2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--57447a73-8244-40d0-9c3d-57fe950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:32.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:32.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--57447a73-8244-40d0-9c3d-57fe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:32.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:32.000Z",
|
|
|
|
"name": "OSINT - FBI MSIL/Samas.A Ransomware Flash Alerts (FBI Flash Alert MC-000068-MW, February 18, 2016 & FBI Flash Alert MC-000070-MW, March 25, 2016)",
|
|
|
|
"published": "2016-06-19T22:21:55Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--57447abb-e650-4725-bcc3-0a96950d210f",
|
|
|
|
"indicator--57447abb-0dac-4db9-9128-0a96950d210f",
|
|
|
|
"indicator--57447abc-38a0-4a74-8ffb-0a96950d210f",
|
|
|
|
"indicator--57447abc-7dc4-4137-8c84-0a96950d210f",
|
|
|
|
"indicator--57447abc-1520-4168-be6a-0a96950d210f",
|
|
|
|
"indicator--57447abd-7184-40f5-9733-0a96950d210f",
|
|
|
|
"indicator--57447abd-6e50-457b-baf1-0a96950d210f",
|
|
|
|
"indicator--57447abe-0a8c-40d1-a7b3-0a96950d210f",
|
|
|
|
"indicator--57447abe-5370-499c-9ac2-0a96950d210f",
|
|
|
|
"indicator--57447abe-1bb4-438d-8933-0a96950d210f",
|
|
|
|
"indicator--57447abf-2fb0-4a30-a651-0a96950d210f",
|
|
|
|
"indicator--57447abf-4004-48da-8eeb-0a96950d210f",
|
|
|
|
"indicator--57447ac0-99f8-40b5-af55-0a96950d210f",
|
|
|
|
"indicator--57447ac0-cfb0-432c-bede-0a96950d210f",
|
|
|
|
"indicator--57447ac1-60f4-42ee-b266-0a96950d210f",
|
|
|
|
"indicator--57447ac1-5068-40ef-a22e-0a96950d210f",
|
|
|
|
"indicator--57447ac1-0f04-44b4-bac1-0a96950d210f",
|
|
|
|
"indicator--57447ac2-a2bc-459d-931c-0a96950d210f",
|
|
|
|
"indicator--57447ac2-47d4-4ad7-b0c5-0a96950d210f",
|
|
|
|
"indicator--57447ac3-8c48-4da9-b569-0a96950d210f",
|
|
|
|
"indicator--57447ac3-d83c-4390-8470-0a96950d210f",
|
|
|
|
"indicator--57447ac4-6968-4647-b4f9-0a96950d210f",
|
|
|
|
"indicator--57447ac4-7a60-40a5-b673-0a96950d210f",
|
|
|
|
"indicator--57447ac4-b04c-4db4-b53e-0a96950d210f",
|
|
|
|
"indicator--57447ac5-5b08-4116-8ebe-0a96950d210f",
|
|
|
|
"indicator--57447ac5-b358-45da-9b35-0a96950d210f",
|
|
|
|
"indicator--57447ac6-fa1c-4ab9-a487-0a96950d210f",
|
|
|
|
"indicator--57447ac6-50b8-47f8-9002-0a96950d210f",
|
|
|
|
"indicator--57447ac6-f7f0-4181-b0e5-0a96950d210f",
|
|
|
|
"indicator--57447ac7-3548-430b-ac84-0a96950d210f",
|
|
|
|
"indicator--57447ac7-2334-46c2-9d24-0a96950d210f",
|
|
|
|
"indicator--57447ac8-1be0-4d40-a988-0a96950d210f",
|
|
|
|
"indicator--57447ac8-a900-4b9d-8e1c-0a96950d210f",
|
|
|
|
"indicator--57447ac8-78d8-4fb4-909c-0a96950d210f",
|
|
|
|
"indicator--57447ac9-1204-42b9-a6c5-0a96950d210f",
|
|
|
|
"indicator--57447ac9-5da8-4d13-9ca7-0a96950d210f",
|
|
|
|
"indicator--57447aca-b048-4867-80f5-0a96950d210f",
|
|
|
|
"indicator--57447aca-d34c-484d-b7db-0a96950d210f",
|
|
|
|
"indicator--57447aca-6694-42f9-b5aa-0a96950d210f",
|
|
|
|
"indicator--57447acb-a434-4916-bdd9-0a96950d210f",
|
|
|
|
"indicator--57447acb-d528-4b22-ad82-0a96950d210f",
|
|
|
|
"indicator--57447acb-c9c4-4e53-9052-0a96950d210f",
|
|
|
|
"indicator--57447acc-6fd8-47e4-8d38-0a96950d210f",
|
|
|
|
"indicator--57447acc-8658-4003-bb21-0a96950d210f",
|
|
|
|
"indicator--57447acc-bb08-4115-a2b9-0a96950d210f",
|
|
|
|
"indicator--57447acd-ab14-4295-bf36-0a96950d210f",
|
|
|
|
"indicator--57447acd-c4e4-4e91-a6db-0a96950d210f",
|
|
|
|
"indicator--57447acd-10e0-4c30-8447-0a96950d210f",
|
|
|
|
"indicator--57447ace-e7d0-4cf1-a094-0a96950d210f",
|
|
|
|
"indicator--57447ace-adcc-4592-a529-0a96950d210f",
|
|
|
|
"indicator--57447ace-4104-4f18-af78-0a96950d210f",
|
|
|
|
"indicator--57447acf-2bf8-4b9f-8736-0a96950d210f",
|
|
|
|
"indicator--57447acf-1e58-473a-9878-0a96950d210f",
|
|
|
|
"indicator--57447acf-d934-4790-b6b4-0a96950d210f",
|
|
|
|
"indicator--57447ad0-8998-4d77-a54e-0a96950d210f",
|
|
|
|
"indicator--57447ad0-4374-4a47-a7d4-0a96950d210f",
|
|
|
|
"indicator--57447ad0-9ef4-4baa-9c9b-0a96950d210f",
|
|
|
|
"indicator--57447ad1-911c-4b49-b558-0a96950d210f",
|
|
|
|
"indicator--57447ad1-43ac-484e-8f11-0a96950d210f",
|
|
|
|
"indicator--57447ad1-75c4-407d-baf5-0a96950d210f",
|
|
|
|
"indicator--57447ad2-8b68-4a48-a2ce-0a96950d210f",
|
|
|
|
"indicator--57447ad2-045c-4fc0-851e-0a96950d210f",
|
|
|
|
"indicator--57447ad2-b114-4826-af5d-0a96950d210f",
|
|
|
|
"indicator--57447ad3-d884-4380-a3b4-0a96950d210f",
|
|
|
|
"indicator--57447ad3-8520-4f38-a419-0a96950d210f",
|
|
|
|
"indicator--57447ad3-da34-41f7-9021-0a96950d210f",
|
|
|
|
"indicator--57447ad4-5860-431d-9d07-0a96950d210f",
|
|
|
|
"indicator--57447ad4-186c-45f9-884c-0a96950d210f",
|
|
|
|
"indicator--57447ad4-b034-4b37-a1dc-0a96950d210f",
|
|
|
|
"indicator--57447ad5-9864-4b81-a4cb-0a96950d210f",
|
|
|
|
"indicator--57447ad5-0a40-4a3e-b416-0a96950d210f",
|
|
|
|
"indicator--57447ad5-23a8-4784-827c-0a96950d210f",
|
|
|
|
"indicator--57447ad6-7a7c-4a0a-aff7-0a96950d210f",
|
|
|
|
"indicator--57447ad6-b85c-4c79-90da-0a96950d210f",
|
|
|
|
"indicator--57447ad6-cacc-46c9-abae-0a96950d210f",
|
|
|
|
"observed-data--57447b4e-bff4-429a-8711-7705950d210f",
|
|
|
|
"url--57447b4e-bff4-429a-8711-7705950d210f",
|
|
|
|
"observed-data--57447b4e-c1c8-43cb-a2c8-7705950d210f",
|
|
|
|
"url--57447b4e-c1c8-43cb-a2c8-7705950d210f",
|
|
|
|
"indicator--57447bb5-ec4c-4322-a36c-76d5950d210f",
|
|
|
|
"indicator--57447bb5-f914-48d8-b526-76d5950d210f",
|
|
|
|
"indicator--57447bb6-e034-4632-ba8c-76d5950d210f",
|
|
|
|
"indicator--57447bb6-8b48-401b-8a19-76d5950d210f",
|
|
|
|
"indicator--57447bb6-4a84-4bc6-aa38-76d5950d210f",
|
|
|
|
"indicator--57447bb7-a934-4591-8243-76d5950d210f",
|
|
|
|
"indicator--57447bb7-1d14-42a2-ad4e-76d5950d210f",
|
|
|
|
"indicator--57447bb7-2ad8-4636-b811-76d5950d210f",
|
|
|
|
"indicator--57447bb8-ab74-41ba-be07-76d5950d210f",
|
|
|
|
"indicator--57447bb8-d9d8-42bb-a0d7-76d5950d210f",
|
|
|
|
"indicator--57447bb8-4238-4765-b4ba-76d5950d210f",
|
|
|
|
"indicator--57447bb9-991c-42f4-98dd-76d5950d210f",
|
|
|
|
"indicator--57447bb9-9e34-4126-aed3-76d5950d210f",
|
|
|
|
"indicator--57447bb9-e8fc-4b31-b08a-76d5950d210f",
|
|
|
|
"indicator--57447bba-73f4-449c-b974-76d5950d210f",
|
|
|
|
"indicator--57447bba-1490-462d-98e3-76d5950d210f",
|
|
|
|
"indicator--57447bba-fb7c-4e16-8c65-76d5950d210f",
|
|
|
|
"indicator--57447bbb-7fe4-4741-aef5-76d5950d210f",
|
|
|
|
"indicator--57447bbb-bfa8-486c-966a-76d5950d210f",
|
|
|
|
"indicator--57447bbb-ccb4-4d28-960e-76d5950d210f",
|
|
|
|
"indicator--57447bbc-f534-4e6e-9368-76d5950d210f",
|
|
|
|
"indicator--57447bbc-c49c-406d-9c0a-76d5950d210f",
|
|
|
|
"indicator--57447bbc-4ff4-4997-945b-76d5950d210f",
|
|
|
|
"indicator--57447bbd-236c-4fcd-961a-76d5950d210f",
|
|
|
|
"indicator--57447bbd-6520-4fc0-9e30-76d5950d210f",
|
|
|
|
"indicator--57447bbd-a9bc-48dc-94ca-76d5950d210f",
|
|
|
|
"indicator--57447bbe-3028-40e5-81b4-76d5950d210f",
|
|
|
|
"indicator--57447bbe-e2d4-44cc-a192-76d5950d210f",
|
|
|
|
"indicator--57447bbe-b588-4d6d-b2f6-76d5950d210f",
|
|
|
|
"indicator--57447bbf-3010-4501-b0e2-76d5950d210f",
|
|
|
|
"indicator--57447bbf-c89c-4a97-b967-76d5950d210f",
|
|
|
|
"indicator--57447bc0-0db4-4319-9430-76d5950d210f",
|
|
|
|
"indicator--57447bc0-7900-4f34-bc32-76d5950d210f",
|
|
|
|
"indicator--57447bc0-3a40-42a9-8846-76d5950d210f",
|
|
|
|
"indicator--57447bc1-048c-41f4-ac6f-76d5950d210f",
|
|
|
|
"indicator--57447bc1-c6b8-44fc-8e93-76d5950d210f",
|
|
|
|
"indicator--57447bc1-a128-482c-81a2-76d5950d210f",
|
|
|
|
"indicator--57447bc2-c7b8-4a94-aa8f-76d5950d210f",
|
|
|
|
"indicator--57447bc2-7658-4e00-93e6-76d5950d210f",
|
|
|
|
"indicator--57447bc2-9dc4-40c1-b64b-76d5950d210f",
|
|
|
|
"indicator--57447bc3-ca0c-4ca5-a3f7-76d5950d210f",
|
|
|
|
"indicator--57447bc3-52b0-499a-8ed1-76d5950d210f",
|
|
|
|
"indicator--57447bc3-9f74-422d-ae6f-76d5950d210f",
|
|
|
|
"indicator--57447bc4-e8a4-426e-8a14-76d5950d210f",
|
|
|
|
"indicator--57447bc4-0d0c-4136-81bd-76d5950d210f",
|
|
|
|
"indicator--57447bc5-0170-498d-b72e-76d5950d210f",
|
|
|
|
"indicator--57447bc5-22c8-4989-bd48-76d5950d210f",
|
|
|
|
"indicator--57447bc5-87b0-4d81-890d-76d5950d210f",
|
|
|
|
"indicator--57447bc6-dad0-46e0-a7e8-76d5950d210f",
|
|
|
|
"indicator--57447bc6-f2fc-4b94-afae-76d5950d210f",
|
|
|
|
"indicator--57447bc6-3324-439b-8c45-76d5950d210f",
|
|
|
|
"indicator--57447bc7-45b4-4fe8-ae82-76d5950d210f",
|
|
|
|
"indicator--57447bc7-4e1c-40e7-9196-76d5950d210f",
|
|
|
|
"indicator--57447bc7-2b84-40c8-b483-76d5950d210f",
|
|
|
|
"indicator--57447bc8-875c-4edb-a9a7-76d5950d210f",
|
|
|
|
"indicator--57447bc8-dc4c-472b-9470-76d5950d210f",
|
|
|
|
"indicator--57447bc8-7b4c-457a-8dd4-76d5950d210f",
|
|
|
|
"indicator--57447bc9-9b30-4cac-ac90-76d5950d210f",
|
|
|
|
"indicator--57447bc9-273c-4420-accb-76d5950d210f",
|
|
|
|
"indicator--57447bc9-4be4-436f-94fe-76d5950d210f",
|
|
|
|
"indicator--57447bca-7888-4915-b5c4-76d5950d210f",
|
|
|
|
"indicator--57447bca-a100-47e8-a9b4-76d5950d210f",
|
|
|
|
"indicator--57447bcb-e5c8-453b-9526-76d5950d210f",
|
|
|
|
"indicator--57447bcb-0b84-45f2-b8d4-76d5950d210f",
|
|
|
|
"indicator--57447bcb-3360-4573-8610-76d5950d210f",
|
|
|
|
"indicator--57447bcc-48a8-441e-9139-76d5950d210f",
|
|
|
|
"indicator--57447bcc-3db0-4747-9749-76d5950d210f",
|
|
|
|
"indicator--57447bcd-a510-4f61-a190-76d5950d210f",
|
|
|
|
"indicator--57447bcd-3c00-41c4-8628-76d5950d210f",
|
|
|
|
"indicator--57447bce-d91c-44ea-8402-76d5950d210f",
|
|
|
|
"indicator--57447bce-2d78-47e2-99bb-76d5950d210f",
|
|
|
|
"indicator--57447bce-735c-4422-ba59-76d5950d210f",
|
|
|
|
"indicator--57447c06-54e0-448a-9303-4b0c950d210f",
|
|
|
|
"indicator--57447c07-50a0-477b-83d4-4924950d210f",
|
|
|
|
"indicator--57447c07-1650-41d6-b73e-480d950d210f",
|
|
|
|
"indicator--57447c07-2104-4015-82d5-48a7950d210f",
|
|
|
|
"indicator--57447c08-307c-4d55-a0b5-4399950d210f",
|
|
|
|
"indicator--57447c08-094c-4683-88eb-4a69950d210f",
|
|
|
|
"indicator--57447c09-8e68-4f4c-98bf-4a98950d210f",
|
|
|
|
"indicator--57447c09-3718-4a5c-806f-4c9c950d210f",
|
|
|
|
"indicator--57447c09-5328-4160-b209-4bbd950d210f",
|
|
|
|
"indicator--57447c0a-c27c-45b4-97a2-4e8a950d210f",
|
|
|
|
"indicator--57447c0a-d8a4-4ef0-b5df-4e79950d210f",
|
|
|
|
"indicator--57447c0a-ffc8-49af-82ae-471e950d210f",
|
|
|
|
"indicator--57447c0b-b750-431b-915f-4c27950d210f",
|
|
|
|
"indicator--57447c0b-fa78-430d-9d70-47e7950d210f",
|
|
|
|
"indicator--57447c0b-38d0-41c9-b279-4ac8950d210f",
|
|
|
|
"observed-data--57447cb9-06c0-4cb6-95d7-4d30950d210f",
|
|
|
|
"file--57447cb9-06c0-4cb6-95d7-4d30950d210f",
|
|
|
|
"artifact--57447cb9-06c0-4cb6-95d7-4d30950d210f",
|
|
|
|
"observed-data--57447cc8-1694-46b9-a022-67a0950d210f",
|
|
|
|
"file--57447cc8-1694-46b9-a022-67a0950d210f",
|
|
|
|
"artifact--57447cc8-1694-46b9-a022-67a0950d210f",
|
|
|
|
"observed-data--57447cd7-026c-44fa-9ec0-76d5950d210f",
|
|
|
|
"file--57447cd7-026c-44fa-9ec0-76d5950d210f",
|
|
|
|
"artifact--57447cd7-026c-44fa-9ec0-76d5950d210f",
|
|
|
|
"observed-data--57454688-2d0c-4add-b080-a57802de0b81",
|
|
|
|
"url--57454688-2d0c-4add-b080-a57802de0b81",
|
|
|
|
"observed-data--57454688-1a70-430d-8c8a-a57802de0b81",
|
|
|
|
"url--57454688-1a70-430d-8c8a-a57802de0b81",
|
|
|
|
"observed-data--57454689-5688-42d1-8629-a57802de0b81",
|
|
|
|
"url--57454689-5688-42d1-8629-a57802de0b81",
|
|
|
|
"observed-data--57454689-188c-41c4-9b64-a57802de0b81",
|
|
|
|
"url--57454689-188c-41c4-9b64-a57802de0b81",
|
|
|
|
"observed-data--57454689-a144-4061-8e3a-a57802de0b81",
|
|
|
|
"url--57454689-a144-4061-8e3a-a57802de0b81",
|
|
|
|
"observed-data--5745468a-936c-4c82-b960-a57802de0b81",
|
|
|
|
"url--5745468a-936c-4c82-b960-a57802de0b81",
|
|
|
|
"observed-data--5745468a-5174-406a-8ec5-a57802de0b81",
|
|
|
|
"url--5745468a-5174-406a-8ec5-a57802de0b81",
|
|
|
|
"observed-data--5745468a-6b70-4510-81fe-a57802de0b81",
|
|
|
|
"url--5745468a-6b70-4510-81fe-a57802de0b81",
|
|
|
|
"observed-data--5745468b-9728-4cc8-b903-a57802de0b81",
|
|
|
|
"url--5745468b-9728-4cc8-b903-a57802de0b81",
|
|
|
|
"observed-data--5745468b-cd7c-4ab7-ada8-a57802de0b81",
|
|
|
|
"url--5745468b-cd7c-4ab7-ada8-a57802de0b81",
|
|
|
|
"observed-data--5745468c-e64c-4699-ba85-a57802de0b81",
|
|
|
|
"url--5745468c-e64c-4699-ba85-a57802de0b81",
|
|
|
|
"observed-data--5745468c-b420-41aa-9cad-a57802de0b81",
|
|
|
|
"url--5745468c-b420-41aa-9cad-a57802de0b81",
|
|
|
|
"observed-data--5745468c-0c2c-4ba5-9c8d-a57802de0b81",
|
|
|
|
"url--5745468c-0c2c-4ba5-9c8d-a57802de0b81",
|
|
|
|
"observed-data--5745468d-339c-433b-9137-a57802de0b81",
|
|
|
|
"url--5745468d-339c-433b-9137-a57802de0b81",
|
|
|
|
"observed-data--5745468d-f3bc-4767-8008-a57802de0b81",
