2023-04-21 13:25:09 +00:00
{
2023-06-14 17:31:25 +00:00
"type" : "bundle" ,
"id" : "bundle--58e8a3b2-b0fc-41a9-b89a-4a8b02de0b81" ,
"objects" : [
{
"type" : "identity" ,
"spec_version" : "2.1" ,
"id" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"name" : "CIRCL" ,
"identity_class" : "organization"
} ,
{
"type" : "report" ,
"spec_version" : "2.1" ,
"id" : "report--58e8a3b2-b0fc-41a9-b89a-4a8b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"name" : "OSINT - The Blockbuster Sequel" ,
"published" : "2017-04-08T09:02:14Z" ,
"object_refs" : [
"observed-data--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81" ,
"url--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81" ,
"x-misp-attribute--58e8a3d4-01f8-405a-9ea5-478c02de0b81" ,
"indicator--58e8a3ef-149c-4d92-8ae0-4e8a02de0b81" ,
"indicator--58e8a3f0-0444-4f4b-b28b-4f9502de0b81" ,
"indicator--58e8a3f1-72b0-4dc1-a42f-410f02de0b81" ,
"indicator--58e8a3f2-ff8c-4d45-af1d-414102de0b81" ,
"indicator--58e8a3f4-31c8-4111-84a5-4f3002de0b81" ,
"indicator--58e8a3f5-c270-40be-b7d1-46ba02de0b81" ,
"indicator--58e8a3f6-5e2c-4807-a344-4d1802de0b81" ,
"indicator--58e8a3f7-5f08-4120-8087-447902de0b81" ,
"indicator--58e8a3f8-1f3c-437d-b6d8-4d9c02de0b81" ,
"indicator--58e8a3f9-9098-48ce-9326-4d7a02de0b81" ,
"indicator--58e8a3fa-9d24-421f-9147-446802de0b81" ,
"indicator--58e8a3fb-9458-4e66-8137-4f1102de0b81" ,
"indicator--58e8a3fc-af2c-4168-9c2a-478802de0b81" ,
"indicator--58e8a3fd-3e98-44ce-b36e-4af902de0b81" ,
"indicator--58e8a3fe-97a0-4a64-8df7-481e02de0b81" ,
"indicator--58e8a3ff-99a4-4450-9d5b-4d2002de0b81" ,
"indicator--58e8a400-427c-4e8b-96a4-474002de0b81" ,
"indicator--58e8a419-731c-4891-997d-4edf02de0b81" ,
"indicator--58e8a41a-a160-4bb0-9c0f-447802de0b81" ,
"indicator--58e8a41b-c444-4b90-b083-4aa802de0b81" ,
"indicator--58e8a41c-9aa8-4537-9994-4f6102de0b81" ,
"indicator--58e8a41d-d544-4557-8083-47b902de0b81" ,
"indicator--58e8a43b-4d6c-407b-b1f2-401e02de0b81" ,
"indicator--58e8a43c-d3bc-4afd-a297-4f1702de0b81" ,
"indicator--58e8a43d-1f6c-4981-93e7-4ce502de0b81" ,
"indicator--58e8a43e-146c-4457-851c-4a3802de0b81" ,
"indicator--58e8a43f-cbfc-4957-99d7-497902de0b81" ,
"indicator--58e8a440-109c-40c8-ac6b-4fc002de0b81" ,
"indicator--58e8a441-10d8-433b-b0cb-494302de0b81" ,
"indicator--58e8a442-2258-4664-9280-463702de0b81" ,
"indicator--58e8a443-d940-43f7-9898-424e02de0b81" ,
"indicator--58e8a444-d478-4d26-b59e-41b902de0b81" ,
"indicator--58e8a445-848c-48a3-adcd-4bfa02de0b81" ,
"indicator--58e8a446-ad54-44e8-a039-442602de0b81" ,
"indicator--58e8a447-5550-4384-8ad5-425302de0b81" ,
"indicator--58e8a449-b570-4ad5-92da-474202de0b81" ,
"indicator--58e8a44a-06f0-4489-a35b-450302de0b81" ,
"indicator--58e8a44b-55d0-4a1e-9da5-433d02de0b81" ,
"indicator--58e8a44c-8714-424e-b043-427002de0b81" ,
"indicator--58e8a44d-c534-4680-9706-46d602de0b81" ,
"indicator--58e8a44e-fbb0-49dc-9067-425702de0b81" ,
"indicator--58e8a44f-a4c4-47ed-8cd9-4f9e02de0b81" ,
"indicator--58e8a450-bbf8-448b-a034-459302de0b81" ,
"indicator--58e8a452-9ad0-4ce8-9f13-452f02de0b81" ,
"indicator--58e8a453-082c-45f2-8f30-4b5402de0b81" ,
"indicator--58e8a454-4858-49f4-ae93-4f0f02de0b81" ,
"indicator--58e8a455-ec38-4c59-b1ec-44fe02de0b81" ,
"indicator--58e8a47d-dff0-486f-bb29-4f9402de0b81" ,
"indicator--58e8a47e-16ac-4f37-910e-4cbc02de0b81" ,
"indicator--58e8a47f-1334-4e58-8b8b-418402de0b81" ,
"indicator--58e8a480-f058-4880-b65c-45fa02de0b81" ,
"indicator--58e8a481-da18-411d-b544-469002de0b81" ,
"indicator--58e8a482-365c-4e28-a273-448002de0b81" ,
"indicator--58e8a483-c8c0-42e8-978b-4fcd02de0b81" ,
"indicator--58e8a485-49d0-412e-b3c0-44ce02de0b81" ,
"indicator--58e8a486-aab4-42cc-a208-457802de0b81" ,
"indicator--58e8a487-d8ec-4f43-8abd-481202de0b81" ,
"indicator--58e8a488-3518-4276-a7db-4a5102de0b81" ,
"indicator--58e8a489-a968-4b90-8d52-4d8002de0b81" ,
"indicator--58e8a48a-83a0-40fb-97dc-4f2102de0b81" ,
"indicator--58e8a4b1-d3e8-4539-b80e-40d702de0b81" ,
"indicator--58e8a4b2-f458-4a32-a84a-4c6c02de0b81" ,
"indicator--58e8a4c2-e7a0-4e01-af46-4cb002de0b81" ,
"indicator--58e8a4c3-f544-4f85-9e78-45eb02de0b81" ,
"indicator--58e8a643-f524-4272-a28c-489f02de0b81" ,
"indicator--58e8a644-789c-428e-b441-497402de0b81" ,
"observed-data--58e8a645-f25c-4eb6-bdb9-484802de0b81" ,
"url--58e8a645-f25c-4eb6-bdb9-484802de0b81" ,
"indicator--58e8a646-a0a4-43b7-a83b-47c302de0b81" ,
"indicator--58e8a647-d688-4027-adff-446402de0b81" ,
"observed-data--58e8a647-c168-4120-a612-4acb02de0b81" ,
"url--58e8a647-c168-4120-a612-4acb02de0b81" ,
"indicator--58e8a648-27c4-4143-92d2-4b0e02de0b81" ,
"indicator--58e8a649-2834-4857-ace8-416202de0b81" ,
"observed-data--58e8a64b-3a84-4702-add8-457e02de0b81" ,
"url--58e8a64b-3a84-4702-add8-457e02de0b81" ,
"indicator--58e8a64c-aa1c-4670-874e-47ff02de0b81" ,
"indicator--58e8a64d-d290-4125-bf79-4d6f02de0b81" ,
"observed-data--58e8a64d-75b4-479c-8e15-4fcb02de0b81" ,
"url--58e8a64d-75b4-479c-8e15-4fcb02de0b81" ,
"indicator--58e8a64e-3f70-44a5-9007-48ad02de0b81" ,
"indicator--58e8a64f-408c-4fec-810a-459a02de0b81" ,
"observed-data--58e8a650-75f8-4c90-aaf0-423402de0b81" ,
"url--58e8a650-75f8-4c90-aaf0-423402de0b81" ,
"indicator--58e8a651-e038-4dc3-ba0a-446202de0b81" ,
"indicator--58e8a652-1174-4f93-96a3-4ddb02de0b81" ,
"observed-data--58e8a654-1388-40a7-ac90-418502de0b81" ,
"url--58e8a654-1388-40a7-ac90-418502de0b81" ,
"indicator--58e8a655-d5e4-4e1f-b292-411702de0b81" ,
"indicator--58e8a656-a36c-4b49-8037-40c802de0b81" ,
"observed-data--58e8a657-7fbc-4c5b-b2cb-460e02de0b81" ,
"url--58e8a657-7fbc-4c5b-b2cb-460e02de0b81" ,
"indicator--58e8a657-7d24-43c1-9123-49d102de0b81" ,
"indicator--58e8a658-fa98-4155-8038-405802de0b81" ,
"observed-data--58e8a659-d434-44c3-bc37-44ab02de0b81" ,
"url--58e8a659-d434-44c3-bc37-44ab02de0b81" ,
"indicator--58e8a65a-8b60-4d7c-a227-4fcc02de0b81" ,
"indicator--58e8a65b-da3c-4f1a-9996-471802de0b81" ,
"observed-data--58e8a65c-2284-4a2d-a471-404c02de0b81" ,
"url--58e8a65c-2284-4a2d-a471-404c02de0b81" ,
"indicator--58e8a65d-42b0-416b-82c5-4f6902de0b81" ,
"indicator--58e8a65e-62f0-467d-bb96-457c02de0b81" ,
"observed-data--58e8a65f-6c90-4021-bfdb-4d3d02de0b81" ,
"url--58e8a65f-6c90-4021-bfdb-4d3d02de0b81" ,
"indicator--58e8a660-8994-43e6-a244-417802de0b81" ,
"indicator--58e8a660-c848-42c7-a6b7-4a7d02de0b81" ,
"observed-data--58e8a661-332c-45c1-bbca-4f1f02de0b81" ,
"url--58e8a661-332c-45c1-bbca-4f1f02de0b81" ,
"indicator--58e8a662-c00c-46f4-8757-4f6802de0b81" ,
"indicator--58e8a663-67b8-4a9a-baf6-40be02de0b81" ,
"observed-data--58e8a664-5c30-4bcc-9fec-4ad602de0b81" ,
"url--58e8a664-5c30-4bcc-9fec-4ad602de0b81" ,
"indicator--58e8a665-1c3c-4769-8d91-493e02de0b81" ,
"indicator--58e8a666-fe80-4f90-ac1d-41e302de0b81" ,
"observed-data--58e8a667-d238-4e5e-9dc3-478902de0b81" ,
"url--58e8a667-d238-4e5e-9dc3-478902de0b81" ,
