2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--589d81ee-0348-49fe-9b88-4c48950d210f" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--589d81ee-0348-49fe-9b88-4c48950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"name" : "OSINT - Shell Crew Variants Continue to Fly Under Big AV\u00e2\u20ac\u2122s Radar" ,
"published" : "2017-02-10T10:16:37Z" ,
"object_refs" : [
"observed-data--589d8270-df64-437d-a96b-4a0f950d210f" ,
"url--589d8270-df64-437d-a96b-4a0f950d210f" ,
"x-misp-attribute--589d86ac-67f0-4796-aba9-4374950d210f" ,
"indicator--589d86bd-00f4-40c6-8b96-4915950d210f" ,
"x-misp-attribute--589d86d7-b4fc-449e-8674-4d5b950d210f" ,
"indicator--589d8703-4ea8-433e-8b1d-49fb950d210f" ,
"indicator--589d8704-3678-4703-92ac-4e8b950d210f" ,
"indicator--589d8705-2278-44a2-b75e-47de950d210f" ,
"indicator--589d8706-92cc-497b-8fe8-4246950d210f" ,
"indicator--589d8707-3718-4a8b-bbb4-4533950d210f" ,
"indicator--589d8707-c7c8-4d54-9a66-49dd950d210f" ,
"indicator--589d8708-9e60-47d3-8bab-4755950d210f" ,
"indicator--589d8709-899c-4e25-bb54-4054950d210f" ,
"indicator--589d870a-a47c-45df-8fdf-44eb950d210f" ,
"indicator--589d870a-b2d4-404a-a4f7-4c87950d210f" ,
"indicator--589d870b-f57c-4f02-89f3-4285950d210f" ,
"indicator--589d870c-448c-4285-9b90-44de950d210f" ,
"indicator--589d870d-edd4-4448-9713-469a950d210f" ,
"indicator--589d870e-7348-487b-9ec7-4804950d210f" ,
"indicator--589d870e-537c-4ef8-a62f-4b49950d210f" ,
"indicator--589d870f-33e8-4aee-83da-4dc5950d210f" ,
"indicator--589d8710-09f0-4852-915e-49a6950d210f" ,
"indicator--589d8711-4104-4dc5-ace6-439a950d210f" ,
"indicator--589d8711-af10-4cd4-98e0-4802950d210f" ,
"indicator--589d8712-f348-47da-908c-4bda950d210f" ,
"indicator--589d8713-b7b0-4ebd-9b02-4b75950d210f" ,
"indicator--589d8714-fbf8-410c-b62c-46ae950d210f" ,
"indicator--589d8714-d52c-4596-9e73-49c4950d210f" ,
"indicator--589d8715-f9c4-4e52-afc6-4df0950d210f" ,
"indicator--589d8964-a938-4ae4-ae7d-43fa950d210f" ,
"indicator--589d8965-7a60-40da-8273-4b6f950d210f" ,
"indicator--589d8966-7b64-47a9-a3ae-46d8950d210f" ,
"indicator--589d8967-754c-4e88-8795-4c42950d210f" ,
"indicator--589d89a8-9348-45fb-8317-4879950d210f" ,
"indicator--589d89a9-ccc0-498f-9c25-4de5950d210f" ,
"indicator--589d89aa-cb58-49e4-bf9b-49a2950d210f" ,
"indicator--589d89ab-bae0-46b0-a117-49a0950d210f" ,
"indicator--589d89ab-e468-4846-8f9a-45b7950d210f" ,
"indicator--589d89ac-77d8-4110-8bc1-4442950d210f" ,
"indicator--589d89ad-e734-4e07-8ef2-4fdb950d210f" ,
"indicator--589d89ae-d4d8-4cdd-836f-4229950d210f" ,
"indicator--589d89af-8a24-4dd7-8773-445d950d210f" ,
"indicator--589d89af-9534-4e81-b70f-47f1950d210f" ,
"indicator--589d89b0-7b60-49d8-b49a-4254950d210f" ,
"indicator--589d89b1-7f9c-4e5a-8713-4fc1950d210f" ,
"indicator--589d89b2-4c60-4592-a144-4be4950d210f" ,
"indicator--589d89b3-43bc-4638-9730-484b950d210f" ,
"indicator--589d89b4-91fc-48b1-953e-4ccf950d210f" ,
"indicator--589d89b4-a2a0-4ece-b121-45bb950d210f" ,
"indicator--589d89b5-910c-447e-9339-48b9950d210f" ,
"indicator--589d89b6-3be0-472e-91cd-416e950d210f" ,
"indicator--589d89b7-7e60-49ff-8e47-460b950d210f" ,
"indicator--589d89b7-c2a4-48cb-bc62-4ca6950d210f" ,
"indicator--589d89b8-e5cc-42c4-bec9-4366950d210f" ,
"indicator--589d89b9-193c-46e5-b72b-47a5950d210f" ,
"indicator--589d89ba-2ccc-4775-9024-4da9950d210f" ,
"indicator--589d89bb-f894-4bc8-8f15-41a0950d210f" ,
"indicator--589d89bb-6a88-4d66-80fa-4deb950d210f" ,
"indicator--589d89bc-de04-474a-ae40-4700950d210f" ,
"indicator--589d89bd-6750-4fa5-8ded-442e950d210f" ,
"indicator--589d89e2-edb8-4599-a03c-4ddd950d210f" ,
"indicator--589d89f8-9c18-490e-b950-4977950d210f" ,
"indicator--589d89f9-c3e4-4bc4-91fc-40b0950d210f" ,
"indicator--589d89fa-35a4-4e9c-9dce-44c5950d210f" ,
"indicator--589d89fa-f570-44da-a363-47ad950d210f" ,
"indicator--589d8a10-aaa0-42bf-b16a-4009950d210f" ,
"indicator--589d8a10-bbcc-4873-8bb8-4634950d210f" ,
"indicator--589d8a11-85a8-454b-b8fa-46ae950d210f" ,
"indicator--589d8a12-7b88-45a4-b271-4b7c950d210f" ,
"indicator--589d8a20-96d0-4c91-9e81-46a7950d210f" ,
"indicator--589d8a20-8fc8-4890-bd57-429d950d210f" ,
"indicator--589d8a21-7f64-4a0c-bb61-4473950d210f" ,
"indicator--589d8a22-b05c-4677-b565-43c3950d210f" ,
"indicator--589d8a23-9b98-4fc3-98b6-4301950d210f" ,
"indicator--589d8a23-4a78-46e3-b28c-4048950d210f" ,
"indicator--589d8a24-2d74-4478-93fc-43ac950d210f" ,
"indicator--589d8a25-23d4-45ca-9763-48c1950d210f" ,
"indicator--589d8a26-a1ec-49a6-a80e-400c950d210f" ,
"indicator--589d8b3d-db10-4dac-a7f6-42a902de0b81" ,
"indicator--589d8b3e-1238-4f08-9dc0-41aa02de0b81" ,
"observed-data--589d8b3f-3914-4d79-9d9b-45de02de0b81" ,
