff7c0aac326f210705e4f53cd78a57cb277e80ecec7bdffd6f68db3bdda39c3" ,
"pattern" : "[file:hashes.SHA1 = 'fd1ae96536ef9f29f336425b83022d2beab767a2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec09-0a94-4850-95dd-42e402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:41.000Z" ,
"modified" : "2016-04-21T15:04:41.000Z" ,
"first_observed" : "2016-04-21T15:04:41Z" ,
"last_observed" : "2016-04-21T15:04:41Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec09-0a94-4850-95dd-42e402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec09-0a94-4850-95dd-42e402de0b81" ,
"value" : "https://www.virustotal.com/file/dff7c0aac326f210705e4f53cd78a57cb277e80ecec7bdffd6f68db3bdda39c3/analysis/1461131947/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec09-9708-4e77-b8e1-444c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:41.000Z" ,
"modified" : "2016-04-21T15:04:41.000Z" ,
"description" : "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (December 2015) - Xchecked via VT: ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de" ,
"pattern" : "[file:hashes.SHA1 = '246b1e0d01772a47a5f2032c8642d33d47a11c57']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec09-a8b8-47fa-b41a-481102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:41.000Z" ,
"modified" : "2016-04-21T15:04:41.000Z" ,
"first_observed" : "2016-04-21T15:04:41Z" ,
"last_observed" : "2016-04-21T15:04:41Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec09-a8b8-47fa-b41a-481102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec09-a8b8-47fa-b41a-481102de0b81" ,
"value" : "https://www.virustotal.com/file/ad3cc219a818047d6d3c38a8e4662e21dfedc858578cb2bde2c127d66dfeb7de/analysis/1461131953/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0a-a808-4a5b-8dd6-4de802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:42.000Z" ,
"modified" : "2016-04-21T15:04:42.000Z" ,
"description" : "Bedep Pony \u00e2\u20ac\u0153news.php\u00e2\u20ac\u009d - (May 2015) - Xchecked via VT: 59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa" ,
"pattern" : "[file:hashes.SHA1 = '0487c3856c5e44d3a5c2dcee29c63cb644a4fc52']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0a-e65c-4944-ba24-415f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:42.000Z" ,
"modified" : "2016-04-21T15:04:42.000Z" ,
"first_observed" : "2016-04-21T15:04:42Z" ,
"last_observed" : "2016-04-21T15:04:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0a-e65c-4944-ba24-415f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0a-e65c-4944-ba24-415f02de0b81" ,
"value" : "https://www.virustotal.com/file/59ddf36a9e85f4cf82a6511b49cfcdd9e4521b17f7e245f005e18418176ff4aa/analysis/1461131974/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0b-1cfc-449d-8b92-439602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:42.000Z" ,
"modified" : "2016-04-21T15:04:42.000Z" ,
"description" : "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d - Xchecked via VT: 5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd" ,
"pattern" : "[file:hashes.SHA1 = 'b4e17ebe8b07727e7ce6ae8580b97d1129e7c6ce']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:42Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0b-2f3c-4ce3-a20e-489e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:43.000Z" ,
"modified" : "2016-04-21T15:04:43.000Z" ,
"first_observed" : "2016-04-21T15:04:43Z" ,
"last_observed" : "2016-04-21T15:04:43Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0b-2f3c-4ce3-a20e-489e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0b-2f3c-4ce3-a20e-489e02de0b81" ,
"value" : "https://www.virustotal.com/file/5bfae47c9fda81243b50b6df53ac4184d90a70000894fa2a516044fa44770cfd/analysis/1461163306/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0b-991c-4adf-83ad-4f5402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:43.000Z" ,
"modified" : "2016-04-21T15:04:43.000Z" ,
"description" : "Bedep \u00e2\u20ac\u0153Private stealer\u00e2\u20ac\u009d - Xchecked via VT: eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d" ,
"pattern" : "[file:hashes.SHA1 = '87d7a85b4ea7d4041ade140576b4d6fd2c5aa403']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0c-9290-4654-8052-441e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:44.000Z" ,
"modified" : "2016-04-21T15:04:44.000Z" ,