"indicator--58e8a668-3714-4a9a-b80c-437c02de0b81" ,
"indicator--58e8a668-8b7c-4175-bff3-44ed02de0b81" ,
"observed-data--58e8a669-1514-4f75-99d7-4b2002de0b81" ,
"url--58e8a669-1514-4f75-99d7-4b2002de0b81" ,
"indicator--58e8a66a-3638-47ed-bf3b-4e4a02de0b81" ,
"indicator--58e8a66c-d324-4686-b3e9-4f3c02de0b81" ,
"observed-data--58e8a66d-d284-4960-92ec-4c6c02de0b81" ,
"url--58e8a66d-d284-4960-92ec-4c6c02de0b81" ,
"indicator--58e8a66e-9178-481f-918f-40b902de0b81" ,
"indicator--58e8a66f-3cfc-47da-aef1-422302de0b81" ,
"observed-data--58e8a670-99a8-4f91-af1a-463602de0b81" ,
"url--58e8a670-99a8-4f91-af1a-463602de0b81" ,
"indicator--58e8a671-0934-4ab3-8f65-485602de0b81" ,
"indicator--58e8a673-1040-4a62-8c51-4ee902de0b81" ,
"observed-data--58e8a674-72b8-4f8a-8eec-4a4202de0b81" ,
"url--58e8a674-72b8-4f8a-8eec-4a4202de0b81" ,
"indicator--58e8a675-7ab8-425a-af39-4d7002de0b81" ,
"indicator--58e8a676-2334-4ff5-aab0-443302de0b81" ,
"observed-data--58e8a677-ef6c-43bf-8f1a-452602de0b81" ,
"url--58e8a677-ef6c-43bf-8f1a-452602de0b81" ,
"indicator--58e8a678-e1e4-42c9-9e85-4fef02de0b81" ,
"indicator--58e8a679-ee78-47d8-8644-408f02de0b81" ,
"observed-data--58e8a67b-38a4-49fe-99bc-49b402de0b81" ,
"url--58e8a67b-38a4-49fe-99bc-49b402de0b81" ,
"indicator--58e8a67c-b7b4-465e-bf98-4a6902de0b81" ,
"indicator--58e8a67d-4410-48d2-85ae-479102de0b81" ,
"observed-data--58e8a67e-70e8-483c-a4a7-43d302de0b81" ,
"url--58e8a67e-70e8-483c-a4a7-43d302de0b81" ,
"indicator--58e8a67f-50a0-4ead-85b5-40b802de0b81" ,
"indicator--58e8a680-5310-4552-8cbb-4f6c02de0b81" ,
"observed-data--58e8a681-dde8-4f18-8afc-4bee02de0b81" ,
"url--58e8a681-dde8-4f18-8afc-4bee02de0b81" ,
"indicator--58e8a682-4a9c-4018-a50a-46b802de0b81" ,
"indicator--58e8a683-75b4-427a-8d12-4e4e02de0b81" ,
"observed-data--58e8a684-4aa8-404c-9e45-46be02de0b81" ,
"url--58e8a684-4aa8-404c-9e45-46be02de0b81" ,
"indicator--58e8a685-3564-435b-8a5d-483b02de0b81" ,
"indicator--58e8a685-8c10-4689-9e64-4b3502de0b81" ,
"observed-data--58e8a686-5770-4612-989f-44f902de0b81" ,
"url--58e8a686-5770-4612-989f-44f902de0b81" ,
"indicator--58e8a687-5dcc-42da-a16a-43a102de0b81" ,
"indicator--58e8a688-393c-4996-8eec-4c4202de0b81" ,
"observed-data--58e8a689-5ad4-4909-9e7e-461a02de0b81" ,
"url--58e8a689-5ad4-4909-9e7e-461a02de0b81" ,
"indicator--58e8a68a-582c-45bd-a0c5-404c02de0b81" ,
"indicator--58e8a68b-5564-43eb-bd9d-4ef502de0b81" ,
"observed-data--58e8a68c-4040-4022-b5ee-4f4002de0b81" ,
"url--58e8a68c-4040-4022-b5ee-4f4002de0b81"
] ,
"labels" : [
"Threat-Report" ,
"misp:tool=\"MISP-STIX-Converter\"" ,
"osint:source-type=\"blog-post\"" ,
"misp-galaxy:threat-actor=\"Lazarus Group\""
] ,
"object_marking_refs" : [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"first_observed" : "2017-04-08T08:57:40Z" ,
"last_observed" : "2017-04-08T08:57:40Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a3c0-5b8c-4de6-8ee1-4fdd02de0b81" ,
"value" : "http://researchcenter.paloaltonetworks.com/2017/04/unit42-the-blockbuster-sequel/"
} ,
{
"type" : "x-misp-attribute" ,
"spec_version" : "2.1" ,
"id" : "x-misp-attribute--58e8a3d4-01f8-405a-9ea5-478c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"labels" : [
"misp:type=\"text\"" ,
"misp:category=\"External analysis\"" ,
"osint:source-type=\"blog-post\""
] ,
"x_misp_category" : "External analysis" ,
"x_misp_type" : "text" ,
"x_misp_value" : "Unit 42 has identified malware with recent compilation and distribution timestamps that has code, infrastructure, and themes overlapping with threats described previously in the Operation Blockbuster report, written by researchers at Novetta. This report details the activities from a group they named Lazarus, their tools, and the techniques they use to infiltrate computer networks. The Lazarus group is tied to the 2014 attack on Sony Pictures Entertainment and the 2013 DarkSeoul attacks.\r\n\r\nThis recently identified activity is targeting Korean speaking individuals, while the threat actors behind the attack likely speak both Korean and English. This blog will detail the recently discovered samples, their functionality, and their ties to the threat group behind Operation Blockbuster."
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3ef-149c-4d92-8ae0-4e8a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.224.82.154']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f0-0444-4f4b-b28b-4f9502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.67.205.101']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f1-72b0-4dc1-a42f-410f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '182.70.113.138']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f2-ff8c-4d45-af1d-414102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.189.144.145']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f4-31c8-4111-84a5-4f3002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.26.11.17']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f5-c270-40be-b7d1-46ba02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.105.242.64']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f6-5e2c-4807-a344-4d1802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.233.13.11']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f7-5f08-4120-8087-447902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.233.13.62']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f8-1f3c-437d-b6d8-4d9c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.236.42.52']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3f9-9098-48ce-9326-4d7a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.49.171.243']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3fa-9d24-421f-9147-446802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.103.37.22']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3fb-9458-4e66-8137-4f1102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.138.17.152']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3fc-af2c-4168-9c2a-478802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '221.161.82.208']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3fd-3e98-44ce-b36e-4af902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.115.75.188']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3fe-97a0-4a64-8df7-481e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.100.180.9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a3ff-99a4-4450-9d5b-4d2002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '61.78.63.95']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a400-427c-4e8b-96a4-474002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 IPv4 Address" ,
"pattern" : "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.153.49.82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"ip-dst\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a419-731c-4891-997d-4edf02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 Domain" ,