|
|
|
|
"url--5745468d-f3bc-4767-8008-a57802de0b81",
|
|
|
|
"observed-data--5745468d-b8a8-4ba9-8484-a57802de0b81",
|
|
|
|
"url--5745468d-b8a8-4ba9-8484-a57802de0b81",
|
|
|
|
"observed-data--5745468e-2e84-4ad5-9550-a57802de0b81",
|
|
|
|
"url--5745468e-2e84-4ad5-9550-a57802de0b81",
|
|
|
|
"observed-data--5745468e-3b30-4a07-a893-a57802de0b81",
|
|
|
|
"url--5745468e-3b30-4a07-a893-a57802de0b81",
|
|
|
|
"observed-data--5745468e-55b0-483b-b3ef-a57802de0b81",
|
|
|
|
"url--5745468e-55b0-483b-b3ef-a57802de0b81",
|
|
|
|
"observed-data--5745468f-3b1c-49d7-b2da-a57802de0b81",
|
|
|
|
"url--5745468f-3b1c-49d7-b2da-a57802de0b81",
|
|
|
|
"observed-data--5745468f-9e30-4ca8-b326-a57802de0b81",
|
|
|
|
"url--5745468f-9e30-4ca8-b326-a57802de0b81",
|
|
|
|
"observed-data--57454690-4428-45fe-9884-a57802de0b81",
|
|
|
|
"url--57454690-4428-45fe-9884-a57802de0b81",
|
|
|
|
"observed-data--57454690-9fd0-44a5-9b1b-a57802de0b81",
|
|
|
|
"url--57454690-9fd0-44a5-9b1b-a57802de0b81",
|
|
|
|
"observed-data--57454690-9540-4582-9f4a-a57802de0b81",
|
|
|
|
"url--57454690-9540-4582-9f4a-a57802de0b81",
|
|
|
|
"observed-data--57454691-c4f0-4963-b102-a57802de0b81",
|
|
|
|
"url--57454691-c4f0-4963-b102-a57802de0b81",
|
|
|
|
"observed-data--57454691-7c48-4f7a-bb5b-a57802de0b81",
|
|
|
|
"url--57454691-7c48-4f7a-bb5b-a57802de0b81",
|
|
|
|
"observed-data--57454691-f310-4483-9e90-a57802de0b81",
|
|
|
|
"url--57454691-f310-4483-9e90-a57802de0b81",
|
|
|
|
"observed-data--57454692-149c-4907-9741-a57802de0b81",
|
|
|
|
"url--57454692-149c-4907-9741-a57802de0b81",
|
|
|
|
"observed-data--57454692-0e14-4226-85e7-a57802de0b81",
|
|
|
|
"url--57454692-0e14-4226-85e7-a57802de0b81",
|
|
|
|
"observed-data--57454693-b600-45b7-bb1c-a57802de0b81",
|
|
|
|
"url--57454693-b600-45b7-bb1c-a57802de0b81",
|
|
|
|
"observed-data--57454693-3154-490d-86e9-a57802de0b81",
|
|
|
|
"url--57454693-3154-490d-86e9-a57802de0b81",
|
|
|
|
"observed-data--57454693-f6ac-44af-9f24-a57802de0b81",
|
|
|
|
"url--57454693-f6ac-44af-9f24-a57802de0b81",
|
|
|
|
"observed-data--57454694-3234-40a5-8277-a57802de0b81",
|
|
|
|
"url--57454694-3234-40a5-8277-a57802de0b81",
|
|
|
|
"observed-data--57454694-75d8-4b01-bed7-a57802de0b81",
|
|
|
|
"url--57454694-75d8-4b01-bed7-a57802de0b81",
|
|
|
|
"observed-data--57454694-7ee4-4f64-bf65-a57802de0b81",
|
|
|
|
"url--57454694-7ee4-4f64-bf65-a57802de0b81",
|
|
|
|
"observed-data--57454695-8ef8-4fad-83ac-a57802de0b81",
|
|
|
|
"url--57454695-8ef8-4fad-83ac-a57802de0b81",
|
|
|
|
"observed-data--57454695-ba58-4a69-98bf-a57802de0b81",
|
|
|
|
"url--57454695-ba58-4a69-98bf-a57802de0b81",
|
|
|
|
"observed-data--57454696-0620-4e64-bfca-a57802de0b81",
|
|
|
|
"url--57454696-0620-4e64-bfca-a57802de0b81",
|
|
|
|
"indicator--57454696-e43c-444c-a1a8-a57802de0b81",
|
|
|
|
"indicator--57454696-9b38-4fab-bc99-a57802de0b81",
|
|
|
|
"observed-data--57454697-cd7c-42c7-aa57-a57802de0b81",
|
|
|
|
"url--57454697-cd7c-42c7-aa57-a57802de0b81",
|
|
|
|
"indicator--57454697-ac20-48f1-89e5-a57802de0b81",
|
|
|
|
"indicator--57454698-cec8-4046-91f2-a57802de0b81",
|
|
|
|
"observed-data--57454698-0a04-4522-8afc-a57802de0b81",
|
|
|
|
"url--57454698-0a04-4522-8afc-a57802de0b81",
|
|
|
|
"indicator--57454698-5fc4-4dcc-820d-a57802de0b81",
|
|
|
|
"indicator--57454699-bb78-4fa2-9667-a57802de0b81",
|
|
|
|
"observed-data--57454699-b0fc-4278-b089-a57802de0b81",
|
|
|
|
"url--57454699-b0fc-4278-b089-a57802de0b81",
|
|
|
|
"indicator--57454699-b418-4a3d-b67a-a57802de0b81",
|
|
|
|
"indicator--5745469a-51a0-462a-b7d1-a57802de0b81",
|
|
|
|
"observed-data--5745469a-3114-478c-bb6d-a57802de0b81",
|
|
|
|
"url--5745469a-3114-478c-bb6d-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abb-e650-4725-bcc3-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:00:59.000Z",
|
|
|
|
"modified": "2016-05-24T16:00:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '14721036e16587594ad950d4f2db5f27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:00:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abb-0dac-4db9-9128-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:00:59.000Z",
|
|
|
|
"modified": "2016-05-24T16:00:59.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ed1797c282f0817d2ad8f878f8dd50ab062501ac']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:00:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abc-38a0-4a74-8ffb-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:00.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:00.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7aa585e6fd0a895c295c4bea2ddb071eed1e5775f437602b577a54eef7f61044']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abc-7dc4-4137-8c84-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:00.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:00.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a14ea969014b1145382ffcd508d10156']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abc-1520-4168-be6a-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:00.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:00.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ff6aa732320d21697024994944cf66f7c553c9cd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abd-7184-40f5-9733-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:01.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:01.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abd-6e50-457b-baf1-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:01.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:01.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '868c351e29be8c6c1edde315505d938b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abe-0a8c-40d1-a7b3-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:02.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:02.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8fb40188f21eb689deffb36438fac45bfed5c2ca']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abe-5370-499c-9ac2-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:02.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:02.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '58ef87523184d5df3ed1568397cea65b3f44df06c73eadeb5d90faebe4390e3e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abe-1bb4-438d-8933-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:02.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fe998080463665412b65850828bce41f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abf-2fb0-4a30-a651-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:03.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:03.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '203bb8ec1da6b237a092bab71fa090849c7db9bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447abf-4004-48da-8eeb-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:03.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:03.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '036071786d7db553e2415ec2e71f3967baf51bdc31d0a640aa4afb87d3ce3050']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac0-99f8-40b5-af55-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:04.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:04.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0d2505ce7838bb22fcd973bf3895fd27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac0-cfb0-432c-bede-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:04.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:04.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '98e3df3ec24b88bbec95af7472085088230dd70e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac1-60f4-42ee-b266-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:05.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ffef0f1c2df157e9c2ee65a12d5b7b0f1301c4da22e7e7f3eac6b03c6487a626']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac1-5068-40ef-a22e-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:05.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:05.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4851e63304b03dc8e941840186c11679']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac1-0f04-44b4-bac1-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:05.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:05.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bedde43e8c9dc1efbd4171b071cc7697dd25ea7f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac2-a2bc-459d-931c-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:06.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:06.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a763ed678a52f77a7b75d55010124a8fccf1628eb4f7a815c6d635034227177e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac2-47d4-4ad7-b0c5-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:06.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:06.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '02dce579d95a57f9e5ca0cde800dfb0f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac3-8c48-4da9-b569-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:07.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:07.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '26d53045468df4f8238306f9e68e7a4283249e40']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac3-d83c-4390-8470-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:07.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:07.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e682ac6b874e0a6cfc5ff88798315b2cb822d165a7e6f72a5eb74e6da451e155']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac4-6968-4647-b4f9-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:08.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:08.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '43049c582db85b94feed9afa7419d78c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac4-7a60-40a5-b673-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:08.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:08.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ab94ea814ca7cedc4e43d0ff3c646b762f527b13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac4-b04c-4db4-b53e-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:08.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:08.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '946dd4c4f3c78e7e4819a712c7fd6497722a3d616d33e3306a556a9dc99656f4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac5-5b08-4116-8ebe-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:09.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:09.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e26c6a20139f7a45e94ce0b16e62bd03']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac5-b358-45da-9b35-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:09.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c6d7c27070a3838e2b6ac7e97e996b0fe6560fe2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac6-fa1c-4ab9-a487-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:10.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:10.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '89b4abb78970cd524dd887053d5bcd982534558efdf25c83f96e13b56b4ee805']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac6-50b8-47f8-9002-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:10.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1e22c58a8b677fac51cf6c1d2cd1a0e2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac6-f7f0-4181-b0e5-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:10.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:10.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '32a2d1a9d91ce7d9c130a9b0616c40ac4003355d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac7-3548-430b-ac84-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:11.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:11.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '939efdc272e8636fd63c1b58c2eec94cf10299cd2de30c329bd5378b6bbbd1c8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac7-2334-46c2-9d24-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:11.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:11.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3e2642aa59753ecbe82514daf2ea4e88']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac8-1be0-4d40-a988-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:12.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ac82585db4e6c30cc66d94b5a4aa94f7ab52acf0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac8-a900-4b9d-8e1c-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:12.