"url--589d8b3f-3914-4d79-9d9b-45de02de0b81" ,
"indicator--589d8b40-3644-4bcf-b7b7-49ac02de0b81" ,
"indicator--589d8b41-6428-4bb7-804b-4a6502de0b81" ,
"observed-data--589d8b41-9a64-49fe-9f06-4efe02de0b81" ,
"url--589d8b41-9a64-49fe-9f06-4efe02de0b81" ,
"indicator--589d8b42-b504-49ac-bd74-4e8a02de0b81" ,
"indicator--589d8b43-ad84-401e-819d-4df202de0b81" ,
"observed-data--589d8b44-8020-41fb-820a-42d102de0b81" ,
"url--589d8b44-8020-41fb-820a-42d102de0b81" ,
"indicator--589d8b44-4448-421d-90ec-447602de0b81" ,
"indicator--589d8b45-bccc-4673-9880-4fd402de0b81" ,
"observed-data--589d8b46-3424-4971-ad66-4e5102de0b81" ,
"url--589d8b46-3424-4971-ad66-4e5102de0b81" ,
"indicator--589d8b47-c244-412d-9885-48d102de0b81" ,
"indicator--589d8b47-8e80-42c6-a364-417102de0b81" ,
"observed-data--589d8b48-53d4-4dc6-830a-4cd902de0b81" ,
"url--589d8b48-53d4-4dc6-830a-4cd902de0b81" ,
"indicator--589d8b49-5230-4a3b-83f5-44fb02de0b81" ,
"indicator--589d8b4a-a9d8-4b0d-9e6a-494d02de0b81" ,
"observed-data--589d8b4b-2d64-4d52-9c30-43ef02de0b81" ,
"url--589d8b4b-2d64-4d52-9c30-43ef02de0b81" ,
"indicator--589d8b4b-941c-4ed4-a8c9-400402de0b81" ,
"indicator--589d8b4c-a7f4-45d2-ac57-419f02de0b81" ,
"observed-data--589d8b4d-4724-4bcf-ba92-479302de0b81" ,
"url--589d8b4d-4724-4bcf-ba92-479302de0b81" ,
"indicator--589d8b4e-a898-4636-ade4-419d02de0b81" ,
"indicator--589d8b4f-b374-4554-bbdc-494f02de0b81" ,
"observed-data--589d8b4f-5a68-4ab7-b7f4-467502de0b81" ,
"url--589d8b4f-5a68-4ab7-b7f4-467502de0b81" ,
"indicator--589d8b50-5a10-418a-bb7a-46c802de0b81" ,
"indicator--589d8b51-2bc4-4db8-a700-413f02de0b81" ,
"observed-data--589d8b52-393c-44c6-b8f2-473f02de0b81" ,
"url--589d8b52-393c-44c6-b8f2-473f02de0b81" ,
"indicator--589d8b53-91f4-45fa-9a21-448602de0b81" ,
"indicator--589d8b53-fb78-4492-a9ce-48d802de0b81" ,
"observed-data--589d8b54-55c4-4995-a656-4c7802de0b81" ,
"url--589d8b54-55c4-4995-a656-4c7802de0b81" ,
"indicator--589d8b55-9bbc-4f13-a90a-4b5002de0b81" ,
"indicator--589d8b56-1054-4679-8be5-479f02de0b81" ,
"observed-data--589d8b57-0914-4e84-b00a-407a02de0b81" ,
"url--589d8b57-0914-4e84-b00a-407a02de0b81" ,
"indicator--589d8b58-43b0-42bd-b8aa-44bb02de0b81" ,
"indicator--589d8b58-b648-47b8-8408-4b3d02de0b81" ,
"observed-data--589d8b59-5294-4bdb-903e-490202de0b81" ,
"url--589d8b59-5294-4bdb-903e-490202de0b81" ,
"indicator--589d8b5a-b58c-4dfe-9032-47ab02de0b81" ,
"indicator--589d8b5b-2b24-46a4-a51d-471e02de0b81" ,
"observed-data--589d8b5c-a6c4-4504-b5c8-4af102de0b81" ,
"url--589d8b5c-a6c4-4504-b5c8-4af102de0b81" ,
"indicator--589d8b5d-3758-4ed0-b8de-4fc102de0b81" ,
"indicator--589d8b5e-7550-44a4-87ff-46cf02de0b81" ,
"observed-data--589d8b5e-f25c-4fd8-a7e8-49a802de0b81" ,
"url--589d8b5e-f25c-4fd8-a7e8-49a802de0b81" ,
"indicator--589d8b5f-6198-43fd-a10e-471802de0b81" ,
"indicator--589d8b60-f6c0-40d8-86e7-416802de0b81" ,
"observed-data--589d8b61-6660-4cd0-8a44-498702de0b81" ,
"url--589d8b61-6660-4cd0-8a44-498702de0b81" ,
"indicator--589d8b62-5368-404b-8f2b-484902de0b81" ,
"indicator--589d8b63-0af0-4e28-8645-465f02de0b81" ,
"observed-data--589d8b63-0a24-4980-a0fa-45b602de0b81" ,
"url--589d8b63-0a24-4980-a0fa-45b602de0b81" ,
"indicator--589d8b64-36f0-4f93-b645-419002de0b81" ,
"indicator--589d8b65-abf0-4ff7-8864-471d02de0b81" ,
"observed-data--589d8b66-1748-47d5-b68a-456202de0b81" ,
"url--589d8b66-1748-47d5-b68a-456202de0b81" ,
"observed-data--589d929e-5bac-4221-8d0d-4da402de0b81" ,
"url--589d929e-5bac-4221-8d0d-4da402de0b81" ,
"observed-data--589d92a0-9f28-4003-8495-47a402de0b81" ,
"url--589d92a0-9f28-4003-8495-47a402de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"misp-galaxy:threat-actor=\"Shell Crew\"" ,
"misp-galaxy:tool=\"StreamEx\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8270-df64-437d-a96b-4a0f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8270-df64-437d-a96b-4a0f950d210f"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\"" ,
"admiralty-scale:source-reliability=\"b\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8270-df64-437d-a96b-4a0f950d210f" ,
"value" : "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--589d86ac-67f0-4796-aba9-4374950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"labels" : [
"misp:type=\"comment\"" ,
"misp:category=\"External analysis\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "comment" ,