"pattern" : "[domain-name:value = 'daedong.or.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a41a-a160-4bb0-9c0f-447802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 Domain" ,
"pattern" : "[domain-name:value = 'kcnp.or.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a41b-c444-4b90-b083-4aa802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 Domain" ,
"pattern" : "[domain-name:value = 'kosic.or.kr']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a41c-9aa8-4537-9994-4f6102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 Domain" ,
"pattern" : "[domain-name:value = 'wstore.lt']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a41d-d544-4557-8083-47b902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "C2 Domain" ,
"pattern" : "[domain-name:value = 'xkclub.hk']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Network activity"
}
] ,
"labels" : [
"misp:type=\"domain\"" ,
"misp:category=\"Network activity\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a43b-4d6c-407b-b1f2-401e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '02d74124957b6de4b087a7d12efa01c43558bf6bdaccef9926a022bcffcdcfea']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a43c-d3bc-4afd-a297-4f1702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a43d-1f6c-4981-93e7-4ce502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '18579d1cc9810ca0b5230e8671a16f9e65b9c9cdd268db6c3535940c30b12f9e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a43e-146c-4457-851c-4a3802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '19b23f169606bd390581afe1b27c2c8659d736cbfa4c3e58ed83a287049522f6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a43f-cbfc-4957-99d7-497902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a440-109c-40c8-ac6b-4fc002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '440dd79e8e5906f0a73b80bf0dc58f186cb289b4edb9e5bc4922d4e197bce10c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a441-10d8-433b-b0cb-494302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '446ce29f6df3ac2692773e0a9b2a973d0013e059543c858554ac8200ba1d09cf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a442-2258-4664-9280-463702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a443-d940-43f7-9898-424e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '5c10b34e99b0f0681f79eaba39e3fe60e1a03ec43faf14b28850be80830722cb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a444-d478-4d26-b59e-41b902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '644c01322628adf8574d69afe25c4eb2cdc0bfa400e689645c2ab80becbacc33']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a445-848c-48a3-adcd-4bfa02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a446-ad54-44e8-a039-442602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a447-5550-4384-8ad5-425302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '79fe6576d0a26bd41f1f3a3a7bfeff6b5b7c867d624b004b21fadfdd49e6cb18']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a449-b570-4ad5-92da-474202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a44a-06f0-4489-a35b-450302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '8b21e36aa81ace60c797ac8299c8a80f366cb0f3c703465a2b9a6dbf3e65861e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a44b-55d0-4a1e-9da5-433d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = '9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a44c-8714-424e-b043-427002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'd843f31a1fb62ee49939940bf5a998472a9f92b23336affa7bccfa836fe299f5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a44d-c534-4680-9706-46d602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a44e-fbb0-49dc-9067-425702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a44f-a4c4-47ed-8cd9-4f9e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a450-bbf8-448b-a034-459302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'f365a042fbf57ed2fe3fd75b588c46ae358c14441905df1446e67d348bd902bf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a452-9ad0-4ce8-9f13-452f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'f618245e69695f6e985168f5e307fd6dc7e848832bf01c529818cbcfa4089e4a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a453-082c-45f2-8f30-4b5402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'fa45603334dae86cc72e356df9aa5e21151bb09ffabf86b8dbf5bf42bd2bbadf']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a454-4858-49f4-ae93-4f0f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'fc19a42c423aefb5fdb19b50db52f84e1cbd20af6530e7c7b39435c4c7248cc7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a455-ec38-4c59-b1ec-44fe02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Additional Related Samples" ,
"pattern" : "[file:hashes.SHA256 = 'ff4581d0c73bd526efdd6384bc1fb44b856120bc6bbf0098a1fa0de3efff900d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a47d-dff0-486f-bb29-4f9402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a47e-16ac-4f37-910e-4cbc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a47f-1334-4e58-8b8b-418402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = 'd1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a480-f058-4880-b65c-45fa02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a481-da18-411d-b544-469002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = 'dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a482-365c-4e28-a273-448002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = 'f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a483-c8c0-42e8-978b-4fcd02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a485-49d0-412e-b3c0-44ce02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a486-aab4-42cc-a208-457802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a487-d8ec-4f43-8abd-481202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a488-3518-4276-a7db-4a5102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '6ccb8a10e253cddd8d4c4b85d19bbb288b56b8174a3f1f2fe1f9151732e1a7da']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a489-a968-4b90-8d52-4d8002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a48a-83a0-40fb-97dc-4f2102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Testing Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = '9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a4b1-d3e8-4539-b80e-40d702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Initial Payload" ,
"pattern" : "[file:hashes.SHA256 = '1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a4b2-f458-4a32-a84a-4c6c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Initial Payload (unpacked)" ,