"first_observed" : "2016-04-21T15:04:44Z" ,
"last_observed" : "2016-04-21T15:04:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0c-9290-4654-8052-441e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0c-9290-4654-8052-441e02de0b81" ,
"value" : "https://www.virustotal.com/file/eaa857c95fca38ca08411b757f4ad2a841cfb9782deca8abf64aada445923c0d/analysis/1461131964/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0c-f468-49fb-9ba3-472f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:44.000Z" ,
"modified" : "2016-04-21T15:04:44.000Z" ,
"description" : "CryptXXX - Xchecked via VT: 0b12584302a5a72f467a08046814593ea505fa397785f1012ab973dd961a6c0e" ,
"pattern" : "[file:hashes.SHA1 = 'e22678fe4bd0b209b14d5ed061ae61bb52e79df1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0c-bff4-422c-ab48-403202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:44.000Z" ,
"modified" : "2016-04-21T15:04:44.000Z" ,
"first_observed" : "2016-04-21T15:04:44Z" ,
"last_observed" : "2016-04-21T15:04:44Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0c-bff4-422c-ab48-403202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0c-bff4-422c-ab48-403202de0b81" ,
"value" : "https://www.virustotal.com/file/0b12584302a5a72f467a08046814593ea505fa397785f1012ab973dd961a6c0e/analysis/1461160828/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0d-4f74-4871-b896-43a102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:45.000Z" ,
"modified" : "2016-04-21T15:04:45.000Z" ,
"description" : "CryptXXX - Xchecked via VT: 565dadb36e1d8b0c787d0d5e4cd7ec8c24cac1d6b37637427547ae465ab0fff0" ,
"pattern" : "[file:hashes.SHA1 = '0a1d2182f272ff4e4321b41f6bf65f8320d9e88c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:45Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0d-2b70-41f4-87f7-445902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:45.000Z" ,
"modified" : "2016-04-21T15:04:45.000Z" ,
"first_observed" : "2016-04-21T15:04:45Z" ,
"last_observed" : "2016-04-21T15:04:45Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0d-2b70-41f4-87f7-445902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0d-2b70-41f4-87f7-445902de0b81" ,
"value" : "https://www.virustotal.com/file/565dadb36e1d8b0c787d0d5e4cd7ec8c24cac1d6b37637427547ae465ab0fff0/analysis/1461162322/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0e-d908-428b-bba4-4c4802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:46.000Z" ,
"modified" : "2016-04-21T15:04:46.000Z" ,
"description" : "CryptXXX - Xchecked via VT: a4e9c151a50595b59e787dd3b361ac53d02dd7f212d6b22639dc01776c886d05" ,
"pattern" : "[file:hashes.SHA1 = 'cfb97a66c90bff92b5d72eb9e81b2e9d8013b66d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0e-22f0-48d2-b7bb-499102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:46.000Z" ,
"modified" : "2016-04-21T15:04:46.000Z" ,
"first_observed" : "2016-04-21T15:04:46Z" ,
"last_observed" : "2016-04-21T15:04:46Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0e-22f0-48d2-b7bb-499102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0e-22f0-48d2-b7bb-499102de0b81" ,
"value" : "https://www.virustotal.com/file/a4e9c151a50595b59e787dd3b361ac53d02dd7f212d6b22639dc01776c886d05/analysis/1461225821/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0e-5244-4e01-814e-401c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:46.000Z" ,
"modified" : "2016-04-21T15:04:46.000Z" ,
"description" : "Bedep 1809 update stream dll3 - Xchecked via VT: e53610a977b65c01b275e37aefad7884368dfe00b50750e35b6c8c87556a2c06" ,
"pattern" : "[file:hashes.SHA1 = '93e9e42eba18e83811b4e9858be5cd09b9c50e5d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0f-30f8-402c-bda5-4aba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:47.000Z" ,
"modified" : "2016-04-21T15:04:47.000Z" ,
"first_observed" : "2016-04-21T15:04:47Z" ,
"last_observed" : "2016-04-21T15:04:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0f-30f8-402c-bda5-4aba02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0f-30f8-402c-bda5-4aba02de0b81" ,
"value" : "https://www.virustotal.com/file/e53610a977b65c01b275e37aefad7884368dfe00b50750e35b6c8c87556a2c06/analysis/1461164621/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec0f-a46c-4586-9ce8-484902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:47.000Z" ,