"x_misp_value" : "Cylance SPEAR\u00e2\u201e\u00a2 has identified a newer family of samples deployed by Shell Crew that has flown under AV\u00e2\u20ac\u2122s radar for more than a year and a half. Simple programmatic techniques continue to be effective in evading signature-based detection. \r\n\r\nShell Crew, first named by RSA in this paper, has been incredibly proficient over time and breached numerous high-value targets. The backdoor provided an alternative foothold in several observed instances for the group and employed a few tricks like using the Intel SSE extended instruction set to avoid emulation and obscure analysis. \r\n\r\nMost of the variants Cylance identified were 64-bit; however, a couple of earlier 32-bit variants were created in May 2015."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d86bd-00f4-40c6-8b96-4915950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[rule StreamEx\r\n{\r\nstrings:\r\n$a = \"0r+8DQY97XGB5iZ4Vf3KsEt61HLoTOuIqJPp2AlncRCgSxUWyebhMdmzvFjNwka=\"\r\n$b = {34 ?? 88 04 11 48 63 C3 48 FF C1 48 3D D8 03 00 00}\r\n$bb = {81 86 ?? ?? 00 10 34 ?? 88 86 ?? ?? 00 10 46 81 FE D8 03 00 00}\r\n$c = \"greendll\"\r\n$d = \"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36\" wide\r\n$f = {26 5E 25 24 23 91 91 91 91}\r\n$g = \"D:\\\\pdb\\\\ht_d6.pdb\" \r\n\r\ncondition:\r\n$a or $b or $bb or ($c and $d) or $f or $g\r\n} 116_Shell-Crew-Malware_f_SML]" ,
"pattern_type" : "yara" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Artifacts dropped"
}
] ,
"labels" : [
"misp:type=\"yara\"" ,
"misp:category=\"Artifacts dropped\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--589d86d7-b4fc-449e-8674-4d5b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"labels" : [
"misp:type=\"pdb\"" ,
"misp:category=\"Artifacts dropped\""
] ,
"x_misp_category" : "Artifacts dropped" ,
"x_misp_type" : "pdb" ,
"x_misp_value" : "D:\\pdb\\ht_d6.pdb"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8703-4ea8-433e-8b1d-49fb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.214.143.44']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8704-3678-4703-92ac-4e8b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.148.71.127']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8705-2278-44a2-b75e-47de950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '106.185.52.7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8706-92cc-497b-8fe8-4246950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.151.218.149']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8707-3718-4a8b-bbb4-4533950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.161.80.22']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8707-c7c8-4d54-9a66-49dd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.153.5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8708-9e60-47d3-8bab-4755950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '119.57.196.30']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8709-899c-4e25-bb54-4054950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.9.154']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870a-a47c-45df-8fdf-44eb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '158.69.34.129']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870a-b2d4-404a-a4f7-4c87950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.160.16.242']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870b-f57c-4f02-89f3-4285950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.231.49.141']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870c-448c-4285-9b90-44de950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.139.57.26']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870d-edd4-4448-9713-469a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.139.57.27']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870e-7348-487b-9ec7-4804950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.139.57.30']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870e-537c-4ef8-a62f-4b49950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.58.38.100']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d870f-33e8-4aee-83da-4dc5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.73.222.120']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8710-09f0-4852-915e-49a6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '220.73.222.86']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8711-4104-4dc5-ace6-439a950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.139.50.134']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8711-af10-4cd4-98e0-4802950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.210.102.210']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8712-f348-47da-908c-4bda950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.249.81.209']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8713-b7b0-4ebd-9b02-4b75950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.249.81.210']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8714-fbf8-410c-b62c-46ae950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.115.138.215']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8714-d52c-4596-9e73-49c4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.208.228.56']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8715-f9c4-4e52-afc6-4df0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.242.144.2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8964-a938-4ae4-ae7d-43fa950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'seo777.f3322.