"pattern" : "[file:hashes.SHA256 = '032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a4c2-e7a0-4e01-af46-4cb002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Initial Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = 'cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a4c3-f544-4f85-9e78-45eb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:57:40.000Z" ,
"modified" : "2017-04-08T08:57:40.000Z" ,
"description" : "Initial Malicious Document" ,
"pattern" : "[file:hashes.SHA256 = 'ff58189452668d8c2829a0e9ba8a98a34482c4f2c5c363dc0671700ba58b7bee']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:57:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha256\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a643-f524-4272-a28c-489f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:43.000Z" ,
"modified" : "2017-04-08T08:58:43.000Z" ,
"description" : "Initial Malicious Document - Xchecked via VT: cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b" ,
"pattern" : "[file:hashes.SHA1 = 'b2204bb750842e3d9f4da914ad527a33efca7532']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a644-789c-428e-b441-497402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:44.000Z" ,
"modified" : "2017-04-08T08:58:44.000Z" ,
"description" : "Initial Malicious Document - Xchecked via VT: cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b" ,
"pattern" : "[file:hashes.MD5 = 'e656e1e46e3ad644f9701378490880e2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a645-f25c-4eb6-bdb9-484802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:45.000Z" ,
"modified" : "2017-04-08T08:58:45.000Z" ,
"first_observed" : "2017-04-08T08:58:45Z" ,
"last_observed" : "2017-04-08T08:58:45Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a645-f25c-4eb6-bdb9-484802de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a645-f25c-4eb6-bdb9-484802de0b81" ,
"value" : "https://www.virustotal.com/file/cec26d8629c5f223a120677a5c7fbd8d477f9a1b963f19d3f1195a7f94bc194b/analysis/1491597656/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a646-a0a4-43b7-a83b-47c302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:46.000Z" ,
"modified" : "2017-04-08T08:58:46.000Z" ,
"description" : "Initial Payload (unpacked) - Xchecked via VT: 032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0" ,
"pattern" : "[file:hashes.SHA1 = '55f56b74a65521a3524be9fe3ea8d30505704ab5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a647-d688-4027-adff-446402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:47.000Z" ,
"modified" : "2017-04-08T08:58:47.000Z" ,
"description" : "Initial Payload (unpacked) - Xchecked via VT: 032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0" ,
"pattern" : "[file:hashes.MD5 = 'cab10f19ae0a6deeb7be7bd0b46a0f5f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a647-c168-4120-a612-4acb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:47.000Z" ,
"modified" : "2017-04-08T08:58:47.000Z" ,
"first_observed" : "2017-04-08T08:58:47Z" ,
"last_observed" : "2017-04-08T08:58:47Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a647-c168-4120-a612-4acb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a647-c168-4120-a612-4acb02de0b81" ,
"value" : "https://www.virustotal.com/file/032ccd6ae0a6e49ac93b7bd10c7d249f853fff3f5771a1fe3797f733f09db5a0/analysis/1491640686/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a648-27c4-4143-92d2-4b0e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:48.000Z" ,
"modified" : "2017-04-08T08:58:48.000Z" ,
"description" : "Initial Payload - Xchecked via VT: 1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65" ,
"pattern" : "[file:hashes.SHA1 = 'dcc4e51730c0114f110405e3e42e721384969add']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:48Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a649-2834-4857-ace8-416202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:49.000Z" ,
"modified" : "2017-04-08T08:58:49.000Z" ,
"description" : "Initial Payload - Xchecked via VT: 1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65" ,
"pattern" : "[file:hashes.MD5 = 'a4b3404fffc581ab06d50f3f2243cb56']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a64b-3a84-4702-add8-457e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:51.000Z" ,
"modified" : "2017-04-08T08:58:51.000Z" ,
"first_observed" : "2017-04-08T08:58:51Z" ,
"last_observed" : "2017-04-08T08:58:51Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a64b-3a84-4702-add8-457e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a64b-3a84-4702-add8-457e02de0b81" ,
"value" : "https://www.virustotal.com/file/1322b5642e19586383e663613188b0cead91f30a0ab1004bf06f10d8b15daf65/analysis/1491597476/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a64c-aa1c-4670-874e-47ff02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:52.000Z" ,
"modified" : "2017-04-08T08:58:52.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff" ,
"pattern" : "[file:hashes.SHA1 = '6f23666a209c80d3aa475f1382a065a818346339']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a64d-d290-4125-bf79-4d6f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:53.000Z" ,
"modified" : "2017-04-08T08:58:53.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff" ,
"pattern" : "[file:hashes.MD5 = '01a07e5a28e53a5bc541d178fe229599']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:53Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a64d-75b4-479c-8e15-4fcb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:53.000Z" ,
"modified" : "2017-04-08T08:58:53.000Z" ,
"first_observed" : "2017-04-08T08:58:53Z" ,
"last_observed" : "2017-04-08T08:58:53Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a64d-75b4-479c-8e15-4fcb02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a64d-75b4-479c-8e15-4fcb02de0b81" ,
"value" : "https://www.virustotal.com/file/9e71d0fdb9874049f310a6ab118ba2559fc1c491ed93c3fd6f250c780e61b6ff/analysis/1490008053/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a64e-3f70-44a5-9007-48ad02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:54.000Z" ,
"modified" : "2017-04-08T08:58:54.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b" ,
"pattern" : "[file:hashes.SHA1 = '033bf940b65c1a5247f22be6c8f9c4144ab9ef8c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a64f-408c-4fec-810a-459a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:55.000Z" ,
"modified" : "2017-04-08T08:58:55.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b" ,
"pattern" : "[file:hashes.MD5 = '2b78a7f0cd2efb69bdacff9b9c59f9cc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a650-75f8-4c90-aaf0-423402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:56.000Z" ,
"modified" : "2017-04-08T08:58:56.000Z" ,
"first_observed" : "2017-04-08T08:58:56Z" ,
"last_observed" : "2017-04-08T08:58:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a650-75f8-4c90-aaf0-423402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a650-75f8-4c90-aaf0-423402de0b81" ,