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '979692a34201f9fc1e1c44654dc8074a82000946deedfdf6b8985827da992868']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac8-78d8-4fb4-909c-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:12.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:12.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'be25dffca730684e4db0ed04f809f6c0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac9-1204-42b9-a6c5-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:13.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4476e9dc1b397f89fa2e1ec5256fced6dcaff686']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ac9-5da8-4d13-9ca7-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:13.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '337b0532c035d5ff7575d749742029a1f86461d2391a324194086be1558f0413']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447aca-b048-4867-80f5-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:14.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:14.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9585f0c7dc287d07755e6818e1fa204c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447aca-d34c-484d-b7db-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:14.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3a4f16238ec07b39873f3ca26a0d9e94fa8835fa']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447aca-6694-42f9-b5aa-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:14.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '45e00fe90c8aa8578fce2b305840e368d62578c77e352974da6b8f8bc895d75b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acb-a434-4916-bdd9-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:15.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:15.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4c8fb28a68168430fd447ba1b92f4f42']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acb-d528-4b22-ad82-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:15.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'dfa673bfbf644eaef6dc6c70ff8db4ceed2db8f1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acb-c9c4-4e53-9052-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:15.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6bc2aa391b8ef260e79b99409e44011874630c2631e4487e82b76e5cb0a49307']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acc-6fd8-47e4-8d38-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:16.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:16.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'acaafbd881b130aba95ccbc2689f07db']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acc-8658-4003-bb21-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:16.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'cab95f6889b75e2e564e7f225fbd577d23acb1cc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acc-bb08-4115-a2b9-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:16.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f92bf62e6ab099fb2817e0c598b8fdf2882de464205da09fcd2937691a160f0c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acd-ab14-4295-bf36-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:17.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:17.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'f4bdb8fa44c6241c6be37b0c292940db']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acd-c4e4-4e91-a6db-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:17.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8cca4226ea92ebb524cad7b330edce16d98312c4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acd-10e0-4c30-8447-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:17.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8c44b91b4f583c9042f100e197df6a0e5a8efc0f5032cb02f6ff9b505badb557']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ace-e7d0-4cf1-a094-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:18.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:18.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c402ee3ab59b4c07f61c9e72942491b4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ace-adcc-4592-a529-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:18.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:18.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7f5136014a8a3a2611b57d7b784c6a1294489527']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ace-4104-4f18-af78-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:18.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:18.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '972a15202a58786f1e5a5d17d307fdae28bbb3569e084c405100df645c84b10e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acf-2bf8-4b9f-8736-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:19.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:19.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3e4fb79789528238d5696267503eae23']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acf-1e58-473a-9878-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:19.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:19.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ec86d9f4356042cd425fcf7fba5b9b97b42abd59']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447acf-d934-4790-b6b4-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:19.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:19.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'cbc973f53ad2edcc316671785d41c96b3176efdc7369d9d94d4183d3f78318b0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad0-8998-4d77-a54e-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:20.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:20.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '38dede398bc83a68c4319ded918c2119']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad0-4374-4a47-a7d4-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:20.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:20.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0e25bd9f7dc0c86ba9b4455711417040ecafa86e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad0-9ef4-4baa-9c9b-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:20.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:20.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ee1c0ca9787228d35a17e0083f05eba0146616f0543787b29bd567069a295e57']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad1-911c-4b49-b558-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:21.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:21.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7b50196dcad61ac0e0f16cfaf4d88894']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad1-43ac-484e-8f11-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:21.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:21.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'e74c4c3be146e761d8520245647cfc359f8d864a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad1-75c4-407d-baf5-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:21.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:21.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e92d8dddeaa037ba22c5a004bba2e81e764fd38e6b49875c416810a619193976']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad2-8b68-4a48-a2ce-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:22.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:22.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5fd2db03fffa15744274e61479cc7ce1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad2-045c-4fc0-851e-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:22.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:22.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c9ff43b7c169d6a1dd0a59aef4c2a532594ecffa']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad2-b114-4826-af5d-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:22.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:22.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '47f9d6aa6e14e20efa8732ed9228e1806316c31a2fa5a359f30693c3ccbf0340']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad3-d884-4380-a3b4-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:23.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:23.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'def637beb3911dce96fda8cdd36c1985']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad3-8520-4f38-a419-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:23.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:23.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9511c013de60e29c770f997d58f96bcee9d1dca8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad3-da34-41f7-9021-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:23.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:23.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5e7ab76187c73780cd53a6e2b9d0c9b4767172543ee56e7dc8cf4e8093fc6729']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad4-5860-431d-9d07-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:24.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:24.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2c49a8fdc32be8983c67ea4fd0faac4d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad4-186c-45f9-884c-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:24.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:24.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3112e834d6c0b099e13d03bcec60dc154a84154f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad4-b034-4b37-a1dc-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:24.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:24.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7e69b0c6b97c2e116e492f641c836d9d36093cefa3ed7ee53fcaa052bedcde53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad5-9864-4b81-a4cb-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:25.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '64082dd282a8ca6b9b7c71de14a827c4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad5-0a40-4a3e-b416-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:25.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:25.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0897ff3bdddacf825eb5643a2a43e7172b955445']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad5-23a8-4784-827c-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:25.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:25.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '76dec6a3719af5265d35e3fa9793972b96ca25a1d70a82a4ca0c28619051f48b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad6-7a7c-4a0a-aff7-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '4bdab54848d8fcb10aa9daba62459334']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad6-b85c-4c79-90da-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:26.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '0fa77687cb28a5c2397ee453c2c817f5978750ae']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447ad6-cacc-46c9-abae-0a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:01:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:01:26.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '362b1db3a7a36cbcf73554f0dbf63450d99e7f1e2b58b6d9bc375da080bdde30']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:01:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57447b4e-bff4-429a-8711-7705950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:03:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:03:26.000Z",
|
|
|
|
"first_observed": "2016-05-24T16:03:26Z",
|
|
|
|
"last_observed": "2016-05-24T16:03:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57447b4e-bff4-429a-8711-7705950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57447b4e-bff4-429a-8711-7705950d210f",
|
|
|
|
"value": "https://publicintelligence.net/fbi-samas-ransomware/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57447b4e-c1c8-43cb-a2c8-7705950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:03:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:03:26.000Z",
|
|
|
|
"first_observed": "2016-05-24T16:03:26Z",
|
|
|
|
"last_observed": "2016-05-24T16:03:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57447b4e-c1c8-43cb-a2c8-7705950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57447b4e-c1c8-43cb-a2c8-7705950d210f",
|
|
|
|