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8965-7a60-40da-8273-4b6f950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'sexy.f3322.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8966-7b64-47a9-a3ae-46d8950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'allmnz.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8967-754c-4e88-8795-4c42950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'incsteelkor.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89a8-9348-45fb-8317-4879950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'backup.microsoftappstore.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89a9-ccc0-498f-9c25-4de5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'dataserver.cmonkey3.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89aa-cb58-49e4-bf9b-49a2950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'google-helps.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89ab-bae0-46b0-a117-49a0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'kpupdate.amz80.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89ab-e468-4846-8f9a-45b7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'mail-help.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89ac-77d8-4110-8bc1-4442950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'mail-issue.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89ad-e734-4e07-8ef2-4fdb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'microsoftupdating.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89ae-d4d8-4cdd-836f-4229950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'microsoftwww.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89af-8a24-4dd7-8773-445d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'ns1.ccccc.work']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89af-9534-4e81-b70f-47f1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'ns1.superman0x58.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b0-7b60-49d8-b49a-4254950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'ns1.xssr.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b1-7f9c-4e5a-8713-4fc1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'ns2.ccccc.work']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b2-4c60-4592-a144-4be4950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'ns2.superman0x58.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b3-43bc-4638-9730-484b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'ns2.xssr.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b4-91fc-48b1-953e-4ccf950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'qr1.3jd90dsj3df.website']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b4-a2a0-4ece-b121-45bb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'r4.microsoftupdating.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b5-910c-447e-9339-48b9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'rouji.xssr.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b6-3be0-472e-91cd-416e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 't2z0n9.microsoftappstore.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b7-7e60-49ff-8e47-460b950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'temp.mail-issue.top']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b7-c2a4-48cb-bc62-4ca6950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'time-service.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b8-e5cc-42c4-bec9-4366950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'update.microsoftwww.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89b9-193c-46e5-b72b-47a5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'updatecz.mykorean.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89ba-2ccc-4775-9024-4da9950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'uriupdate.newsbs.net']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89bb-f894-4bc8-8f15-41a0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'wwgooglewww.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89bb-6a88-4d66-80fa-4deb950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'www.microsoftwww.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89bc-de04-474a-ae40-4700950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'wwwgooglewww.com']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89bd-6750-4fa5-8ded-442e950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"pattern" : "[domain-name:value = 'zy.xssr.org']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89e2-edb8-4599-a03c-4ddd950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "Compromised website" ,