"value" : "https://www.virustotal.com/file/8b2c44c4b4dc3d7cf1b71bd6fcc37898dcd9573fcf3cb8159add6cb9cfc9651b/analysis/1490007705/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a651-e038-4dc3-ba0a-446202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:57.000Z" ,
"modified" : "2017-04-08T08:58:57.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7" ,
"pattern" : "[file:hashes.SHA1 = '770f800510bde5c8b051052e43f13fb0d0432883']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:57Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a652-1174-4f93-96a3-4ddb02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:58:58.000Z" ,
"modified" : "2017-04-08T08:58:58.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7" ,
"pattern" : "[file:hashes.MD5 = 'f450e6c90e9a3a907690fb66f08c8b49']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:58:58Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a654-1388-40a7-ac90-418502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:00.000Z" ,
"modified" : "2017-04-08T08:59:00.000Z" ,
"first_observed" : "2017-04-08T08:59:00Z" ,
"last_observed" : "2017-04-08T08:59:00Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a654-1388-40a7-ac90-418502de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a654-1388-40a7-ac90-418502de0b81" ,
"value" : "https://www.virustotal.com/file/600ddacdf16559135f6e581d41b30d0867aae313fbaf66eb4d18345b2136cdd7/analysis/1490009323/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a655-d5e4-4e1f-b292-411702de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:01.000Z" ,
"modified" : "2017-04-08T08:59:01.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af" ,
"pattern" : "[file:hashes.SHA1 = '387887243c1436f37bcecb9671de375813e57fd2']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:01Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a656-a36c-4b49-8037-40c802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:02.000Z" ,
"modified" : "2017-04-08T08:59:02.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af" ,
"pattern" : "[file:hashes.MD5 = '39b32e5fcec968631b6badeaf9bd517c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:02Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a657-7fbc-4c5b-b2cb-460e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:03.000Z" ,
"modified" : "2017-04-08T08:59:03.000Z" ,
"first_observed" : "2017-04-08T08:59:03Z" ,
"last_observed" : "2017-04-08T08:59:03Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a657-7fbc-4c5b-b2cb-460e02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a657-7fbc-4c5b-b2cb-460e02de0b81" ,
"value" : "https://www.virustotal.com/file/49ecead98ebc750cf0e1c48fccf5c4b07fadef653be034cdcdcd7ba654f713af/analysis/1490007820/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a657-7d24-43c1-9123-49d102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:03.000Z" ,
"modified" : "2017-04-08T08:59:03.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443" ,
"pattern" : "[file:hashes.SHA1 = '2437d58cbef0ea77e64b12529f8386c93563867e']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:03Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a658-fa98-4155-8038-405802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:04.000Z" ,
"modified" : "2017-04-08T08:59:04.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443" ,
"pattern" : "[file:hashes.MD5 = '853017d8231acf6aa912fb4a146ffd46']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:04Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a659-d434-44c3-bc37-44ab02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:05.000Z" ,
"modified" : "2017-04-08T08:59:05.000Z" ,
"first_observed" : "2017-04-08T08:59:05Z" ,
"last_observed" : "2017-04-08T08:59:05Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a659-d434-44c3-bc37-44ab02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a659-d434-44c3-bc37-44ab02de0b81" ,
"value" : "https://www.virustotal.com/file/31e8a920822ee2a273eb91ec59f5e93ac024d3d7ee794fa6e0e68137734e0443/analysis/1490875689/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a65a-8b60-4d7c-a227-4fcc02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:06.000Z" ,
"modified" : "2017-04-08T08:59:06.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08" ,
"pattern" : "[file:hashes.SHA1 = '60fb33e965efb986f3549da6366fd4e27adb9ca5']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:06Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a65b-da3c-4f1a-9996-471802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:07.000Z" ,
"modified" : "2017-04-08T08:59:07.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08" ,
"pattern" : "[file:hashes.MD5 = '2f9353046222a49317c9db3be4cd1e12']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:07Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a65c-2284-4a2d-a471-404c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:08.000Z" ,
"modified" : "2017-04-08T08:59:08.000Z" ,
"first_observed" : "2017-04-08T08:59:08Z" ,
"last_observed" : "2017-04-08T08:59:08Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a65c-2284-4a2d-a471-404c02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a65c-2284-4a2d-a471-404c02de0b81" ,
"value" : "https://www.virustotal.com/file/1491896d42eb975400958b2c575522d2d73ffa3eb8bdd3eb5af1c666a66aeb08/analysis/1490007908/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a65d-42b0-416b-82c5-4f6902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:09.000Z" ,
"modified" : "2017-04-08T08:59:09.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2" ,
"pattern" : "[file:hashes.SHA1 = '32198a872923cd003ab11c75ed5369c979a7cb64']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:09Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a65e-62f0-467d-bb96-457c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:10.000Z" ,
"modified" : "2017-04-08T08:59:10.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2" ,
"pattern" : "[file:hashes.MD5 = '8f47377f880cef626c30bcd3a68bfed0']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:10Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a65f-6c90-4021-bfdb-4d3d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:11.000Z" ,
"modified" : "2017-04-08T08:59:11.000Z" ,
"first_observed" : "2017-04-08T08:59:11Z" ,
"last_observed" : "2017-04-08T08:59:11Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a65f-6c90-4021-bfdb-4d3d02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a65f-6c90-4021-bfdb-4d3d02de0b81" ,
"value" : "https://www.virustotal.com/file/f21290968b51b11516e7a86e301148e3b4af7bc2a8b3afe36bc5021086d1fab2/analysis/1489993311/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a660-8994-43e6-a244-417802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:11.000Z" ,