"value": "https://info.publicintelligence.net/FBI-SamasRansomware.zip"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb5-ec4c-4322-a36c-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:09.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:09.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0745b7c4de93b759e0f8f238aa0676fe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb5-f914-48d8-b526-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:09.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:09.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c8c022927b8d3057a3c95b4b51840b7102a5c703']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb6-e034-4632-ba8c-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:10.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:10.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3e9b24135e29cb4f9c6e45ced9b567c8eb173f66eda2b6d97278a5f170067def']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb6-8b48-401b-8a19-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:10.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '1a9403307958f52bcbbd985509241047']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb6-4a84-4bc6-aa38-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:10.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:10.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '202b1350b6da34e1422c10124adbbe97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb7-a934-4591-8243-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:11.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:11.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f993a4b417fc4b1c8363e636ba78f7236844b2c2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb7-1d14-42a2-ad4e-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:11.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:11.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '39c29f232249b6150d68e4fbbebf2117c190cc430537dc65c74cd1e0ed5a2de4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb7-2ad8-4636-b811-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:11.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:11.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '24d6df11d651bff9bab00743a3101e26']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb8-ab74-41ba-be07-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:12.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '27834c083fa3bba7473ef739ed6914d870808fd1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb8-d9d8-42bb-a0d7-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:12.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:12.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ea06ab55771d7e27c3787acf29378cc9effa727c6148d9738f7f6b6f9a8a8aa3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb8-4238-4765-b4ba-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:12.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:12.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '281bca4528d1b84e4265f34d66708dd1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb9-991c-42f4-98dd-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:13.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8b0c8267f391aadc1846b8f3301c49c8b285305c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb9-9e34-4126-aed3-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:13.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:13.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6c47a1f748b21809a48ca584a7a4b37a3ac2b82bf6777dd30d7644f564ca0129']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bb9-e8fc-4b31-b08a-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:13.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:13.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2a01a13e10157dec20f8d6086183e272']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bba-73f4-449c-b974-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:14.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f7801dd7fc709a8b247ac355ed0bebad9e8cab0b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bba-1490-462d-98e3-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:14.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:14.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '00dbc45554b0fbb75186f9b45fbe329c97a590bfd3db6a0bbce1a0694ee7277e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bba-fb7c-4e16-8c65-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:14.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:14.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2f06bd1a99cf6e258cdd1ab890898037']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbb-7fe4-4741-aef5-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:15.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4b78a2ea1ca75930c35c87664eb027804e4bb57e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbb-bfa8-486c-966a-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:15.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:15.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '01c570a9776626979f1de8a9cd8549bbbfe8f131819103dd6b490930c7b47d4f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbb-ccb4-4d28-960e-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:15.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:15.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'cbdeaf83f58a64b09df58b94063e0146']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbc-f534-4e6e-9368-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:16.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6fdefd995220a050bdaed3673a796dfb12570ad0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbc-c49c-406d-9c0a-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:16.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '905ba75b5b06cbb2ea75da302c94f6b5605327c59ebdb680c6feabdbc9e242d3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbc-4ff4-4997-945b-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:16.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:16.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3cd75a261debd9fb2b16368266fba778']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbd-236c-4fcd-961a-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:17.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '7e21ccb056ffb5ce9312a0a5490deaf48c6178b4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbd-6520-4fc0-9e30-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:17.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:17.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '41e0fb374e5d30b2e2a362a2718a5bf16e73127e22f0dfc89fdb17acbe89efdf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbd-a9bc-48dc-94ca-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:17.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:17.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '55ea726545ed1b6cb4b3b4b5426f71de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbe-3028-40e5-81b4-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:18.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:18.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '05ac048b8eee61f81ce1cd863ceae2dfc964de33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbe-e2d4-44cc-a192-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:18.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:18.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b06dd6f67468c46a8ddde68d9d9ad61d8ba83a1f5098d08e631066e82f0e8338']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbe-b588-4d6d-b2f6-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:18.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:18.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '56746bd731f732e6571b707b7a039476']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbf-3010-4501-b0e2-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:19.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:19.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4570aba94410ec8b23d44a2b346fa28fb1f7a39c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bbf-c89c-4a97-b967-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:19.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:19.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b513eb31a55f8cb177a13fe820ba0017acceb1a8f66d8f0ad767bb3cd4989cc4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc0-0db4-4319-9430-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:20.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:20.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5cde5adbc47fa8b414cdce72b48fa783']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc0-7900-4f34-bc32-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:20.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:20.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'a67c029d5015f059e5ee23979fbd1afd581e79c7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc0-3a40-42a9-8846-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:20.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:20.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b4d9339aa4df8abae92edf4bba969bec9dba06c9c9acf59214e6aeb258cae2ea']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc1-048c-41f4-ac6f-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:21.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:21.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6299bf4d7480f77019802c0fe508cf45']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc1-c6b8-44fc-8e93-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:21.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:21.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b938989222a1d5c86a8dbef70160b57b544c2dc3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc1-a128-482c-81a2-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:21.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:21.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ac7067c2907d1783cd3456b8c5acf893aa18d8c6885e800568b55f7d7ed3c236']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc2-c7b8-4a94-aa8f-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:22.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:22.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '710a45e007502b8f42a27ee05dcd2fba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc2-7658-4e00-93e6-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:22.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:22.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '809a37699a00b3c10cf3a7d61a42497c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc2-9dc4-40c1-b64b-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:22.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:22.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '553d6153d93f15dd2e0b0a829ba7689f491a30a4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc3-ca0c-4ca5-a3f7-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:23.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:23.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e46fc3802fa5cb85789c527c616561b3eb7f16919121c3c79d084ed229d06d16']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc3-52b0-499a-8ed1-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:23.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:23.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8a1d2885dfb74ac50f48c32f246458d5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc3-9f74-422d-ae6f-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:23.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:23.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '80b873702a37956458e18acbe7b82a764b889cd7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc4-e8a4-426e-8a14-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:24.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:24.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '20be676b9271e953b154bb332ec12064dfc2372b8d56c1e491746bd9921a2c3b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc4-0d0c-4136-81bd-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:24.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:24.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '95a4b4fdccaca897d015c7170be9de8d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc5-0170-498d-b72e-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:25.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:25.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '47f5eaa3b9e5648474a183229d0fe8b20b74f3dc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc5-22c8-4989-bd48-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:25.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:25.