"pattern" : "[domain-name:value = 'www.aceactor.co.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"hostname\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\"" ,
"adversary:infrastructure-status=\"compromised\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89f8-9c18-490e-b950-4977950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers" ,
"pattern" : "[file:hashes.SHA256 = '0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89f9-c3e4-4bc4-91fc-40b0950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers" ,
"pattern" : "[file:hashes.SHA256 = '60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89fa-35a4-4e9c-9dce-44c5950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers" ,
"pattern" : "[file:hashes.SHA256 = '6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d89fa-f570-44da-a363-47ad950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers" ,
"pattern" : "[file:hashes.SHA256 = '8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a10-aaa0-42bf-b16a-4009950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a10-bbcc-4873-8bb8-4634950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a11-85a8-454b-b8fa-46ae950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = 'bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a12-7b88-45a4-b271-4b7c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = 'fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a20-96d0-4c91-9e81-46a7950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a20-8fc8-4890-bd57-429d950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a21-7f64-4a0c-bb61-4473950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a22-b05c-4677-b565-43c3950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a23-9b98-4fc3-98b6-4301950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a23-4a78-46e3-b28c-4048950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = '82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a24-2d74-4478-93fc-43ac950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = 'a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a25-23d4-45ca-9763-48c1950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = 'd26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8a26-a1ec-49a6-a80e-400c950d210f" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors" ,
"pattern" : "[file:hashes.SHA256 = 'e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b3d-db10-4dac-a7f6-42a902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d" ,
"pattern" : "[file:hashes.SHA1 = '5d9e9616ca8a8034258655758eb19f8930f8fbfe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b3e-1238-4f08-9dc0-41aa02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d" ,
"pattern" : "[file:hashes.MD5 = '6081723ac9d35de3a6eb9b8fcd474bae']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b3f-3914-4d79-9d9b-45de02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b3f-3914-4d79-9d9b-45de02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b3f-3914-4d79-9d9b-45de02de0b81" ,
"value" : "https://www.virustotal.com/file/0f1623511432bac0d8f2a87169952df0b341d90ea1e4218a851b8cdb2b691e2d/analysis/1465809113/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b40-3644-4bcf-b7b7-49ac02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b" ,
"pattern" : "[file:hashes.SHA1 = '91c62ae0edb2edf9237d68f1a85acee211e9f1ca']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b41-6428-4bb7-804b-4a6502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b" ,
"pattern" : "[file:hashes.MD5 = '956a719b0812990b12b648cb03868a67']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b41-9a64-49fe-9f06-4efe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b41-9a64-49fe-9f06-4efe02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b41-9a64-49fe-9f06-4efe02de0b81" ,
"value" : "https://www.virustotal.com/file/60599a679efb167cc43746e5d58bb8f74b6fe57cb028950fde79bd9fd0e6b48b/analysis/1482127685/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b42-b504-49ac-bd74-4e8a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b" ,