"modified" : "2017-04-08T08:59:11.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316" ,
"pattern" : "[file:hashes.SHA1 = '637bfa81f697cf24aca57523fc28891b5376605d']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:11Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a660-c848-42c7-a6b7-4a7d02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:12.000Z" ,
"modified" : "2017-04-08T08:59:12.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316" ,
"pattern" : "[file:hashes.MD5 = '4ae49bc0ddffcf1ab5fa33faae966e98']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:12Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a661-332c-45c1-bbca-4f1f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:13.000Z" ,
"modified" : "2017-04-08T08:59:13.000Z" ,
"first_observed" : "2017-04-08T08:59:13Z" ,
"last_observed" : "2017-04-08T08:59:13Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a661-332c-45c1-bbca-4f1f02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a661-332c-45c1-bbca-4f1f02de0b81" ,
"value" : "https://www.virustotal.com/file/dfc420190ef535cbabf63436e905954d6d3a9ddb65e57665ae8e99fa3e767316/analysis/1489976038/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a662-c00c-46f4-8757-4f6802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:14.000Z" ,
"modified" : "2017-04-08T08:59:14.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63" ,
"pattern" : "[file:hashes.SHA1 = '71786e3d42c7cc8059336f9c50f489fba3c443c9']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:14Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a663-67b8-4a9a-baf6-40be02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:15.000Z" ,
"modified" : "2017-04-08T08:59:15.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63" ,
"pattern" : "[file:hashes.MD5 = 'c01a91a26dd90363f0ab90d5163a3c5f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:15Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a664-5c30-4bcc-9fec-4ad602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:16.000Z" ,
"modified" : "2017-04-08T08:59:16.000Z" ,
"first_observed" : "2017-04-08T08:59:16Z" ,
"last_observed" : "2017-04-08T08:59:16Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a664-5c30-4bcc-9fec-4ad602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a664-5c30-4bcc-9fec-4ad602de0b81" ,
"value" : "https://www.virustotal.com/file/040d20357cbb9e950a3dd0b0e5c3260b96b7d3a9dfe15ad3331c98835caa8c63/analysis/1490945842/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a665-1c3c-4769-8d91-493e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:17.000Z" ,
"modified" : "2017-04-08T08:59:17.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: d1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080" ,
"pattern" : "[file:hashes.SHA1 = 'cf403afb93440c56532323e87e40d895b67ef6cc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:17Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a666-fe80-4f90-ac1d-41e302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:18.000Z" ,
"modified" : "2017-04-08T08:59:18.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: d1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080" ,
"pattern" : "[file:hashes.MD5 = 'a16dad1248433bbad204ab4705afc47a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:18Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a667-d238-4e5e-9dc3-478902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:19.000Z" ,
"modified" : "2017-04-08T08:59:19.000Z" ,
"first_observed" : "2017-04-08T08:59:19Z" ,
"last_observed" : "2017-04-08T08:59:19Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a667-d238-4e5e-9dc3-478902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a667-d238-4e5e-9dc3-478902de0b81" ,
"value" : "https://www.virustotal.com/file/d1e4d51024b0e25cfac56b1268e1de2f98f86225bbad913345806ff089508080/analysis/1491562208/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a668-3714-4a9a-b80c-437c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:20.000Z" ,
"modified" : "2017-04-08T08:59:20.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723" ,
"pattern" : "[file:hashes.SHA1 = '8e06f968126ea7ff4ef1123c07c7452256c2e8fc']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a668-8b7c-4175-bff3-44ed02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:20.000Z" ,
"modified" : "2017-04-08T08:59:20.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723" ,
"pattern" : "[file:hashes.MD5 = 'cefa6225208e4fd18e326c860398b0ac']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:20Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a669-1514-4f75-99d7-4b2002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:21.000Z" ,
"modified" : "2017-04-08T08:59:21.000Z" ,
"first_observed" : "2017-04-08T08:59:21Z" ,
"last_observed" : "2017-04-08T08:59:21Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a669-1514-4f75-99d7-4b2002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a669-1514-4f75-99d7-4b2002de0b81" ,
"value" : "https://www.virustotal.com/file/09fc4219169ce7aac5e408c7f5c7bfde10df6e48868d7b470dc7ce41ee360723/analysis/1490007093/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a66a-3638-47ed-bf3b-4e4a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:22.000Z" ,
"modified" : "2017-04-08T08:59:22.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1" ,
"pattern" : "[file:hashes.SHA1 = '786aad5a9df111dbc29d08b068894c17e663ff2f']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:22Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a66c-d324-4686-b3e9-4f3c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:24.000Z" ,
"modified" : "2017-04-08T08:59:24.000Z" ,
"description" : "Testing Malicious Document - Xchecked via VT: 90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1" ,
"pattern" : "[file:hashes.MD5 = 'a24582e2a9162f32d09349953fac52b1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:24Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a66d-d284-4960-92ec-4c6c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:25.000Z" ,
"modified" : "2017-04-08T08:59:25.000Z" ,
"first_observed" : "2017-04-08T08:59:25Z" ,
"last_observed" : "2017-04-08T08:59:25Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a66d-d284-4960-92ec-4c6c02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a66d-d284-4960-92ec-4c6c02de0b81" ,
"value" : "https://www.virustotal.com/file/90e74b5d762fa00fff851d2f3fad8dc3266bfca81d307eeb749cce66a7dcf3e1/analysis/1489993815/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a66e-9178-481f-918f-40b902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:26.000Z" ,
"modified" : "2017-04-08T08:59:26.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c" ,