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '3f625a7388939a8662109d17f8c44ac0c68bfe7014c2cd4d93d0de759fa5307e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc5-87b0-4d81-890d-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:25.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:25.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '9f5f35227c9e5133e4ada83011adfd63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc6-dad0-46e0-a7e8-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a1d4eb5cb9f64ce6d4a4f55b43d5dcea']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc6-f2fc-4b94-afae-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:26.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a283e768fa12ef33087f07b01f82d6dd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc6-3324-439b-8c45-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:26.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:26.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '26c0c7fbc2ee8b2aa8c1ae0f76af95d5fda72903']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc7-45b4-4fe8-ae82-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:27.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:27.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '1d4d787047200fc7bcbfc03a496cafda8e49075d2fbf2ff7feab90a4fdea8f89']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc7-4e1c-40e7-9196-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:27.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'aeee996fd3484f28e5cd85fe26b6bdcd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc7-2b84-40c8-b483-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:27.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:27.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'cd23b7c9e0edef184930bc8e0ca2264f0608bcb3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc8-875c-4edb-a9a7-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:28.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:28.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc8-dc4c-472b-9470-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:28.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b8b2c13f55210a79bf7c7949558c9361']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc8-7b4c-457a-8dd4-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:28.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:28.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c0fbfd1d39968ec53ffdf75e5555c0006fc61ab7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc9-9b30-4cac-ac90-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:29.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:29.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fb86a97a582c35e3ad99f423a6c2d79781e00531927f4e511920f1529bc55b94']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc9-273c-4420-accb-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:29.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c0b38d29b37c34201606055ede9eced9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bc9-4be4-436f-94fe-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:29.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:29.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c411dbf62c26c0367d7e3a6903a6e8016c514fca']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bca-7888-4915-b5c4-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:30.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:30.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7fec409f6fd5c280dd82405f8267b2f233355e963564d74a3729b74ad1eef43f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bca-a100-47e8-a9b4-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:30.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'caa05dd2f9fee1923a2b94b27187d48f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bcb-e5c8-453b-9526-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:31.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:31.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e189b5ce11618bb7880e9b09d53a588f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bcb-0b84-45f2-b8d4-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:31.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:31.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '964f7144780aff59d48da184daa56b1704a86968']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bcb-3360-4573-8610-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:31.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:31.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '97d27e1225b472a63c88ac9cfb813019b72598b9dd2d70fe93f324f7d034fb95']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bcc-48a8-441e-9139-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:32.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:32.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fd95b06ffda7113c046b5419dfb1cff5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bcc-3db0-4747-9749-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:32.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:32.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2d1208ded1eea8dcf325aedc069b90040d3d0daf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bcd-a510-4f61-a190-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:33.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:33.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '06abe3c4c1b250c1e9a6c9158019dbcda3f3dd308943accd820b24fe883a25e6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bcd-3c00-41c4-8628-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:33.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:33.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fdeac41ba3e69bc4d8b1a89ac237001b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bce-d91c-44ea-8402-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:34.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:34.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'ed259b26ef7875da13d0aa8a51e4eca51bcfbf45']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bce-2d78-47e2-99bb-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:34.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:34.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '840d98baf1445af401a8180cb5464588bf368e4e0754c9f7f3e329345a22610d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447bce-735c-4422-ba59-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:05:34.000Z",
|
|
|
|
"modified": "2016-05-24T16:05:34.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5e00ebcbbe7e4ad8ff212f12a1337127']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:05:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c06-54e0-448a-9303-4b0c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:30.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '48964c1b74fa67242d9d519d0157268a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c07-50a0-477b-83d4-4924950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:31.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:31.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'bce5824c7a43507ece76e0e5ceedec67f8399fd7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c07-1650-41d6-b73e-480d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:31.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:31.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '908e12ee98b92eff821a592e268267b375d4233f0cdd41ffa56d33564e18ac44']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c07-2104-4015-82d5-48a7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:31.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:31.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dc33124df8ac2e245550830ac7c4e069']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c08-307c-4d55-a0b5-4399950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:32.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:32.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'fcd044c6179c85a240ef044d89e0fd659f0bb8bf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c08-094c-4683-88eb-4a69950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:32.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:32.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4ef24d34c887280c3ad76f22b4cdf1aa1474292661a96185b95a4413500f4445']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c09-8e68-4f4c-98bf-4a98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:33.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:33.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3c9166ec536f9b0b36bfd645fb700aa4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c09-3718-4a5c-806f-4c9c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:33.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:33.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'be6279f8120322ae709c8fed1a718b56cb840f4c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c09-5328-4160-b209-4bbd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:33.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:33.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4306181364b8ba411ebf134b3c8e740d12565f17eb3b521c58d2fa7a09f04529']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c0a-c27c-45b4-97a2-4e8a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:34.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:34.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a66fb58ab2c9016a8f8a7564f9958c35']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c0a-d8a4-4ef0-b5df-4e79950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:34.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:34.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '08f06a9827fa27dc0704b5ceb05c4bfe6b5694f0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c0a-ffc8-49af-82ae-471e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:34.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:34.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '6c94cf3e227728ea4c95333c403a126d81ac716f23408c25d9446791d1a33b3a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c0b-b750-431b-915f-4c27950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:35.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:35.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '03ea6ea565d4e7d27036160e3a76a553']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c0b-fa78-430d-9d70-47e7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:35.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:35.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8c932bbca091562f193cc965cbefe0dae6066bef']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57447c0b-38d0-41c9-b279-4ac8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:06:35.000Z",
|
|
|
|
"modified": "2016-05-24T16:06:35.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a6053aeccab0df1938d82c424d394deb3440ddac8dc921fdedbb96e4737777dc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-24T16:06:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57447cb9-06c0-4cb6-95d7-4d30950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:09:29.000Z",
|
|
|
|
"modified": "2016-05-24T16:09:29.000Z",
|
|
|
|
"first_observed": "2016-05-24T16:09:29Z",
|
|
|
|
"last_observed": "2016-05-24T16:09:29Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--57447cb9-06c0-4cb6-95d7-4d30950d210f",
|
|
|
|
"artifact--57447cb9-06c0-4cb6-95d7-4d30950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--57447cb9-06c0-4cb6-95d7-4d30950d210f",
|
|
|
|
"name": "Samas_A_IOC_List.xlsx",
|
|
|
|
"content_ref": "artifact--57447cb9-06c0-4cb6-95d7-4d30950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "artifact",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "artifact--57447cb9-06c0-4cb6-95d7-4d30950d210f",
|
|
|
|