"pattern" : "[file:hashes.SHA1 = '1ef6150a2a20667ca3d790b0f2772c495f340902']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b43-ad84-401e-819d-4df202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b" ,
"pattern" : "[file:hashes.MD5 = '01f5afdac12d5265ac73372496440312']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b44-8020-41fb-820a-42d102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b44-8020-41fb-820a-42d102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b44-8020-41fb-820a-42d102de0b81" ,
"value" : "https://www.virustotal.com/file/6c80e57f4957d17c80c0fc5e5809e72ac157a70339163579b7e2f3c0d631dd6b/analysis/1486667967/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b44-4448-421d-90ec-447602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b" ,
"pattern" : "[file:hashes.SHA1 = 'efada2e9ad08a37c250a7595099fc95d3483982a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b45-bccc-4673-9880-4fd402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx Droppers - Xchecked via VT: 8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b" ,
"pattern" : "[file:hashes.MD5 = '0c15030995abd0fb361c0c4f31f8ff3b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b46-3424-4971-ad66-4e5102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b46-3424-4971-ad66-4e5102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"malware_classification:payload-classification=\"dropper\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b46-3424-4971-ad66-4e5102de0b81" ,
"value" : "https://www.virustotal.com/file/8171f3ca246c56d85bdac23ab09ffdaea09410165bf32ed72ef279d2ddaf745b/analysis/1459968445/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b47-c244-412d-9885-48d102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: 369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015" ,
"pattern" : "[file:hashes.SHA1 = '26f2fdfef16407781fbec0ba09f6347f0aacde43']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b47-8e80-42c6-a364-417102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: 369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015" ,
"pattern" : "[file:hashes.MD5 = 'a7ea075b7b3ae7a795df520db52242db']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b48-53d4-4dc6-830a-4cd902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b48-53d4-4dc6-830a-4cd902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b48-53d4-4dc6-830a-4cd902de0b81" ,
"value" : "https://www.virustotal.com/file/369dc64903c52f052ebe547511977f5d677614855da31c416fe13d8eb8ed1015/analysis/1476869912/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b49-5230-4a3b-83f5-44fb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: 8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396" ,
"pattern" : "[file:hashes.SHA1 = '0ff6213496d4b1859a5ae332368a3f0a1c508373']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b4a-a9d8-4b0d-9e6a-494d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: 8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396" ,
"pattern" : "[file:hashes.MD5 = 'c9732aab519274f6c0c5d7e0ecf909a7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b4b-2d64-4d52-9c30-43ef02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b4b-2d64-4d52-9c30-43ef02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b4b-2d64-4d52-9c30-43ef02de0b81" ,
"value" : "https://www.virustotal.com/file/8269c8183fb5e50acf08dea65d8a3d99f406f7febd61dc361622f21b58570396/analysis/1482732652/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b4b-941c-4ed4-a8c9-400402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d" ,
"pattern" : "[file:hashes.SHA1 = 'f99523c35acce33b3be591dff08e14ea585267c6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b4c-a7f4-45d2-ac57-419f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d" ,
"pattern" : "[file:hashes.MD5 = 'db5a5de95b1badcdbb518b77e947f2ab']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b4d-4724-4bcf-ba92-479302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b4d-4724-4bcf-ba92-479302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b4d-4724-4bcf-ba92-479302de0b81" ,
"value" : "https://www.virustotal.com/file/bfe4da21398a2ac19b04174a7754acc1c2d1725dac7e0651544ff46df9f9005d/analysis/1475875168/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b4e-a898-4636-ade4-419d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7" ,
"pattern" : "[file:hashes.SHA1 = '1d1d37b9a1c35f8e352abe33af5164e61fb61f29']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b4f-b374-4554-bbdc-494f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 32-bit Backdoors - Xchecked via VT: fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7" ,