"pattern" : "[file:hashes.SHA1 = 'd0da8357705856e3527add4f5a8e6ccc6de35d9a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:26Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a66f-3cfc-47da-aef1-422302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:27.000Z" ,
"modified" : "2017-04-08T08:59:27.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c" ,
"pattern" : "[file:hashes.MD5 = 'da6f533bdeea3232d40245a1ded451c3']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:27Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a670-99a8-4f91-af1a-463602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:28.000Z" ,
"modified" : "2017-04-08T08:59:28.000Z" ,
"first_observed" : "2017-04-08T08:59:28Z" ,
"last_observed" : "2017-04-08T08:59:28Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a670-99a8-4f91-af1a-463602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a670-99a8-4f91-af1a-463602de0b81" ,
"value" : "https://www.virustotal.com/file/efa2a0bbb69e60337b783db326b62c820b81325d39fb4761c9b575668411e12c/analysis/1488193010/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a671-0934-4ab3-8f65-485602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:29.000Z" ,
"modified" : "2017-04-08T08:59:29.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57" ,
"pattern" : "[file:hashes.SHA1 = '74f4470f1c7705eee57dad4f4f31a0677497f4eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:29Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a673-1040-4a62-8c51-4ee902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:31.000Z" ,
"modified" : "2017-04-08T08:59:31.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57" ,
"pattern" : "[file:hashes.MD5 = 'c272af488ff4c4af2941fd83b1484f33']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:31Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a674-72b8-4f8a-8eec-4a4202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:32.000Z" ,
"modified" : "2017-04-08T08:59:32.000Z" ,
"first_observed" : "2017-04-08T08:59:32Z" ,
"last_observed" : "2017-04-08T08:59:32Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a674-72b8-4f8a-8eec-4a4202de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a674-72b8-4f8a-8eec-4a4202de0b81" ,
"value" : "https://www.virustotal.com/file/dd8c3824c8ffdbf1e16da8cee43da01d43f91ee3cc90a38f50a6cc8d6a778b57/analysis/1491479445/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a675-7ab8-425a-af39-4d7002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:33.000Z" ,
"modified" : "2017-04-08T08:59:33.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212" ,
"pattern" : "[file:hashes.SHA1 = '64dd3293e0273b2054a232afc9e7fcdda572e19c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:33Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a676-2334-4ff5-aab0-443302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:34.000Z" ,
"modified" : "2017-04-08T08:59:34.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212" ,
"pattern" : "[file:hashes.MD5 = '35e32397ff614e894d41496670909f9c']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:34Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a677-ef6c-43bf-8f1a-452602de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:35.000Z" ,
"modified" : "2017-04-08T08:59:35.000Z" ,
"first_observed" : "2017-04-08T08:59:35Z" ,
"last_observed" : "2017-04-08T08:59:35Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a677-ef6c-43bf-8f1a-452602de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a677-ef6c-43bf-8f1a-452602de0b81" ,
"value" : "https://www.virustotal.com/file/dcea917093643bc536191ff70013cb27a0519c07952fbf626b4cc5f3feee2212/analysis/1490951539/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a678-e1e4-42c9-9e85-4fef02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:36.000Z" ,
"modified" : "2017-04-08T08:59:36.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e" ,
"pattern" : "[file:hashes.SHA1 = 'fd3991e274f2d8889b749c39f9f85e1f1b998790']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:36Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a679-ee78-47d8-8644-408f02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:37.000Z" ,
"modified" : "2017-04-08T08:59:37.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e" ,
"pattern" : "[file:hashes.MD5 = '75f2972cc953e26f8fc43eb0456fdc7a']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:37Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a67b-38a4-49fe-99bc-49b402de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:39.000Z" ,
"modified" : "2017-04-08T08:59:39.000Z" ,
"first_observed" : "2017-04-08T08:59:39Z" ,
"last_observed" : "2017-04-08T08:59:39Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a67b-38a4-49fe-99bc-49b402de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a67b-38a4-49fe-99bc-49b402de0b81" ,
"value" : "https://www.virustotal.com/file/9c6a23e6662659b3dee96234e51f711dd493aaba93ce132111c56164ad02cf5e/analysis/1490411201/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a67c-b7b4-465e-bf98-4a6902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:40.000Z" ,
"modified" : "2017-04-08T08:59:40.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1" ,
"pattern" : "[file:hashes.SHA1 = '596cf05e9a3a7c0b3f279bf6964b353067390c82']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:40Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a67d-4410-48d2-85ae-479102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:41.000Z" ,
"modified" : "2017-04-08T08:59:41.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1" ,
"pattern" : "[file:hashes.MD5 = 'f0e1b26444f21647f25b821d2c46bec4']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:41Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a67e-70e8-483c-a4a7-43d302de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:42.000Z" ,
"modified" : "2017-04-08T08:59:42.000Z" ,
"first_observed" : "2017-04-08T08:59:42Z" ,
"last_observed" : "2017-04-08T08:59:42Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a67e-70e8-483c-a4a7-43d302de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a67e-70e8-483c-a4a7-43d302de0b81" ,
"value" : "https://www.virustotal.com/file/8085dae410e54bc0e9f962edc92fa8245a8a65d27b0d06292739458ce59c6ba1/analysis/1490271298/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a67f-50a0-4ead-85b5-40b802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:43.000Z" ,
"modified" : "2017-04-08T08:59:43.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976" ,
"pattern" : "[file:hashes.SHA1 = '9bd3283af048363d270fceae0bc4292dc50e5309']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:43Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a680-5310-4552-8cbb-4f6c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:44.000Z" ,
"modified" : "2017-04-08T08:59:44.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976" ,