"payload_bin": "UEsDBBQABgAIAAAAIQDb7qP0uAEAAA0JAAATAAgCW0NvbnRlbnRfVHlwZXNdLnhtbCCiBAIooAACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADElk1P4zAQhu8r8R8iX1HjwqLVCjXlwMdxQYKV9urG08aqv+SZQvvvmbhQrVChRIngEiux/T7vjEeeTC7WzhaPkNAEX4mTciwK8HXQxi8q8ffhZvRbFEjKa2WDh0psAMXF9OjH5GETAQve7bESDVE8lxLrBpzCMkTwPDMPySni17SQUdVLtQB5Oh7/knXwBJ5G1GqI6eQK5mplqbhe8+etk5nxorjcrmtRlVAxWlMrYqPy0es3kFGYz00NOtQrx9IlxgRKYwNAzpYxGSameyDiwFDIvcwEFrtBX6IqeWc2ho2JeMyhv0NoZ96P6mXfLR9HMhqKO5Xoj3Icu1xb+RTSchbCsvxYpGtqcopKp4x/9f0BPy9GmYeTgY208WXhAz6Iawxkfva3kGUOAJE2FnDotGfRQ+RGJdD3xNW7GNzA/9qHUq5mnAFJ7TD0sWfRDvzTgQ+iK//nN/PPvppfr5CC++esNATuLoWI/WtgJ9rqQSIDu2tz3/Wzx0P/OujvoX8tdPTA7S0fAHfQBN0L4bVdtbtH8VOZ3xG5/fauPGj7uwbdlb3NUm/8VmYPXOafmekzAAAA//8DAFBLAwQUAAYACAAAACEAE16+ZQIBAADfAgAACwAIAl9yZWxzLy5yZWxzIKIEAiigAAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKySTUsDMRCG74L/Icy9O9sqItJsL0XoTWT9ATGZ/WA3mZCkuv33RkF0obYeepyvd555mfVmsqN4oxB7dhKWRQmCnGbTu1bCS/24uAcRk3JGjexIwoEibKrrq/UzjSrlodj1Poqs4qKELiX/gBh1R1bFgj25XGk4WJVyGFr0Sg+qJVyV5R2G3xpQzTTFzkgIO3MDoj74vPm8NjdNr2nLem/JpSMrkKZEzpBZ+JDZQurzNaJWoaUkwbB+yumIyvsiYwMeJ1r9n+jva9FSUkYlhZoDneb57DgFtLykRXMTf9yZRnznMLwyD6dYbi/JovcxsT1jzlfPNxLO3rL6AAAA//8DAFBLAwQUAAYACAAAACEA36RnKBoBAABkBAAAGgAIAXhsL19yZWxzL3dvcmtib29rLnhtbC5yZWxzIKIEASigAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvJRNa8MwDIbvg/0H4/uiJN26Mur0Mga9bhnsahzlg8Z2sNVt+fczGUtTKNkl9GKQhN/3sYS83X3rln2i8401gidRzBkaZYvGVIK/5y93G848SVPI1hoUvEfPd9ntzfYVW0nhkq+bzrOgYrzgNVH3BOBVjVr6yHZoQqW0TksKoaugk+ogK4Q0jtfgpho8O9Nk+0Jwty9WnOV9F5z/17Zl2Sh8tuqo0dAFC/DUt+EBLJeuQhL8N44CI4fL9o9L2qujJ6s/gttIEEUwZqEh1Ks5mnRJGgpDwhPJEMJwJnMMyZIMX9YdfI1IJ44x5WGozMKsrz2edK41D9emme3N/aKbU0uHxRu58DFMF2ia/msNnP0N2Q8AAAD//wMAUEsDBBQABgAIAAAAIQDEkZCIHgIAACgEAAAPAAAAeGwvd29ya2Jvb2sueG1spJNdb9owFIbvJ+0/WL4v+RgwhAhVy1YNqe1QactNboxzSCz8kdnOgH+/42RZ0bjptJvYPnYeH7/vObPro5LkJ1gnjM5oMogpAc1NIXSZ0Zfnu6sJJc4zXTBpNGT0BI5ezz9+mB2M3W+N2RMEaJfRyvt6GkWOV6CYG5gaNO7sjFXM49KWkastsMJVAF7JKI3jcaSY0LQjTO17GGa3Exy+GN4o0L6DWJDMY/quErXraYq/B6eY3Tf1FTeqRsRWSOFPLZQSxafLUhvLthKffUxGPRmnF2gluDXO7PwAUVGX5MV7kzhKku7J89lOSHjtZCesrh+ZCrdISiRz/mshPBQZHePSHOAtMKTENvVtIyTuJsNhGtNo/seKlSUF7Fgj/TOa0OPxYDpM03E4iY+6kR6sZh4WRnvU8Lf6/6tXy15UBt0hT/CjERawKIJs8xl+GZ+yrVsxX5HGyozm+d0qTvIXhxLkW+D7k8ofTqQ31uVrVkK+ga1DJfJbaUqX46bLz1xglxb/gw+MB0EiVKTLupv/rc65uMYDD3WGnvD92tuG+8aia0kAhVZ4FXBwb3+EJTluhC7MIaPYWKez+aENb0Thq4ymk0mM+13sG4iy8sG1TxgMOZ6x2+7BO9qR6LZqnph2RpGH9fKerFlovhuy/L4g98J5bN7Qb8tQLlg7U4ETuyzalKMexpnkWDthaA+mo8/pqL25b/L5LwAAAP//AwBQSwMEFAAGAAgAAAAhAKYsp13WKwAAAmwAABQAAAB4bC9
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57447cc8-1694-46b9-a022-67a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:09:44.000Z",
|
|
|
|
"modified": "2016-05-24T16:09:44.000Z",
|
|
|
|
"first_observed": "2016-05-24T16:09:44Z",
|
|
|
|
"last_observed": "2016-05-24T16:09:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--57447cc8-1694-46b9-a022-67a0950d210f",
|
|
|
|
"artifact--57447cc8-1694-46b9-a022-67a0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--57447cc8-1694-46b9-a022-67a0950d210f",
|
|
|
|
"name": "FLASH_MC-000068-MW_v2.pdf",
|
|
|
|
"content_ref": "artifact--57447cc8-1694-46b9-a022-67a0950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "artifact",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "artifact--57447cc8-1694-46b9-a022-67a0950d210f",
|
|
|
|
"payload_bin": "JVBERi0xLjUNJeLjz9MNCjI5NSAwIG9iag08PC9MaW5lYXJpemVkIDEvTCA1NjI1OTEvTyAyOTcvRSA0MTE0MjUvTiAzL1QgNTYyMjE0L0ggWyA1MTEgMjUzXT4+DWVuZG9iag0gICAgICAgICAgICAgDQozMTQgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDUvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzxFMzdFMEZFQTY5MEVEQjRGOTZDOENDNjdFRDYyNDc5MT48NEFBQTgxMENBRjZGRjE0Q0E0NUUzNkRBQzVBNzIzMjg+XS9JbmRleFsyOTUgNDFdL0luZm8gMjk0IDAgUi9MZW5ndGggMTAwL1ByZXYgNTYyMjE1L1Jvb3QgMjk2IDAgUi9TaXplIDMzNi9UeXBlL1hSZWYvV1sxIDMgMV0+PnN0cmVhbQ0KaN5iYmRgEGBgYmBgegMiGWvA7CkgkuUWiGS2AYu7gMUDwCKmIJK1BKzmI1h8O5gdAhbnApN3gSRjRi+I1NcCkkzFjSC2MyeQ/N0B1MXIwLgNpBJoNl3J/wwMV98CBBgAB+sQVA0KZW5kc3RyZWFtDWVuZG9iag1zdGFydHhyZWYNCjANCiUlRU9GDQogICAgICAgICANCjMzNSAwIG9iag08PC9DIDE1Ny9GaWx0ZXIvRmxhdGVEZWNvZGUvSSAxODAvTGVuZ3RoIDE2NS9TIDg3Pj5zdHJlYW0NCmjeYmBgYAKiagYWBgbBGQzCDAggDBRjBWKOTwzHnNRLC4BCVQtAEowyT9p26Se4WypuLJZjjOhoYBTu6GgQNgESMIVAwM7A4b4WSAsCsQhYmxqQbc7wlkHpAOMDzgAOG7Y5TKcZPBpON9Q0WFdb2+wQerTd8XHaHq7mBgYGcQOIKVwMHGUgS5kZGAR8QIYwMAJlGfgZOCbXgrkMDKsAAgwA2z8lkg0KZW5kc3RyZWFtDWVuZG9iag0yOTYgMCBvYmoNPDwvTGFuZyhlbi1VUykvTWFya0luZm88PC9NYXJrZWQgdHJ1ZT4+L01ldGFkYXRhIDEzIDAgUi9QYWdlcyAyOTMgMCBSL1N0cnVjdFRyZWVSb290IDMyIDAgUi9UeXBlL0NhdGFsb2c+Pg1lbmRvYmoNMjk3IDAgb2JqDTw8L0Fubm90c1szMTUgMCBSIDMxNiAwIFJdL0NvbnRlbnRzWzI5OSAwIFIgMzAxIDAgUiAzMDIgMCBSIDMwMyAwIFIgMzA0IDAgUiAzMDYgMCBSIDMwNyAwIFIgMzA4IDAgUl0vQ3JvcEJveFswIDAgNjEyIDc5Ml0vR3JvdXA8PC9DUy9EZXZpY2VSR0IvUy9UcmFuc3BhcmVuY3kvVHlwZS9Hcm91cD4+L01lZGlhQm94WzAgMCA2MTIgNzkyXS9QYXJlbnQgMjkzIDAgUi9SZXNvdXJjZXM8PC9Gb250PDwvRjEgMzE5IDAgUi9GMiAzMjUgMCBSL0YzIDMyOCAwIFIvRjQgMzM0IDAgUj4+L1Byb2NTZXRbL1BERi9UZXh0L0ltYWdlQi9JbWFnZUMvSW1hZ2VJXS9YT2JqZWN0PDwvSW1hZ2UxNCAzMTMgMCBSPj4+Pi9Sb3RhdGUgMC9TdHJ1Y3RQYXJlbnRzIDAvVGFicy9TL1R5cGUvUGFnZT4+DWVuZG9iag0yOTggMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0ZpcnN0IDE3My9MZW5ndGggMTE0My9OIDIwL1R5cGUvT2JqU3RtPj5zdHJlYW0NCmjexFZrb9s2FP0r/Jhii/m4fBaFMTuJVwPtNiTpMkDQB0VWHGGOZchK0/z7HlJ2kmaNm3bdCkPm5fMe8p57SJKGCUbSMkkapWPKBZSeGUEoAwsC7UowKayEIZmUEj1KYQY5GAQjYA2lmTTkYRgYOnZhVWstDMek9waGZ4pEbAlMaYPBJJgyEtNJwjWaiRRTgWIL3AiHv4hMeMVeveIjfCf83fGUn96uKj4qu7pZxvreVVEvuuZleXtTdOXlL3U5uDivB/Pm/YvhkI9PMO+MCZgTpvlxVXYZ0cAZplUYAAd2P3BMaz1QlPOTrr0uuz+Ktlp2TPKT6/MuentTL/8eDneiuOy61UvOb25utu552Sy7ouz2r9f8oq4Ws914yPiBD0w6N8A5kqOBeQxIfQbQuow9zgg+ej8/q2fdJTNk+UGxel3V88u+67Dqh+0rVCaLYr5GIPgE+Mbj5kO2bxDu2Mek0iLOyFPnpF5UChEIYMpxavmtuMKuxweHR0c/HRSL+rytfx43i1nqPNs4FIJPO3SWo+V8UTHB3xYfemTSmYAtVVd/AmR/hHFihNfWq65p+V8b1AAzHGYKRBJP/CKblEXowBgj3LM+5R6u54NnFqsY8NuAgBYrae+ZNtF2+GTyEMdqsN07zWzswyoGZIVfS0yDqDoY9BAzQSJtog+jHuPVQWMW8MYUI7dJM4v5fbvS2I8BL71ItkeypXG0GR9zDv0UkCq6r0ffTpuEOK5DwT15Xv/2p4PPQbhxsa5izD7LgqNl2czq5Zyf1cvRcl3f1Sd1u+4OLot2y7v7kCftifx6U2yGSOt4ItrkPgNP2+sq8eWONDxRap0kC9NTNvzezqoW/vamM9C97m5fIMPm9bprb/dGs+a8eoEFV6tFdRWzQfxvGSTFj8ogkYH3uXQZSJ6Tz8CUXLsMtM61EBnIlHutMih27k3IlPH5F6N8MD08uV0Dw3R50aQrIm4OrafNr9PDt8WKb4+fH57h+sBuHocct0mcs40u5sYRcTvqYYTTbZOCm8XrBtYXwfWBmhU4ewxZp9spurqj4hbb/ut7cuFP8NPm3bLGoArS0m/pDsnTRFHya4mCtN9BFLmLKA85ondxRNOWI+rZKquFTHnu0sMg6iulL9oRb9JbA4zePl9vrf9EQwyeGEZHvSNmpXmgtpJZBDitj0yK6qnxeeidhRZaq5hJMmE09Wrnoc8ardBnH5I++V77Ir6NXsX/6FGZpN+pRCsJlE6muorPEMJ6prdd6McbvFz6EoqrobhQdqK+roEynpKmiAWnFMx/prrpniK9g/bfKLop5p+IbtiILj1HdJX7/qL7vXNJ/YBc6vWWYk7l1mcgcA5NzUDDHI/cDDTMlVcZaITSZvFSVcFmoGROhLqDSmvoMImcrOtLR9mGllBwiblwECitQXGuDhstl7mWKMnkmlzq1zpKfqJrro3ONpR9oPkWmq822i9y73XCtItvj+U/fL38k3im/JPcyn96b+2S/38qP9E3KL95rPwfBRgAG4KJ5Q0KZW5kc3RyZWFtDWVuZG9iag0yOTkgMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA1MDE+PnN0cmVhbQ0KSInMlkuL2zAUhfcG/4e7lAq+1lsWDANJ2+mDWUxbwyzCLNyMk3gRu03Vlv77XmdgVl0URS3GYPBD6OPo3nNPvTrFYddtI1xd1asYu+2hf4RNvZ5inI4PdfvrS1/fdfth7OIwjdfXsH71Er6WhXfYKANKozBgrEAfwNBDA6e+LO5fwFgWf/nbui2L+kZCwOCg3ZWFBEGXhEaicgasR6+gPZaFQKkUCFTNfDeNg9P+T28/vimLDWsPvNKs5w/Qvi+L17TLh8uZgkOn0pkgM02D1qTTDFx6NvLKsN3EpWQn7tiRV5bRYXNp2cQb+pyVWBpPAi5FP2kCOpdIA5VAYQUt3JKUuXUiJpNKll8nG9Amw0QuBTvMZTZwy75lRvNmSQVFq216Q97crqgFP3HN3ublUkKhXoxtKWHI2ZNpfnaZa0gpgU4uRh2l0Opkmmmeep/nbovdMPaznT9mBiQ3CH4xcjmFIv3w4oEbGnzV07T7Puu259KRX+WlDPYSytyaUYwJqSV2nntC0Obz4OsyDz4tPKr0WZNZKC0CqpDu5+u5Gd9lZiJ/kOn+kFshWpZcSptzIjgn0B98zuqVonwgNYvDnvt/GEO1pypbjoaeqizdULu
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57447cd7-026c-44fa-9ec0-76d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-24T16:09:59.000Z",
|
|
|
|
"modified": "2016-05-24T16:09:59.000Z",
|
|
|
|
"first_observed": "2016-05-24T16:09:59Z",
|
|
|
|
"last_observed": "2016-05-24T16:09:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--57447cd7-026c-44fa-9ec0-76d5950d210f",
|
|
|
|
"artifact--57447cd7-026c-44fa-9ec0-76d5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"attachment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--57447cd7-026c-44fa-9ec0-76d5950d210f",
|
|
|
|
"name": "FLASH_MC-000070-MW.pdf",
|
|
|
|
"content_ref": "artifact--57447cd7-026c-44fa-9ec0-76d5950d210f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "artifact",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "artifact--57447cd7-026c-44fa-9ec0-76d5950d210f",
|
|
|
|
"payload_bin": "JVBERi0xLjUNJeLjz9MNCjI2OCAwIG9iag08PC9MaW5lYXJpemVkIDEvTCAyMjA4MzkvTyAyNzAvRSAxOTMzNzYvTiAzL1QgMjIwNDQ5L0ggWyA1MjMgMjc3XT4+DWVuZG9iag0gICAgICAgICAgICAgDQoyOTEgMCBvYmoNPDwvRGVjb2RlUGFybXM8PC9Db2x1bW5zIDUvUHJlZGljdG9yIDEyPj4vRmlsdGVyL0ZsYXRlRGVjb2RlL0lEWzxCMTc1NTUyMjIyN0NERjQwQTk4NEY5RUZEQjg3RUQzMz48Q0FFQTNGQUUwREJENkQ0NjhDMDJENzg5MzNFNjg5QjI+XS9JbmRleFsyNjggMzhdL0luZm8gMjY3IDAgUi9MZW5ndGggMTEzL1ByZXYgMjIwNDUwL1Jvb3QgMjY5IDAgUi9TaXplIDMwNi9UeXBlL1hSZWYvV1sxIDMgMV0+PnN0cmVhbQ0KaN5iYmRgEGBgYmBgBpMMK0Ak00QQyVIHFg8Hi2SDSNYrYPZ5sGwBWKQCzO4Bs7vA7BQweyaIXBEGFvECkdxRIJJRGUgy5ouC2GW1IHb0dRBbVgRI/tu9mIGJkYFxNtglDIxUIP8zMP75AhBgAF8hElsNCmVuZHN0cmVhbQ1lbmRvYmoNc3RhcnR4cmVmDQowDQolJUVPRg0KICAgICAgICANCjMwNSAwIG9iag08PC9DIDE3NS9GaWx0ZXIvRmxhdGVEZWNvZGUvSSAxOTkvTGVuZ3RoIDE4My9PIDE1OS9TIDg4Pj5zdHJlYW0NCmjeYmBgYGZgYNrMwMrAIP6FQYgBAYQYWICiLAwcEzi2vgTy/WVWT4DIMCleWVP8UJLFebXMDxcGxoqODgYG9Y6OBgb2jg6oUiDBzcBszg+kRYFYDKSNUZlBgCGPOZrRhNGDeSPDGmZf5lDmTOZ0ZkfmsuXGzOqc5gwMuZ9KoyK3SH9ck8N4BGIZDwOz5TeQbqBLFwFpXgZm2xkMYGfztYIcw8C6wgHsXOboOxB1jG4AAQYAkDEkeg0KZW5kc3RyZWFtDWVuZG9iag0yNjkgMCBvYmoNPDwvTGFuZyj+/wBFAE4ALQBVAFMpL01hcmtJbmZvPDwvTWFya2VkIHRydWU+Pi9NZXRhZGF0YSAxNiAwIFIvT3V0bGluZXMgMzYgMCBSL1BhZ2VMYXlvdXQvT25lQ29sdW1uL1BhZ2VzIDI2NiAwIFIvU3RydWN0VHJlZVJvb3QgNTMgMCBSL1R5cGUvQ2F0YWxvZz4+DWVuZG9iag0yNzAgMCBvYmoNPDwvQW5ub3RzIDI5MiAwIFIvQ29udGVudHNbMjc0IDAgUiAyNzYgMCBSIDI3NyAwIFIgMjc4IDAgUiAyNzkgMCBSIDI4MCAwIFIgMjgxIDAgUiAyODMgMCBSXS9Dcm9wQm94WzAuMCAwLjAgNjEyLjAgNzkyLjBdL0dyb3VwIDMwNCAwIFIvTWVkaWFCb3hbMC4wIDAuMCA2MTIuMCA3OTIuMF0vUGFyZW50IDI2NiAwIFIvUmVzb3VyY2VzPDwvQ29sb3JTcGFjZTw8L0NTMCAyOTQgMCBSL0NTMSAyOTUgMCBSPj4vRXh0R1N0YXRlPDwvR1MwIDI5NiAwIFI+Pi9Gb250PDwvVFQwIDI5OCAwIFIvVFQxIDMwMCAwIFIvVFQyIDMwMiAwIFI+Pi9YT2JqZWN0PDwvSW0wIDI5MCAwIFIvSW0xIDI4MiAwIFI+Pj4+L1JvdGF0ZSAwL1N0cnVjdFBhcmVudHMgMC9UYWJzL1MvVHlwZS9QYWdlPj4NZW5kb2JqDTI3MSAwIG9iag08PC9GaWx0ZXIvRmxhdGVEZWNvZGUvRmlyc3QgMTA2L0xlbmd0aCAxMDUxL04gMTMvVHlwZS9PYmpTdG0+PnN0cmVhbQ0KaN6clm1TGzcQx7+K3nQmmQ7W88N1Ure2A8GTkFDshLYeXhzmAteYO+buaMO3738lY2zC89zIq4fV7kranyyVKSaYyjTL8GuYNAbSMuk0pGMyKEjPlA+QgVlpITMmRdBMC8GklgYVCU1rUYG6gL4WmG+lRAUGLezPyIlgB0dv3vBBHEeDDydoTvBNry4KPqybk6Lhh0z0+8vGTEBPHPFdPuYHxbybGdELxpOH0LMmMOltT1rFtDY9EY74pGsu591+3hRVxySfXB53ZPpDWX1LTgZVVXf9/oyPR6Nh3hYnTAUTI9vosqtgxxP2NV+0CG+Pf6yb83zBRwMme4J/2l+OfNrfI18DBucFn+zl7TeoVkXyuP29ezfp8q7g8zzOqy/SvH6f7LdzCjXzko/yi92iPD3rmNOKvy3SyJYWju8s8tOWoXenrrrhsP4+27Iyi2NMKiNo/lEc3MnPy8XVq1G+KI+b8nXqKxcFTia4uOnU8zE/x4J2326/G/68VN0a1ouTOIg9LLr52fVqqeswxeWF4OMO+vNBdboomMB+F+dfKIS0VtKlwJvyoqsb/udyPcaruFjaXVK50/V2Na9PyuqUH5bVoGrLVXunbNpudJY31xtw4yFmJy3qQ75Ukc6vTn2K44hhTevPVQlrBTJZRf1VtPB20p21M6UczNMO3XxaqliormxgtNvKkUMr/JOK8usWAxBysGGdZFZlOGbBTAjMWKp7FBnta0iMKM2CN8zRKOxYTZFYoGk8CjB1VjObSZYJ8mKVYJufAdIWdo0MUVpgp6XD/NSvDNYDbk0QsR6kTnp6qY+iiWsgr01qk29vbIyZ7IhnfrSPT9U1WTjagMSZ+yHxd0KCFdPYEhJnHofEb0Iy/TIa/3VwnamP8GHu4SOIh/FwfhOPW05fSEZ2iwwrHiZD30/G5rnQ9U0F5xNPVCQy6BrGHfNkNly4PmX6deTe+oxZQ9mpmZN2jQ7JnNLJBy4+ynWDQv86DpnrnMKfUyTT6JSbOEhn0AueQoZ+md3OLfolf8pG1qLMiHJIL2NbgVKlYc2mus+SvlU+SqzcgA0wqLVNFhChp8g1xYF9yuyzCRGRWCo/MiCF3IRA30CA22YJQebWIPAIi8YAgRPRwOMUhE0KdgZ/j95PV/d1yvFnwrAl1QtxuNv7i6igt8omFUo+TIV9KhXr5ydipt4z7m7fgDHjlYoZL1b5vmnDmZs8MrGfslvE3P7xs3iWUTG47aP0Ka+v+ymXxVpWy+WIjpKyGpkbspTVNB+M+RSd8SkfJ/zzwZjKq/O8XHT1L/Or/3Jkwu/lvPf1uOyd1v/+1l4e/4NX26+jq+Oi+UkJJGd7BjlYFE0H+cdl0XZlXb2OFkeT+Ail7caLsMmr9oLecfOrfv9/AQYAGprEFg0KZW5kc3RyZWFtDWVuZG9iag0yNzIgMCBvYmoNPDwvRmlsdGVyL0ZsYXRlRGVjb2RlL0xlbmd0aCA1Mjg+PnN0cmVhbQ0KSIlclM2Ko0AUhfc+RS27F42JdeveBCSQTrohi/lhMvMARisZYaJizCJvP3U8TQ+MYPzEquPHCdd8d9gfunZy+fexr49xcue2a8Z46+9jHd0pXtouWxauaevp427+ra/VkOVp8/Fxm+L10J37rCxd/iM9vE3jwz1tm/4Un7P829jEse0u7unX7vjs8uN9GP7Ea+wmt3CbjWviOQV9qYav1TW6fN72cmjS83Z6vKQ9/1b8fAzRFfP9kjJ138TbUNVxrLpLzMpFOjaufE/HJotd899zXXHb6Vz/rsasLLB4sUiXxEvyErwir8Br8hq8I+/Ae/Ie/EZ+S+yZ6ZHpmemR6QtyAfZkDxaygAM5gJWsYCMbmG4ebp5uHm5+S94mFjoIHIQOAgehg8BB6CBwEDoIHIQOAgehg8BB6CBwEDoIHIQOAgehg8wO7ErQlbArQVfCrgRdyTs5/VlloHOAc6BngGegZ4BnoGeAZ6BngGegZ4BnoGeAZ6BbgJuyB0UPynxFvjJfka/MV+Qr8xX5ynxFvjJfka/sQdGD8l06v4s9KHrQV/IrmJ0oOlF2ouhE2YmiE2Unik6MnRg6Mfob/I3+Bn+jv8Hf6G/wN/ob/I3+Bn+jv8Hf6G/wN/ob/NfILxZ