"pattern" : "[file:hashes.MD5 = 'c0ad63a680fbdc75d54b270cbedb4739']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b4f-5a68-4ab7-b7f4-467502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b4f-5a68-4ab7-b7f4-467502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b4f-5a68-4ab7-b7f4-467502de0b81" ,
"value" : "https://www.virustotal.com/file/fd0c9c28781de60ed70f32b9e138ab7d95201a5f08a4bc0230b24493597022d7/analysis/1475793989/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b50-5a10-418a-bb7a-46c802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423" ,
"pattern" : "[file:hashes.SHA1 = 'e2a9b047b771987c2656afa16c4aadf01d042aa6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b51-2bc4-4db8-a700-413f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423" ,
"pattern" : "[file:hashes.MD5 = 'eafe79709f6cb5e4334a549bb278f123']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b52-393c-44c6-b8f2-473f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b52-393c-44c6-b8f2-473f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b52-393c-44c6-b8f2-473f02de0b81" ,
"value" : "https://www.virustotal.com/file/04f69ebca26ee0ab2fc896f803102fdbb0700726074048755c55c891a9243423/analysis/1486664916/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b53-91f4-45fa-9a21-448602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b" ,
"pattern" : "[file:hashes.SHA1 = '7c67a29928cb62fca61c830e90a965dafef40cd0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b53-fb78-4492-a9ce-48d802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b" ,
"pattern" : "[file:hashes.MD5 = 'f34276afaa1071f4c9610b451b5862b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b54-55c4-4995-a656-4c7802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b54-55c4-4995-a656-4c7802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b54-55c4-4995-a656-4c7802de0b81" ,
"value" : "https://www.virustotal.com/file/37a2ede8de56fe85b4baf4220046dd2923d66ea7d906a5c009751f9f630aec0b/analysis/1437552747/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b55-9bbc-4f13-a90a-4b5002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836" ,
"pattern" : "[file:hashes.SHA1 = '5994a7027f5753cf025d5ec1e9a2d6374f587795']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b56-1054-4679-8be5-479f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836" ,
"pattern" : "[file:hashes.MD5 = '8f8f1819f8844157e80b9f3aba3f6bcf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b57-0914-4e84-b00a-407a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b57-0914-4e84-b00a-407a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b57-0914-4e84-b00a-407a02de0b81" ,
"value" : "https://www.virustotal.com/file/434df165b56c70ff5479ebd3f8d65c1585076c16a19e20bdee750c9f0119e836/analysis/1438116372/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b58-43b0-42bd-b8aa-44bb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0" ,
"pattern" : "[file:hashes.SHA1 = 'a29e65c644c827a8f0be61f8a5a58d6e2feeacf5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b58-b648-47b8-8408-4b3d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0" ,
"pattern" : "[file:hashes.MD5 = 'e13a072c13c546179be752c4aca9efa6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b59-5294-4bdb-903e-490202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b59-5294-4bdb-903e-490202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b59-5294-4bdb-903e-490202de0b81" ,
"value" : "https://www.virustotal.com/file/50712f13f0ed2cabc264ec62581857468b2670e3a4226d76369c9367648b9ff0/analysis/1485840922/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b5a-b58c-4dfe-9032-47ab02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b" ,
"pattern" : "[file:hashes.SHA1 = '21d9298202fc35dbf2861838a9bbf6709d5bdae8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b5b-2b24-46a4-a51d-471e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b" ,
"pattern" : "[file:hashes.MD5 = 'c78d2b6c855db963dd01d4659f8ca8ea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b5c-a6c4-4504-b5c8-4af102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b5c-a6c4-4504-b5c8-4af102de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b5c-a6c4-4504-b5c8-4af102de0b81" ,
"value" : "https://www.virustotal.com/file/5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b/analysis/1466392954/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b5d-3758-4ed0-b8de-4fc102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa" ,
"pattern" : "[file:hashes.SHA1 = '8bc0bfa58d13a3c5c043823439047f4bbf78211e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b5e-7550-44a4-87ff-46cf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: 82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa" ,