"modified" : "2016-04-21T15:04:47.000Z" ,
"description" : "Bedep 1809 update stream dll1 || Bedep 1809 update stream exe2 - Dridex 222 - Xchecked via VT: 1036c84a003378907560356642bb065caef961f9dbc5c3b2a4954d5cbe7100df" ,
"pattern" : "[file:hashes.SHA1 = '92a35105a3cf19a183ef9ca9e66cb9063fffecf1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec0f-b980-4e86-bc98-468602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:47.000Z" ,
"modified" : "2016-04-21T15:04:47.000Z" ,
"first_observed" : "2016-04-21T15:04:47Z" ,
"last_observed" : "2016-04-21T15:04:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec0f-b980-4e86-bc98-468602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec0f-b980-4e86-bc98-468602de0b81" ,
"value" : "https://www.virustotal.com/file/1036c84a003378907560356642bb065caef961f9dbc5c3b2a4954d5cbe7100df/analysis/1461131970/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec10-4cf4-44af-9f1d-4e9f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:48.000Z" ,
"modified" : "2016-04-21T15:04:48.000Z" ,
"description" : "Bedep 1809 first stream dll CryptXXX - Xchecked via VT: ab7a58b6e50be6b9bcb926c550ff26669601bbd8bfd922a5b32756e663b25a67" ,
"pattern" : "[file:hashes.SHA1 = 'd3f6bd8b57a8c353fd3f25d66e0690d9f578d35e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec10-c750-4490-958d-427902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:48.000Z" ,
"modified" : "2016-04-21T15:04:48.000Z" ,
"first_observed" : "2016-04-21T15:04:48Z" ,
"last_observed" : "2016-04-21T15:04:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec10-c750-4490-958d-427902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec10-c750-4490-958d-427902de0b81" ,
"value" : "https://www.virustotal.com/file/ab7a58b6e50be6b9bcb926c550ff26669601bbd8bfd922a5b32756e663b25a67/analysis/1461226696/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec11-7160-45ce-aa3c-4f8f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:49.000Z" ,
"modified" : "2016-04-21T15:04:49.000Z" ,
"description" : "Zip archive with most of the mentioned content - Xchecked via VT: 41dbbc60b8921709c5eb187cf03e60701e3b172e6deebdb67dd66c8cb3666b90" ,
"pattern" : "[file:hashes.SHA1 = '8b2771240fdcb3ca11c0ea1b77a313484154a85f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec11-c674-4178-8bb7-48bb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:49.000Z" ,
"modified" : "2016-04-21T15:04:49.000Z" ,
"first_observed" : "2016-04-21T15:04:49Z" ,
"last_observed" : "2016-04-21T15:04:49Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec11-c674-4178-8bb7-48bb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec11-c674-4178-8bb7-48bb02de0b81" ,
"value" : "https://www.virustotal.com/file/41dbbc60b8921709c5eb187cf03e60701e3b172e6deebdb67dd66c8cb3666b90/analysis/1461162315/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec11-4c84-4afb-818a-43a402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:49.000Z" ,
"modified" : "2016-04-21T15:04:49.000Z" ,
"description" : "Bedep 1809 update stream exe2 - Dridex 222 - Xchecked via VT: 3e75e8238a6bbd8817164658696198af" ,
"pattern" : "[file:hashes.SHA256 = '669ae51d73a3fac117ec39195efb969cb41a16fadecfe412ad83b767b25ae2ae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--5718ec12-bb6c-4b99-b685-470b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:50.000Z" ,
"modified" : "2016-04-21T15:04:50.000Z" ,
"description" : "Bedep 1809 update stream exe2 - Dridex 222 - Xchecked via VT: 3e75e8238a6bbd8817164658696198af" ,
"pattern" : "[file:hashes.SHA1 = '3c0246b41063f5ea26de9d96301774836270eff3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2016-04-21T15:04:50Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--5718ec12-fd54-4b04-8e9f-4e0f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2016-04-21T15:04:50.000Z" ,
"modified" : "2016-04-21T15:04:50.000Z" ,
"first_observed" : "2016-04-21T15:04:50Z" ,
"last_observed" : "2016-04-21T15:04:50Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--5718ec12-fd54-4b04-8e9f-4e0f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--5718ec12-fd54-4b04-8e9f-4e0f02de0b81" ,
"value" : "https://www.virustotal.com/file/669ae51d73a3fac117ec39195efb969cb41a16fadecfe412ad83b767b25ae2ae/analysis/1461160978/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}