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454688-2d0c-4add-b080-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:32.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:32.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:32Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:32Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454688-2d0c-4add-b080-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454688-2d0c-4add-b080-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/908e12ee98b92eff821a592e268267b375d4233f0cdd41ffa56d33564e18ac44/analysis/1461835502/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454688-1a70-430d-8c8a-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:32.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:32.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:32Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:32Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454688-1a70-430d-8c8a-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454688-1a70-430d-8c8a-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/840d98baf1445af401a8180cb5464588bf368e4e0754c9f7f3e329345a22610d/analysis/1460380553/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454689-5688-42d1-8629-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:33.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:33.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:33Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454689-5688-42d1-8629-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454689-5688-42d1-8629-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/97d27e1225b472a63c88ac9cfb813019b72598b9dd2d70fe93f324f7d034fb95/analysis/1464120997/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454689-188c-41c4-9b64-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:33.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:33.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:33Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454689-188c-41c4-9b64-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454689-188c-41c4-9b64-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/f8dbabdfa03068130c277ce49c60e35c029ff29d9e3c74c362521f3fb02670d5/analysis/1464119449/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454689-a144-4061-8e3a-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:33.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:33.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:33Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454689-a144-4061-8e3a-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454689-a144-4061-8e3a-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/1d4d787047200fc7bcbfc03a496cafda8e49075d2fbf2ff7feab90a4fdea8f89/analysis/1463909365/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468a-936c-4c82-b960-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:34.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:34.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:34Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468a-936c-4c82-b960-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468a-936c-4c82-b960-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/b4d9339aa4df8abae92edf4bba969bec9dba06c9c9acf59214e6aeb258cae2ea/analysis/1463399133/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468a-5174-406a-8ec5-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:34.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:34.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:34Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468a-5174-406a-8ec5-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468a-5174-406a-8ec5-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/b513eb31a55f8cb177a13fe820ba0017acceb1a8f66d8f0ad767bb3cd4989cc4/analysis/1462867150/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468a-6b70-4510-81fe-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:34.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:34.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:34Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468a-6b70-4510-81fe-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468a-6b70-4510-81fe-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/41e0fb374e5d30b2e2a362a2718a5bf16e73127e22f0dfc89fdb17acbe89efdf/analysis/1462625228/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468b-9728-4cc8-b903-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:35.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:35.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:35Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468b-9728-4cc8-b903-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468b-9728-4cc8-b903-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/905ba75b5b06cbb2ea75da302c94f6b5605327c59ebdb680c6feabdbc9e242d3/analysis/1459847262/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468b-cd7c-4ab7-ada8-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:35.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:35.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:35Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468b-cd7c-4ab7-ada8-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468b-cd7c-4ab7-ada8-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/01c570a9776626979f1de8a9cd8549bbbfe8f131819103dd6b490930c7b47d4f/analysis/1458918863/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468c-e64c-4699-ba85-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:36.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:36.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:36Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468c-e64c-4699-ba85-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468c-e64c-4699-ba85-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/00dbc45554b0fbb75186f9b45fbe329c97a590bfd3db6a0bbce1a0694ee7277e/analysis/1456527348/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468c-b420-41aa-9cad-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:36.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:36.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:36Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468c-b420-41aa-9cad-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468c-b420-41aa-9cad-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/6c47a1f748b21809a48ca584a7a4b37a3ac2b82bf6777dd30d7644f564ca0129/analysis/1461031374/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468c-0c2c-4ba5-9c8d-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:36.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:36.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:36Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468c-0c2c-4ba5-9c8d-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468c-0c2c-4ba5-9c8d-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/ea06ab55771d7e27c3787acf29378cc9effa727c6148d9738f7f6b6f9a8a8aa3/analysis/1456527316/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468d-339c-433b-9137-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:37.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:37.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:37Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468d-339c-433b-9137-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468d-339c-433b-9137-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/362b1db3a7a36cbcf73554f0dbf63450d99e7f1e2b58b6d9bc375da080bdde30/analysis/1459146450/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468d-f3bc-4767-8008-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:37.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:37.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:37Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468d-f3bc-4767-8008-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468d-f3bc-4767-8008-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/76dec6a3719af5265d35e3fa9793972b96ca25a1d70a82a4ca0c28619051f48b/analysis/1463033664/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468d-b8a8-4ba9-8484-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:37.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:37.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:37Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468d-b8a8-4ba9-8484-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468d-b8a8-4ba9-8484-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/7e69b0c6b97c2e116e492f641c836d9d36093cefa3ed7ee53fcaa052bedcde53/analysis/1459145897/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468e-2e84-4ad5-9550-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:38.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:38.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:38Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:38Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468e-2e84-4ad5-9550-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468e-2e84-4ad5-9550-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/5e7ab76187c73780cd53a6e2b9d0c9b4767172543ee56e7dc8cf4e8093fc6729/analysis/1459326146/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468e-3b30-4a07-a893-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:38.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:38.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:38Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:38Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468e-3b30-4a07-a893-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468e-3b30-4a07-a893-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/47f9d6aa6e14e20efa8732ed9228e1806316c31a2fa5a359f30693c3ccbf0340/analysis/1458878034/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468e-55b0-483b-b3ef-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:38.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:38.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:38Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:38Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468e-55b0-483b-b3ef-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468e-55b0-483b-b3ef-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/e92d8dddeaa037ba22c5a004bba2e81e764fd38e6b49875c416810a619193976/analysis/1459156594/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468f-3b1c-49d7-b2da-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:39.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:39.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:39Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:39Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468f-3b1c-49d7-b2da-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468f-3b1c-49d7-b2da-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/ee1c0ca9787228d35a17e0083f05eba0146616f0543787b29bd567069a295e57/analysis/1459156445/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745468f-9e30-4ca8-b326-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:39.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:39.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:39Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:39Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745468f-9e30-4ca8-b326-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745468f-9e30-4ca8-b326-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/cbc973f53ad2edcc316671785d41c96b3176efdc7369d9d94d4183d3f78318b0/analysis/1459155923/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454690-4428-45fe-9884-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:40.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:40.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:40Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454690-4428-45fe-9884-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454690-4428-45fe-9884-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/972a15202a58786f1e5a5d17d307fdae28bbb3569e084c405100df645c84b10e/analysis/1459155346/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454690-9fd0-44a5-9b1b-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:40.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:40.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:40Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454690-9fd0-44a5-9b1b-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454690-9fd0-44a5-9b1b-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/8c44b91b4f583c9042f100e197df6a0e5a8efc0f5032cb02f6ff9b505badb557/analysis/1461826200/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454690-9540-4582-9f4a-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:40.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:40.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:40Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454690-9540-4582-9f4a-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454690-9540-4582-9f4a-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/f92bf62e6ab099fb2817e0c598b8fdf2882de464205da09fcd2937691a160f0c/analysis/1460380505/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454691-c4f0-4963-b102-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:41.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:41.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:41Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454691-c4f0-4963-b102-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454691-c4f0-4963-b102-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/6bc2aa391b8ef260e79b99409e44011874630c2631e4487e82b76e5cb0a49307/analysis/1460093888/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454691-7c48-4f7a-bb5b-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:41.