"pattern" : "[file:hashes.MD5 = '5426af0a8bce2fcc61fcf189e6119fe1']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:44Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a681-dde8-4f18-8afc-4bee02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:45.000Z" ,
"modified" : "2017-04-08T08:59:45.000Z" ,
"first_observed" : "2017-04-08T08:59:45Z" ,
"last_observed" : "2017-04-08T08:59:45Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a681-dde8-4f18-8afc-4bee02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a681-dde8-4f18-8afc-4bee02de0b81" ,
"value" : "https://www.virustotal.com/file/77a32726af6205d27999b9a564dd7b020dc0a8f697a81a8f597b971140e28976/analysis/1488792086/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a682-4a9c-4018-a50a-46b802de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:46.000Z" ,
"modified" : "2017-04-08T08:59:46.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad" ,
"pattern" : "[file:hashes.SHA1 = '606caa1b754113bb064e015b2bffb3659e373ea8']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:46Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a683-75b4-427a-8d12-4e4e02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:47.000Z" ,
"modified" : "2017-04-08T08:59:47.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad" ,
"pattern" : "[file:hashes.MD5 = 'd511fa33bb3c9a238e4b4eae7bae6e84']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:47Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a684-4aa8-404c-9e45-46be02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:48.000Z" ,
"modified" : "2017-04-08T08:59:48.000Z" ,
"first_observed" : "2017-04-08T08:59:48Z" ,
"last_observed" : "2017-04-08T08:59:48Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a684-4aa8-404c-9e45-46be02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a684-4aa8-404c-9e45-46be02de0b81" ,
"value" : "https://www.virustotal.com/file/6a34f4ce012e52f5f94c1a163111df8b1c5b96c8dc0836ba600c2da84059c6ad/analysis/1484198463/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a685-3564-435b-8a5d-483b02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:49.000Z" ,
"modified" : "2017-04-08T08:59:49.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062" ,
"pattern" : "[file:hashes.SHA1 = '4b5efb3708096ab7aa1dd6d747cd6f53873991b6']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a685-8c10-4689-9e64-4b3502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:49.000Z" ,
"modified" : "2017-04-08T08:59:49.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062" ,
"pattern" : "[file:hashes.MD5 = '7717f90967ad67016c8229c2271000ed']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:49Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a686-5770-4612-989f-44f902de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:50.000Z" ,
"modified" : "2017-04-08T08:59:50.000Z" ,
"first_observed" : "2017-04-08T08:59:50Z" ,
"last_observed" : "2017-04-08T08:59:50Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a686-5770-4612-989f-44f902de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a686-5770-4612-989f-44f902de0b81" ,
"value" : "https://www.virustotal.com/file/557c63737bf6752eba32bd688eb046c174e53140950e0d91ea609e7f42c80062/analysis/1490951394/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a687-5dcc-42da-a16a-43a102de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:51.000Z" ,
"modified" : "2017-04-08T08:59:51.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe" ,
"pattern" : "[file:hashes.SHA1 = '44a2d2e9b5d79a047470c4e61c1c4926cac8b656']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:51Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a688-393c-4996-8eec-4c4202de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:52.000Z" ,
"modified" : "2017-04-08T08:59:52.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe" ,
"pattern" : "[file:hashes.MD5 = '3a6b48de605ac9e58ffd83d87db650eb']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:52Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a689-5ad4-4909-9e7e-461a02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:53.000Z" ,
"modified" : "2017-04-08T08:59:53.000Z" ,
"first_observed" : "2017-04-08T08:59:53Z" ,
"last_observed" : "2017-04-08T08:59:53Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a689-5ad4-4909-9e7e-461a02de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a689-5ad4-4909-9e7e-461a02de0b81" ,
"value" : "https://www.virustotal.com/file/1efffd64f2215e2b574b9f8892bbb3ab6e0f98cf0684e479f1a67f0f521ec0fe/analysis/1490007460/"
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a68a-582c-45bd-a0c5-404c02de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:54.000Z" ,
"modified" : "2017-04-08T08:59:54.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477" ,
"pattern" : "[file:hashes.SHA1 = '6993457347d2bcb3f606bf59eeb58a7bfe375577']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:54Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"sha1\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "indicator" ,
"spec_version" : "2.1" ,
"id" : "indicator--58e8a68b-5564-43eb-bd9d-4ef502de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:55.000Z" ,
"modified" : "2017-04-08T08:59:55.000Z" ,
"description" : "Additional Related Samples - Xchecked via VT: 0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477" ,
"pattern" : "[file:hashes.MD5 = '1261323be950dcd97c9cf011f2407220']" ,
"pattern_type" : "stix" ,
"pattern_version" : "2.1" ,
"valid_from" : "2017-04-08T08:59:55Z" ,
"kill_chain_phases" : [
{
"kill_chain_name" : "misp-category" ,
"phase_name" : "Payload delivery"
}
] ,
"labels" : [
"misp:type=\"md5\"" ,
"misp:category=\"Payload delivery\"" ,
"misp:to_ids=\"True\""
]
} ,
{
"type" : "observed-data" ,
"spec_version" : "2.1" ,
"id" : "observed-data--58e8a68c-4040-4022-b5ee-4f4002de0b81" ,
"created_by_ref" : "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f" ,
"created" : "2017-04-08T08:59:56.000Z" ,
"modified" : "2017-04-08T08:59:56.000Z" ,
"first_observed" : "2017-04-08T08:59:56Z" ,
"last_observed" : "2017-04-08T08:59:56Z" ,
"number_observed" : 1 ,
"object_refs" : [
"url--58e8a68c-4040-4022-b5ee-4f4002de0b81"
] ,
"labels" : [
"misp:type=\"link\"" ,
"misp:category=\"External analysis\""
]
} ,
{
"type" : "url" ,
"spec_version" : "2.1" ,
"id" : "url--58e8a68c-4040-4022-b5ee-4f4002de0b81" ,
"value" : "https://www.virustotal.com/file/0c5cdbf6f043780dc5fff4b7a977a1874457cc125b4d1da70808bfa720022477/analysis/1485414087/"
} ,
{
"type" : "marking-definition" ,
"spec_version" : "2.1" ,
"id" : "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ,
"created" : "2017-01-20T00:00:00.000Z" ,
"definition_type" : "tlp" ,
"name" : "TLP:WHITE" ,
"definition" : {
"tlp" : "white"
}
}
2023-04-21 13:25:09 +00:00
]
}