"pattern" : "[file:hashes.MD5 = 'd95706b6a189358e7a748112cb644250']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b5e-f25c-4fd8-a7e8-49a802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b5e-f25c-4fd8-a7e8-49a802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b5e-f25c-4fd8-a7e8-49a802de0b81" ,
"value" : "https://www.virustotal.com/file/82a7f8c488cf287908f8f80b458bf19410f16ee0df0d8f2eb9f923efc3e0a2fa/analysis/1486719218/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b5f-6198-43fd-a10e-471802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc" ,
"pattern" : "[file:hashes.SHA1 = '04e107941935f17c7fd51d493752732d813d4b0f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b60-f6c0-40d8-86e7-416802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc" ,
"pattern" : "[file:hashes.MD5 = '7889a9a86d8b8145794e4b0e30d4d8ff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b61-6660-4cd0-8a44-498702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b61-6660-4cd0-8a44-498702de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b61-6660-4cd0-8a44-498702de0b81" ,
"value" : "https://www.virustotal.com/file/a20d81fcbdcfe6183eaaba489219c44942da3e5fc86ce383568b63b22e6981dc/analysis/1485788774/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b62-5368-404b-8f2b-484902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad" ,
"pattern" : "[file:hashes.SHA1 = '87c11159c993c410b06a5be5c6748d6db0c54109']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b63-0af0-4e28-8645-465f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad" ,
"pattern" : "[file:hashes.MD5 = '4b32f28adc3675401ba548dcaed7058b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b63-0a24-4980-a0fa-45b602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b63-0a24-4980-a0fa-45b602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b63-0a24-4980-a0fa-45b602de0b81" ,
"value" : "https://www.virustotal.com/file/d26f914eb9f58f9efeba3ae5362cf605a371f881183da201a8528f9c9b65b5ad/analysis/1486716680/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b64-36f0-4f93-b645-419002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720" ,
"pattern" : "[file:hashes.SHA1 = '17f668e899a3523bf88f633bbffcab0df63344be']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--589d8b65-abf0-4ff7-8864-471d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"description" : "StreamEx 64-Bit Backdoors - Xchecked via VT: e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720" ,
"pattern" : "[file:hashes.MD5 = '311d93ce6860777da29a46b83c1b06ec']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-02-10T10:14:32Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d8b66-1748-47d5-b68a-456202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:32.000Z" ,
"modified" : "2017-02-10T10:14:32.000Z" ,
"first_observed" : "2017-02-10T10:14:32Z" ,
"last_observed" : "2017-02-10T10:14:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d8b66-1748-47d5-b68a-456202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d8b66-1748-47d5-b68a-456202de0b81" ,
"value" : "https://www.virustotal.com/file/e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720/analysis/1475794860/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d929e-5bac-4221-8d0d-4da402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:54.000Z" ,
"modified" : "2017-02-10T10:14:54.000Z" ,
"first_observed" : "2017-02-10T10:14:54Z" ,
"last_observed" : "2017-02-10T10:14:54Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d929e-5bac-4221-8d0d-4da402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d929e-5bac-4221-8d0d-4da402de0b81" ,
"value" : "https://www.virustotal.com/file/5747de930d6f2dd456765aada5f31b4c2149388625399ae8d0c025cc8509880b/analysis/1486720042/"
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--589d92a0-9f28-4003-8495-47a402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-02-10T10:14:56.000Z" ,
"modified" : "2017-02-10T10:14:56.000Z" ,
"first_observed" : "2017-02-10T10:14:56Z" ,
"last_observed" : "2017-02-10T10:14:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--589d92a0-9f28-4003-8495-47a402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"Payload delivery\"" ,
"ms-caro-malware:malware-type=\"Backdoor\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--589d92a0-9f28-4003-8495-47a402de0b81" ,
"value" : "https://www.virustotal.com/file/e5590c6eca821160d02c75025bf9ee30de418269471ae21bff422933fbb46720/analysis/1486721124/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