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:41.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:41Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454691-7c48-4f7a-bb5b-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454691-7c48-4f7a-bb5b-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/45e00fe90c8aa8578fce2b305840e368d62578c77e352974da6b8f8bc895d75b/analysis/1461213224/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454691-f310-4483-9e90-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:41.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:41.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:41Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454691-f310-4483-9e90-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454691-f310-4483-9e90-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/337b0532c035d5ff7575d749742029a1f86461d2391a324194086be1558f0413/analysis/1459277558/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454692-149c-4907-9741-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:42.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:42.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:42Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454692-149c-4907-9741-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454692-149c-4907-9741-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/979692a34201f9fc1e1c44654dc8074a82000946deedfdf6b8985827da992868/analysis/1463562937/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454692-0e14-4226-85e7-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:42.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:42.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:42Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454692-0e14-4226-85e7-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454692-0e14-4226-85e7-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/939efdc272e8636fd63c1b58c2eec94cf10299cd2de30c329bd5378b6bbbd1c8/analysis/1459747032/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454693-b600-45b7-bb1c-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:43.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:43.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:43Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454693-b600-45b7-bb1c-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454693-b600-45b7-bb1c-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/89b4abb78970cd524dd887053d5bcd982534558efdf25c83f96e13b56b4ee805/analysis/1463426978/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454693-3154-490d-86e9-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:43.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:43.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:43Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454693-3154-490d-86e9-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454693-3154-490d-86e9-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/946dd4c4f3c78e7e4819a712c7fd6497722a3d616d33e3306a556a9dc99656f4/analysis/1459749112/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454693-f6ac-44af-9f24-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:43.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:43.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:43Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454693-f6ac-44af-9f24-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454693-f6ac-44af-9f24-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/e682ac6b874e0a6cfc5ff88798315b2cb822d165a7e6f72a5eb74e6da451e155/analysis/1460380412/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454694-3234-40a5-8277-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:44.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:44.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:44Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454694-3234-40a5-8277-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454694-3234-40a5-8277-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/a763ed678a52f77a7b75d55010124a8fccf1628eb4f7a815c6d635034227177e/analysis/1460380446/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454694-75d8-4b01-bed7-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:44.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:44.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:44Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454694-75d8-4b01-bed7-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454694-75d8-4b01-bed7-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/ffef0f1c2df157e9c2ee65a12d5b7b0f1301c4da22e7e7f3eac6b03c6487a626/analysis/1459746919/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454694-7ee4-4f64-bf65-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:44.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:44.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:44Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454694-7ee4-4f64-bf65-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454694-7ee4-4f64-bf65-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/036071786d7db553e2415ec2e71f3967baf51bdc31d0a640aa4afb87d3ce3050/analysis/1461718553/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454695-8ef8-4fad-83ac-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:45.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:45.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:45Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454695-8ef8-4fad-83ac-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454695-8ef8-4fad-83ac-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/58ef87523184d5df3ed1568397cea65b3f44df06c73eadeb5d90faebe4390e3e/analysis/1459748594/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454695-ba58-4a69-98bf-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:45.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:45.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:45Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454695-ba58-4a69-98bf-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454695-ba58-4a69-98bf-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/0f2c5c39494f15b7ee637ad5b6b5d00a3e2f407b4f27d140cd5a821ff08acfac/analysis/1464076009/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454696-0620-4e64-bfca-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:46.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:46.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:46Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:46Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454696-0620-4e64-bfca-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454696-0620-4e64-bfca-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/7aa585e6fd0a895c295c4bea2ddb071eed1e5775f437602b577a54eef7f61044/analysis/1462118846/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57454696-e43c-444c-a1a8-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:46.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:46.000Z",
|
|
|
|
"description": "- Xchecked via VT: caa05dd2f9fee1923a2b94b27187d48f",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'b963b8b8c5ca14c792d2d3c8df31ee058de67108350a66a65e811fd00c9a340c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57454696-9b38-4fab-bc99-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:46.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:46.000Z",
|
|
|
|
"description": "- Xchecked via VT: caa05dd2f9fee1923a2b94b27187d48f",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '650eaa21f4031d7da591ebb68e9fc5ce5c860689']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454697-cd7c-42c7-aa57-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:47.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:47.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:47Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:47Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454697-cd7c-42c7-aa57-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454697-cd7c-42c7-aa57-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/b963b8b8c5ca14c792d2d3c8df31ee058de67108350a66a65e811fd00c9a340c/analysis/1463729955/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57454697-ac20-48f1-89e5-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:47.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:47.000Z",
|
|
|
|
"description": "- Xchecked via VT: a1d4eb5cb9f64ce6d4a4f55b43d5dcea",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd2df48b5291b90a3a03e10560557d64163b6ce530b71606bfb6eb5b417f33c3a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57454698-cec8-4046-91f2-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:48.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:48.000Z",
|
|
|
|
"description": "- Xchecked via VT: a1d4eb5cb9f64ce6d4a4f55b43d5dcea",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '8f74df44d6d5cad0126843c939f7e3980ea18bcf']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454698-0a04-4522-8afc-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:48.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:48.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:48Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454698-0a04-4522-8afc-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454698-0a04-4522-8afc-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/d2df48b5291b90a3a03e10560557d64163b6ce530b71606bfb6eb5b417f33c3a/analysis/1459773453/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57454698-5fc4-4dcc-820d-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:48.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:48.000Z",
|
|
|
|
"description": "- Xchecked via VT: 9f5f35227c9e5133e4ada83011adfd63",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '4ef3bd550f8db8897d29427eeddb8ed04d13802a57915f43bf2e7d55bd8b4c9a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57454699-bb78-4fa2-9667-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:49.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:49.000Z",
|
|
|
|
"description": "- Xchecked via VT: 9f5f35227c9e5133e4ada83011adfd63",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3f0610183464f8b2f50d7d9824b7b60d60a90060']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--57454699-b0fc-4278-b089-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:49.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:49.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:49Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--57454699-b0fc-4278-b089-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--57454699-b0fc-4278-b089-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/4ef3bd550f8db8897d29427eeddb8ed04d13802a57915f43bf2e7d55bd8b4c9a/analysis/1463600164/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--57454699-b418-4a3d-b67a-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:49.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:49.000Z",
|
|
|
|
"description": "- Xchecked via VT: 710a45e007502b8f42a27ee05dcd2fba",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '32445c921079aa3e26a376d70ef6550bafeb1f6b0b7037ef152553bb5dad116f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5745469a-51a0-462a-b7d1-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:50.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:50.000Z",
|
|
|
|
"description": "- Xchecked via VT: 710a45e007502b8f42a27ee05dcd2fba",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '5e70502689f6bf87eb367354268923e6a7e875c6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-05-25T06:30:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5745469a-3114-478c-bb6d-a57802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-05-25T06:30:50.000Z",
|
|
|
|
"modified": "2016-05-25T06:30:50.000Z",
|
|
|
|
"first_observed": "2016-05-25T06:30:50Z",
|
|
|
|
"last_observed": "2016-05-25T06:30:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5745469a-3114-478c-bb6d-a57802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5745469a-3114-478c-bb6d-a57802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/32445c921079aa3e26a376d70ef6550bafeb1f6b0b7037ef152553bb5dad116f/analysis/1460008214/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:GREEN",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "green"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|